www.trendmicro.com Open in urlscan Pro
2.17.189.179 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Submission: On July 12 via api (July 12th 2023, 2:14:42 am UTC) from TR — Scanned from DE

Summary HTTP 337 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 60 IPs in 6 countries across 48 domains to perform 337 HTTP transactions. The main IP is 2.17.189.179, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.trendmicro.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on May 20th 2023. Valid for: a year.

This is the only time www.trendmicro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
68	2.17.189.179 2.17.189.179	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2606:4700::68... 2606:4700::6812:a972	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.138 142.250.186.138	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:1d60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	2600:9000:223... 2600:9000:223e:de00:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2a02:26f0:350... 2a02:26f0:3500:12::1730:17af	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:1c26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.201.125.192 35.201.125.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.111.194.12 34.111.194.12	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:26f0:170... 2a02:26f0:1700:38a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 33	2600:9000:225... 2600:9000:2250:b200:0:f267:a5c0:93a1	() ()
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	35.190.5.192 35.190.5.192	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
2	104.102.38.132 104.102.38.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2	91.228.74.168 91.228.74.168	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
2	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28a8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.80.55.69 99.80.55.69	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
10	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
65	18.66.112.118 18.66.112.118	16509 (AMAZON-02) (AMAZON-02)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
1	23.56.201.15 23.56.201.15	16625 (AKAMAI-AS) (AKAMAI-AS)
1	169.150.247.37 169.150.247.37	60068 (CDN77 ^_^) (CDN77 ^_^)
27	52.222.214.80 52.222.214.80	16509 (AMAZON-02) (AMAZON-02)
1	104.18.13.159 104.18.13.159	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.111.78.58 34.111.78.58	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	23.215.21.253 23.215.21.253	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:ab0... 2a02:26f0:ab00::5c7a:d72a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	3.210.10.81 3.210.10.81	14618 (AMAZON-AES) (AMAZON-AES)
2	52.57.57.222 52.57.57.222	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
1 1	35.201.70.94 35.201.70.94	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2600:9000:225... 2600:9000:2251:2c00:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 3	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28c0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:223... 2600:9000:223c:e600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	154.59.122.94 154.59.122.94	174 (COGENT-174) (COGENT-174)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:20e... 2600:9000:20eb:7e00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
2	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
4	44.196.174.154 44.196.174.154	14618 (AMAZON-AES) (AMAZON-AES)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
3	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
337	60

68 2.17.189.179 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-189-179.deploy.static.akamaitechnologies.com

www.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:a972 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1d60 (United States)

ASN13335 (CLOUDFLARENET, US)

customer.cludo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2600:9000:223e:de00:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a02:26f0:3500:12::1730:17af (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

trendmicro.scene7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1c26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.125.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.125.201.35.bc.googleusercontent.com

cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.194.12 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 12.194.111.34.bc.googleusercontent.com

ixfd2-api.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:38a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2600:9000:2250:b200:0:f267:a5c0:93a1 (United States) 1 redirects

ASN- ()

marvel-b1-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.5.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.5.190.35.bc.googleusercontent.com

cdn.b0e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.38.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-38-132.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.168 (United Kingdom)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28a8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

resources.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.55.69 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-55-69.eu-west-1.compute.amazonaws.com

resources.xg4ken.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 18.66.112.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-118.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.56.201.15 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-201-15.deploy.static.akamaitechnologies.com

origin.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.150.247.37 (United States)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-247-37.datapacket.com

load.sumome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 52.222.214.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-80.fra56.r.cloudfront.net

widget.equally.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.13.159 (None, )

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.78.58 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 58.78.111.34.bc.googleusercontent.com

a1.b0e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.215.21.253 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-21-253.deploy.static.akamaitechnologies.com

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.244 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::5c7a:d72a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.210.10.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-10-81.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.57.222 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-57-222.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.70.94 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 94.70.201.35.bc.googleusercontent.com

marvel-processor.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.153.60 (Secaucus, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2251:2c00:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

945-cxd-062.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28c0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:e600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.94 (United States)

ASN174 (COGENT-174, US)

e.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:7e00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 44.196.174.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-174-154.compute-1.amazonaws.com

api.equally.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	trendmicro.com www.trendmicro.com resources.trendmicro.com	9 MB
65	driftt.com js.driftt.com — Cisco Umbrella Rank: 6723	756 KB
36	bc0a.com 2 redirects cdn.bc0a.com — Cisco Umbrella Rank: 13921 ixfd2-api.bc0a.com — Cisco Umbrella Rank: 21223 marvel-b1-cdn.bc0a.com — Cisco Umbrella Rank: 21693 marvel-processor.bc0a.com — Cisco Umbrella Rank: 40466	2 MB
31	equally.ai widget.equally.ai — Cisco Umbrella Rank: 224059 api.equally.ai — Cisco Umbrella Rank: 311200	510 KB
24	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1029	67 KB
13	scene7.com trendmicro.scene7.com	274 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 6369 c.6sc.co — Cisco Umbrella Rank: 9185 ipv6.6sc.co — Cisco Umbrella Rank: 6440 b.6sc.co — Cisco Umbrella Rank: 4176	15 KB
8	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 483 www.google-analytics.com — Cisco Umbrella Rank: 63 region1.google-analytics.com — Cisco Umbrella Rank: 1623	41 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 407	170 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 414 www.linkedin.com — Cisco Umbrella Rank: 544 px4.ads.linkedin.com — Cisco Umbrella Rank: 6544	5 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	380 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3188	8 KB
4	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 469	3 KB
3	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 7955 metrics.api.drift.com — Cisco Umbrella Rank: 7828	13 KB
3	google.de www.google.de — Cisco Umbrella Rank: 4752	670 B
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 10	1 KB
3	doubleclick.net 5427711.fls.doubleclick.net Failed googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 9572106.fls.doubleclick.net Failed stats.g.doubleclick.net — Cisco Umbrella Rank: 130	3 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 17554 ibc-flow.techtarget.com — Cisco Umbrella Rank: 18818	2 KB
2	t.co t.co — Cisco Umbrella Rank: 511	581 B
2	sumo.com load.sumo.com — Cisco Umbrella Rank: 14931 sumo.com Failed	144 KB
2	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 24011	468 B
2	ml-attr.com 2 redirects s.ml-attr.com — Cisco Umbrella Rank: 18911	566 B
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1592 insight.adsrvr.org — Cisco Umbrella Rank: 603	3 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 390	12 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10419	585 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	239 B
2	acuityplatform.com origin.acuityplatform.com — Cisco Umbrella Rank: 19021 e.acuityplatform.com — Cisco Umbrella Rank: 14716	4 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	155 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 169	18 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1250 pixel.quantserve.com — Cisco Umbrella Rank: 1003	10 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3991	7 KB
2	b0e8.com cdn.b0e8.com — Cisco Umbrella Rank: 23270 a1.b0e8.com — Cisco Umbrella Rank: 18968	22 KB
2	gstatic.com fonts.gstatic.com	97 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1293 c.go-mpulse.net — Cisco Umbrella Rank: 579	50 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 91	65 KB
2	cludo.com customer.cludo.com — Cisco Umbrella Rank: 15682	70 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1031	375 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1172	448 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 914	5 KB
1	mktoresp.com 945-cxd-062.mktoresp.com — Cisco Umbrella Rank: 518882	318 B
1	sumome.com load.sumome.com — Cisco Umbrella Rank: 58212	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 768	15 KB
1	xg4ken.com resources.xg4ken.com — Cisco Umbrella Rank: 6384	4 KB
1	bizographics.com sjs.bizographics.com — Cisco Umbrella Rank: 32882	690 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 678	312 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	361 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	1 KB
0	twitter.com Failed analytics.twitter.com Failed
337	48

	Domain	Requested by
68	www.trendmicro.com	www.trendmicro.com
65	js.driftt.com	tags.tiqcdn.com www.trendmicro.com js.driftt.com
33	marvel-b1-cdn.bc0a.com	1 redirects www.trendmicro.com
27	widget.equally.ai	tags.tiqcdn.com www.trendmicro.com widget.equally.ai
24	tags.tiqcdn.com	www.trendmicro.com
13	trendmicro.scene7.com	www.trendmicro.com
8	b.6sc.co	www.trendmicro.com
7	cdn.cookielaw.org	www.trendmicro.com cdn.cookielaw.org
5	www.google-analytics.com	tags.tiqcdn.com www.google-analytics.com www.trendmicro.com
5	www.googletagmanager.com	tags.tiqcdn.com www.googletagmanager.com
4	api.equally.ai	www.trendmicro.com
4	tags.srv.stackadapt.com	tags.tiqcdn.com www.trendmicro.com tags.srv.stackadapt.com
4	secure.adnxs.com	3 redirects www.trendmicro.com
3	px.ads.linkedin.com	3 redirects
3	www.google.de	www.trendmicro.com
3	www.google.com	1 redirects www.trendmicro.com
2	bootstrap.api.drift.com	js.driftt.com
2	t.co	www.trendmicro.com
2	load.sumo.com	www.trendmicro.com
2	ibc-flow.techtarget.com	www.trendmicro.com
2	attr.ml-api.io	www.trendmicro.com
2	s.ml-attr.com	2 redirects
2	googleads.g.doubleclick.net	1 redirects www.trendmicro.com
2	bat.bing.com	www.googletagmanager.com www.trendmicro.com
2	epsilon.6sense.com	www.trendmicro.com
2	www.facebook.com	www.trendmicro.com
2	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
2	www.googleadservices.com	www.trendmicro.com
2	munchkin.marketo.net	tags.tiqcdn.com munchkin.marketo.net
2	ssl.google-analytics.com	tags.tiqcdn.com www.trendmicro.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.youtube.com	www.trendmicro.com www.youtube.com
2	customer.cludo.com	www.trendmicro.com
1	metrics.api.drift.com	js.driftt.com
1	insight.adsrvr.org	www.trendmicro.com
1	stats.g.doubleclick.net	www.trendmicro.com
1	pixel.quantserve.com	www.trendmicro.com
1	px4.ads.linkedin.com	www.trendmicro.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	www.trendmicro.com
1	e.acuityplatform.com	www.trendmicro.com
1	rules.quantcount.com	secure.quantserve.com
1	snap.licdn.com	sjs.bizographics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	945-cxd-062.mktoresp.com	munchkin.marketo.net
1	marvel-processor.bc0a.com	1 redirects
1	js.adsrvr.org	www.googletagmanager.com
1	ipv6.6sc.co	www.trendmicro.com
1	c.6sc.co	www.trendmicro.com
1	c.go-mpulse.net	www.trendmicro.com
1	a1.b0e8.com	www.trendmicro.com
1	trk.techtarget.com	tags.tiqcdn.com
1	load.sumome.com	tags.tiqcdn.com
1	origin.acuityplatform.com	tags.tiqcdn.com
1	static.ads-twitter.com	tags.tiqcdn.com
1	j.6sc.co	tags.tiqcdn.com
1	resources.xg4ken.com	www.trendmicro.com
1	resources.trendmicro.com	tags.tiqcdn.com
1	sjs.bizographics.com	tags.tiqcdn.com
1	secure.quantserve.com	tags.tiqcdn.com
1	cdn.b0e8.com	www.trendmicro.com
1	s.go-mpulse.net	www.trendmicro.com
1	ixfd2-api.bc0a.com	cdn.bc0a.com
1	cdn.bc0a.com	tags.tiqcdn.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	s7.addthis.com	www.trendmicro.com
1	fonts.googleapis.com	www.trendmicro.com
0	sumo.com Failed	www.trendmicro.com
0	analytics.twitter.com Failed	www.trendmicro.com
0	9572106.fls.doubleclick.net Failed	www.googletagmanager.com
0	5427711.fls.doubleclick.net Failed	www.googletagmanager.com
337	71

This site contains links to these domains. Also see Links.

Domain
vicone.com
www.zerodayinitiative.com
community-trendmicro.force.com
newsroom.trendmicro.com
resources.trendmicro.com
success.trendmicro.com
trendmicro.com
cloudone.trendmicro.com
tm.login.trendmicro.com
signup.cj.com
www.bitdefender.com
learn.microsoft.com
documents.trendmicro.com
www.gdatasoftware.com
msrc.microsoft.com
www.mandiant.com
www.linkedin.com
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.trendmicro.cz

Subject Issuer	Validity	Valid
www.trendmicro.com Entrust Certification Authority - L1M	`2023-05-20` - `2024-06-19`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.cludo.com AlphaSSL CA - SHA256 - G4	`2023-06-01` - `2024-07-02`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M01	`2023-04-18` - `2024-05-17`	a year	crt.sh
*.scene7.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-22` - `2024-01-24`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
cdn.bc0a.com GTS CA 1D4	`2023-06-11` - `2023-09-09`	3 months	crt.sh
ixfd-api.bc0a.com GTS CA 1D4	`2023-06-13` - `2023-09-11`	3 months	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2023-04-05` - `2024-04-04`	a year	crt.sh
marvel-cdn.bc0a.com Amazon RSA 2048 M01	`2023-02-09` - `2024-03-09`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
cdn.b0e8.com GTS CA 1D4	`2023-06-23` - `2023-09-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2022-09-08` - `2023-09-08`	a year	crt.sh
resources.trendmicro.com Cloudflare Inc ECC CA-3	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.xg4ken.com Go Daddy Secure Certificate Authority - G2	`2022-10-18` - `2023-11-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-20` - `2023-07-19`	3 months	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.acuityplatform.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-30` - `2024-02-01`	a year	crt.sh
*.sumome.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-13` - `2024-02-13`	a year	crt.sh
equally.ai Amazon RSA 2048 M01	`2023-05-06` - `2024-06-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-25` - `2024-06-24`	a year	crt.sh
b0e8.com GTS CA 1D4	`2023-06-24` - `2023-09-22`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-27` - `2023-11-07`	8 months	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
quantserve.com R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-05-30` - `2023-08-28`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-16` - `2024-02-16`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Frame ID: C8FEE3F3C4FF3AF444F77BDD85CD9393
Requests: 240 HTTP requests in this frame

Frame: https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=5665829723980;gtm=45He37a0;auiddc=416777788.1689128076;u1=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Frame ID: DEE7518B3488E566B4CBDD4E7E6993C3
Requests: 1 HTTP requests in this frame

Frame: https://9572106.fls.doubleclick.net/activityi;src=9572106;type=trend002;cat=globa0;ord=719415800906;gtm=45He37a0;auiddc=416777788.1689128076;u1=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Frame ID: EBA4B5522FAB35E181CDADEDB20F2942
Requests: 1 HTTP requests in this frame

Frame: https://widget.equally.ai/equallyai-widget.css
Frame ID: 5A11EA1AB4792A5345F9E16198A736B7
Requests: 24 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Frame ID: 3B21B9AFB6DE958515E0669190D03691
Requests: 33 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
Frame ID: 7789F6BE99AAF31F0079D614F5868B7A
Requests: 34 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=g2lzvow&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&upid=803df29&upv=1.1.0
Frame ID: F558EFBE6BBA973409C82520FCF1580C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hunting for A New Stealthy Universal Rootkit Loader

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

SumoMe (Widgets) Expand

Overall confidence: 100%
Detected patterns

load\.sumome\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

337
Requests

97 %
HTTPS

45 %
IPv6

48
Domains

71
Subdomains

60
IPs

6
Countries

13554 kB
Transfer

20449 kB
Size

55
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://vicone.com/en
Title: Automotive

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/about/
Title: Zero Day Initiatives (ZDI)

Search URL Search Domain Scan URL

URL: https://community-trendmicro.force.com/Gpartner/s/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://newsroom.trendmicro.com/
Title: Connect with Us

Search URL Search Domain Scan URL

URL: https://resources.trendmicro.com/GLB-Under-Attack-Form.html
Title: Under Attack?

Search URL Search Domain Scan URL

URL: https://success.trendmicro.com/dcx/s/?language=en_US
Title: Business Support Portal

Search URL Search Domain Scan URL

URL: https://success.trendmicro.com/virus-and-threat-help
Title: Virus and Threat Help

Search URL Search Domain Scan URL

URL: https://success.trendmicro.com/renewals-and-registration
Title: Renewals and Registration

Search URL Search Domain Scan URL

URL: https://success.trendmicro.com/dcx/s/contactus?language=en_US
Title: Contact Support

Search URL Search Domain Scan URL

URL: http://trendmicro.com/public-cloud-risk-assessment
Title: Cloud Health Assessment

Search URL Search Domain Scan URL

URL: https://community-trendmicro.force.com/Gpartner/s/login/?language=en_US&ec=302&startURL=%2FGpartner%2Fs%2F
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://cloudone.trendmicro.com/
Title: Cloud One

Search URL Search Domain Scan URL

URL: https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php
Title: Product Activation and Management

Search URL Search Domain Scan URL

URL: https://signup.cj.com/member/signup/publisher/?cid=1867119#/branded?_k=xaeu3t
Title: Referral Affililate

Search URL Search Domain Scan URL

URL: https://resources.trendmicro.com/subscription-us.html
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Title: FiveSys

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode
Title: Authenticode

Search URL Search Domain Scan URL

URL: https://documents.trendmicro.com/assets/white_papers/wp-an-in-depth-look-at-windows-kernel-threats.pdf
Title: malicious kernel drivers

Search URL Search Domain Scan URL

URL: https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
Title: reported

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/blog/2021/06/investigating-and-mitigating-malicious-drivers/
Title: geo-location cheating

Search URL Search Domain Scan URL

URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions/
Title: FiveSys

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Title: Poortry malware

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trend-micro/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TrendMicro/

Search URL Search Domain Scan URL

URL: https://twitter.com/trendmicro

Search URL Search Domain Scan URL

URL: https://www.instagram.com/trendmicro/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TrendMicroInc

Search URL Search Domain Scan URL

URL: https://trendmicro.com/newsroom
Title: Newsroom

Search URL Search Domain Scan URL

URL: http://www.trendmicro.cz/
Title: Česká Republika

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 199

https://marvel-b1-cdn.bc0a.com/f00000000017219/s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 302
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000017219&url=https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 307
https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.trendmicro.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687

Request Chain 201

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=iwyuZIjoIYWG7_UPz5S2gA8&sscte=1&crd=&pscrd=IhMIyNmxt4yIgAMVBcO7CB1Pig3w HTTP 302
https://www.google.com/pagead/1p-conversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIyNmxt4yIgAMVBcO7CB1Pig3w&is_vtc=1&ocp_id=iwyuZIjoIYWG7_UPz5S2gA8&random=682349906&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIyNmxt4yIgAMVBcO7CB1Pig3w&is_vtc=1&ocp_id=iwyuZIjoIYWG7_UPz5S2gA8&random=682349906&resp=GooglemKTybQhCsO&ipr=y

Request Chain 216

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8866%26time%3D1689128076012%26url%3Dhttps%253A%252F%252Fwww.trendmicro.com%252Fen_us%252Fresearch%252F23%252Fg%252Fhunting-for-a-new-stealthy-universal-rootkit-loader.html%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&cookiesTest=true&liSync=true&e_ipv6=AQKhQh-xLedbhgAAAYlH4QUvdd_9lZGdwMVCQZ7TqqlLnqDmS1wYMvOUDiTUR78qmZnDFeuq

Request Chain 263

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 302
https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687

337 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hunting-for-a-new-stealthy-universal-rootkit-loader.html Show response
www.trendmicro.com/en_us/research/23/g/ 144 KB
27 KB 86ms
23ms Document
text/html 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

04019f1a2e806799934779c93fee5dc96a8893931a47914beeaa8943fbce949f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 26452
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
content-type: text/html;charset=utf-8
date: Wed, 12 Jul 2023 02:14:30 GMT
link: <https://cdn.cookielaw.org>;rel="preconnect",<https://cdn.bc0a.com>;rel="preconnect",<https://s7.addthis.com>;rel="preconnect",<https://marvel-b1-cdn.bc0a.com>;rel="preconnect",<https://www.youtube.com>;rel="preconnect",<https://cdn.b0e8.com>;rel="preconnect",<https://www.googletagmanager.com>;rel="preconnect",<https://secure.quantserve.com>;rel="preconnect",<https://trk.techtarget.com>;rel="preconnect" <https://customer.cludo.com>;rel="preconnect",<https://tags.tiqcdn.com>;rel="preconnect"
server: nginx
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="469202_3245104802_1368341042_29_2049_6_0_-";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,2
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-prod-a-01: Yes
x-prod-n-02: Yes
x-xss-protection: 1;mode=block

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/ 196 KB
23 KB 44ms
21ms Script
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/OtAutoBlock.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a445dbe9164974a9d74b12b56e7479c4a8724c51361f65d43955892f72e81008

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 74377
content-md5: /fOR6hJS6ctltpz00AffZQ==
content-length: 23458
x-ms-lease-status: unlocked
last-modified: Mon, 24 Apr 2023 20:49:26 GMT
server: cloudflare
etag: 0x8DB450564393DB2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 10b326f8-c01e-0040-7bee-76f108000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e55c5eb49694da1-FRA
expires: Thu, 13 Jul 2023 02:14:30 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 39ms
16ms Script
application/javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffc79feebdfe105c3de8840c2a5814b3fae59d3529463fdf9329080967ed92ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ss3gfiwT9vXTSvNlfc+4JQ==
age: 76680
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6820
x-ms-lease-status: unlocked
last-modified: Mon, 10 Jul 2023 16:31:28 GMT
server: cloudflare
etag: 0x8DB81631CCD1DF5
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 43bd4f15-f01e-00a6-6367-b3e0f8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e55c5eb496a4da1-FRA

GET
H2 200 jquery.min.js Show response
www.trendmicro.com/etc.clientlibs/clientlibs/granite/ 111 KB
34 KB 11ms
9ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

1b973667ceb759e49f2982721f36e4d20a2f8b5dce8c47ccf3039d6ab748143e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Mon, 29 May 2023 01:47:07 GMT
server: Akamai Resource Optimizer
date: Wed, 12 Jul 2023 02:14:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341072_27_1408_6_0_-";dur=1
x-prod-n-01: Yes
content-length: 34051
x-xss-protection: 1;mode=block

GET
H2 200 utils.min.js Show response
www.trendmicro.com/etc.clientlibs/clientlibs/granite/ 10 KB
4 KB 11ms
10ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/utils.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

799cb15a25ed2fa78bdba496d1afbc68f033a3a5dd9ead12f4eaac4e0a93236d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Thu, 15 Jun 2023 06:20:55 GMT
server: Akamai Resource Optimizer
x-prod-n-02: Yes
date: Wed, 12 Jul 2023 02:14:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341073_24_1466_6_0_-";dur=1
content-length: 3224
x-xss-protection: 1;mode=block

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 433ms
47ms Stylesheet
text/css 142.250.186.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f10.1e100.net

Software

ESF /

Resource Hash

a11a4de90fb7f0a2618818e9a85a55817eb7560f898b1c8233bbdf4992184ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Jul 2023 02:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 00:49:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Jul 2023 02:14:31 GMT

GET
H2 200 cludo-search.min.css
customer.cludo.com/css/296/1798/ 16 KB
3 KB 55ms
18ms Stylesheet
text/css 2606:4700:10::6816:1d60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://customer.cludo.com/css/296/1798/cludo-search.min.css
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1d60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:30 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 21 Apr 2022 10:55:26 GMT
server: cloudflare
age: 66931
etag: W/"0238c4e6e55d81:0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=300
cf-ray: 7e55c5eb5ed591e1-FRA
alt-svc: h3=":443"; ma=86400
x-lb: 2

GET
H2 200 clientlib-trendresearch.min.css
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/ 334 KB
34 KB 15ms
13ms Stylesheet
text/css 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

d9adda21309e834d6b954f994610a2442bfbba1d146e6be62aa7e81cc64b3d35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Thu, 29 Jun 2023 17:11:26 GMT
server: Akamai Resource Optimizer
date: Wed, 12 Jul 2023 02:14:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341074_96_1018_6_0_-";dur=1
x-prod-n-01: Yes
content-length: 34310
x-xss-protection: 1;mode=block

GET
H2 200 header-footer.min.css
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/ 60 KB
6 KB 13ms
11ms Stylesheet
text/css 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/header-footer.min.css

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

d6dc5d544d4b7902d19f8e02ffe940b582d99061ccc5b1021d03bbc0e7a31c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Wed, 05 Jul 2023 04:48:13 GMT
server: Akamai Resource Optimizer
x-prod-n-02: Yes
date: Wed, 12 Jul 2023 02:14:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341076_43_1187_6_0_-";dur=1
content-length: 5469
x-xss-protection: 1;mode=block

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 962 B
1 KB 277ms
8ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 87105e0592efc3a8a20b1b72aa7733ab06d140b12daf481fb2da62aab1d3080c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: ctpD4vzJqUIpXQG0zZpz6LE3R6_92tWP
date: Wed, 12 Jul 2023 02:14:20 GMT
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 12
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 962
last-modified: Mon, 10 Jul 2023 17:44:48 GMT
server: AmazonS3
etag: "530607c892fadfabbae69b29273ad2e9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: 5wWf5Af7Q0s1SVGlzqDicbOxM7Q3dLxLzQNWqJfsf-Uil3hEaHkl0g==

GET
H2 200 tm-logo-red-white-t.svg
www.trendmicro.com/content/dam/trendmicro/global/en/core/images/logos/ 5 KB
3 KB 32ms
31ms Image
image/svg+xml 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/core/images/logos/tm-logo-red-white-t.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4c38452d4117e2bb77829601aca27ac6584ebdf4d42ce505c0f7b1ae0f933147

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 12 Jul 2023 02:14:31 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=18, origin; dur=0, ak_p; desc="469202_3245104802_1368341602_2022_2531_5_0_-";dur=1
content-length: 2173
x-xss-protection: 1;mode=block
last-modified: Tue, 11 Jul 2023 21:08:15 GMT
server: nginx
etag: W/"154e-6003c7f5ff885"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=900
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:31 GMT

GET
H2 200 asrm-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 14 KB
14 KB 287ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/asrm-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

84f657435e631a1442815def2faa66eb24833b1047908ebd71275bfbef9690ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:26 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "1ac209128f661abb8a982d1bdb20d08e"
content-type: image/webp
access-control-allow-origin: *
content-length: 14534
expires: Wed, 12 Jul 2023 09:53:49 GMT

GET
H2 200 xdr-product-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 18 KB
18 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/xdr-product-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

74f5da663574c88f8694494adf45161949674fcfff783f3306b0644dc2a84adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "b3ffdce154f5ac33f90bafd0b8f52ddf"
content-type: image/webp
access-control-allow-origin: *
content-length: 18350
expires: Wed, 12 Jul 2023 09:53:49 GMT

GET
H2 200 cloud-one-conformity-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 15 KB
16 KB 13ms
13ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-conformity-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

4ab83592ce402440f1cbf8260a541ef669652a1992abba72a62b20fee5d5a74a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:51:02 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "05f9f1e037384b6444bf7ecf08a5930e"
content-type: image/webp
access-control-allow-origin: *
content-length: 15700
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 cloud-one-container-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 22 KB
22 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-container-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

cd1eef6ba8780ec4e408014498fe98f8691792cc00168d4b115f1500d502a3fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:25 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "0bd7f96f29e779fac6dc954866b8de36"
content-type: image/webp
access-control-allow-origin: *
content-length: 22816
expires: Wed, 12 Jul 2023 09:41:01 GMT

GET
H2 200 cloud-one-file-storage-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 10 KB
10 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-file-storage-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

3f95c868390ea2426ee26d756867a51141df402ab30ccc73404c16450fc10f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:50:40 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "81b7f638d5ac80cfde194124da99cc5e"
content-type: image/webp
access-control-allow-origin: *
content-length: 10478
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 cloud-one-network-security-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 21 KB
21 KB 13ms
13ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-network-security-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

0a24885b49ed513c1e14f2bce9ccc9efbb05e7875f6822544a0a54b8d4c3dd95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "b332a6b4b2b308a0e8dfcc52a344408a"
content-type: image/webp
access-control-allow-origin: *
content-length: 21776
expires: Wed, 12 Jul 2023 09:41:21 GMT

GET
H2 200 cloud-one-open-source-security-snyk-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 13 KB
14 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-open-source-security-snyk-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

78e40b1d012f9caf57a3f6fbf8d43c659d70f5848aac51cd4a185159738faf65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "03bfd761eae4f57eb20afd34425ddf1e"
content-type: image/webp
access-control-allow-origin: *
content-length: 13774
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 cloud-sentry-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 13 KB
13 KB 15ms
15ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/cloud-sentry-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

d92c0eca2e492fde2b2f4fdfbd246e60c27773efa928e923c7292fbd60dd7211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:50:40 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "2186ca4a8ab3ad34e9605eedf73a8498"
content-type: image/webp
access-control-allow-origin: *
content-length: 13244
expires: Wed, 12 Jul 2023 09:53:49 GMT

GET
H2 200 zero-trust-access-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 24 KB
24 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/zero-trust-access-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

1c580985c46f2d69e9d251c3275a031da27d8219e702677f7285ddad9134c562

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "54553bd846274282dee4b07c8fd3198b"
content-type: image/webp
access-control-allow-origin: *
content-length: 24410
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 email-security-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 24 KB
25 KB 14ms
13ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/email-security-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

3a3abfe7b0630828bff7d1f3a6e29c316f1a432e1909877d8c713abf14e43c3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:50:40 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "adeabd4b80e2b5f6ab0d131473fa84c3"
content-type: image/webp
access-control-allow-origin: *
content-length: 24906
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 sps-mobile-security-enterprise-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 20 KB
20 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/sps-mobile-security-enterprise-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

68c21f3bfefc064bc07808b48bba6165dfc210d152ba4a6a35a567ed49151877

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:50:40 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "183303c0127c38a2849f7046d6cccef2"
content-type: image/webp
access-control-allow-origin: *
content-length: 19998
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 small-business-worry-free-service-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 12 KB
12 KB 14ms
14ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/small-business-worry-free-service-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

baab390c2d7313aff54f9e972aec75d7293ed44cef9fd2eec59c1debe9343dfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:31 GMT
last-modified: Wed, 04 Jan 2023 02:43:22 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "d368300e798fca683308d1ed100d958c"
content-type: image/webp
access-control-allow-origin: *
content-length: 12248
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 all-products-console-shot
trendmicro.scene7.com/is/image/trendmicro/ 64 KB
64 KB 18ms
18ms Image
image/webp 2a02:26f0:3500:12::1730:17af
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trendmicro.scene7.com/is/image/trendmicro/all-products-console-shot?scl=1.0&qlt=95&fmt=webp-alpha

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:12::1730:17af Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

293ceaa480bda1594e9f61f6a52858999cd0aad1ef4f5d3eafe7cc559727e41d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:32 GMT
last-modified: Mon, 27 Mar 2023 00:57:09 GMT
-x-adobe-smart-imaging: 0
server: Unknown
etag: "891ae1c6af5064a7f40d8b2f96a4ea68"
content-type: image/webp
access-control-allow-origin: *
content-length: 65306
expires: Wed, 12 Jul 2023 09:53:48 GMT

GET
H2 200 search-script.js Show response
customer.cludo.com/scripts/bundles/ 367 KB
67 KB 18ms
17ms Script
application/javascript 2606:4700:10::6816:1d60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://customer.cludo.com/scripts/bundles/search-script.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1d60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00f7b1c95d34ae707d0b5a46f93e3d922c2c2b6b9b39deb0c8526b3ca0d8ba1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 24 May 2023 07:40:36 GMT
server: cloudflare
age: 92
etag: W/"0322c7138ed91:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
cf-ray: 7e55c5ecefd791e1-FRA
alt-svc: h3=":443"; ma=86400
x-lb: 2

GET
H2 200 share-more.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/ 648 B
768 B 16ms
16ms Image
image/svg+xml 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

179eb991060face02477e0406b1a413ac50ec26fe9f397e07e4ee95f7e6a5298

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=6, origin; dur=0, ak_p; desc="469202_3245104802_1368342058_715_1592_5_0_-";dur=1
x-prod-n-01: Yes
content-length: 362
x-xss-protection: 1;mode=block
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=807
expires: Wed, 12 Jul 2023 02:27:59 GMT

GET
H2 200 printer.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/ 409 B
686 B 28ms
28ms Image
image/svg+xml 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1b154bfaea92a935726ed4a450101dc646a86588cfa0f066cae2050130124569

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=6, origin; dur=0, ak_p; desc="469202_3245104802_1368342086_694_1760_5_0_-";dur=1
x-prod-n-01: Yes
content-length: 281
x-xss-protection: 1;mode=block
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=900
expires: Wed, 12 Jul 2023 02:29:32 GMT

GET
H2 200 UniversalRootkitLoader-Figure01.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 239 KB
239 KB 29ms
28ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure01.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

372a90f11d04b5f23b65e506a4b508583ef185a175fbdb9f6511dbccc5d6f65f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=18, origin; dur=0, ak_p; desc="469202_3245104802_1368342105_1925_1518_5_0_-";dur=1
content-length: 244662
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"3bbb6-60040951c1da8"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=921
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:53 GMT

GET
H2 200 UniversalRootkitLoader-Figure02.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 101 KB
101 KB 16ms
16ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure02.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b07770d8983d2f71938eb2831dfe622a79a895749e139ff3fa561d87c1871abf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=8, origin; dur=0, ak_p; desc="469202_3245104802_1368342144_818_1509_6_0_-";dur=1
content-length: 102937
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"19219-60040951c19c0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=978
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:50 GMT

GET
H2 200 UniversalRootkitLoader-Figure03.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 242 KB
243 KB 25ms
24ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure03.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

488f7d2c84db69159374afde4ed9e2dcf1ccd92217b7b1703c12b1ac0fba08c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368342167_1112_1409_6_0_-";dur=1
content-length: 248296
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"3c9e8-60040951c19c0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=911
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:43 GMT

GET
H2 200 UniversalRootkitLoader-Figure04.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 83 KB
83 KB 20ms
20ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure04.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

10d1802647ea3d7fc2fae8542d61819f937adae7ee2b39e49e599cf1e33beed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368342195_1198_1480_6_0_-";dur=1
content-length: 84530
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"14a32-60040951c0e08"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=1000
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:12 GMT

GET
H2 200 UniversalRootkitLoader-Figure05.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 128 KB
128 KB 20ms
19ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure05.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2fa1d425d12173f380683dfc5441805dbc9061607d22d3638e93c5430cec0dee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368342216_1121_1381_6_0_-";dur=1
content-length: 130968
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1ff98-60040951c3130"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=1046
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:58 GMT

GET
H2 200 UniversalRootkitLoader-Figure06.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 128 KB
129 KB 18ms
18ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure06.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f7c4b2a5a3e0e96fa5d9e35e3321512d0e390aabf2c2f2cc3b9093c2da534df4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:32 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=10, origin; dur=0, ak_p; desc="469202_3245104802_1368342234_1008_1649_6_0_-";dur=1
content-length: 131474
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"20192-60040951bc7b6"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=978
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:50 GMT

GET
H2 200 UniversalRootkitLoader-Figure07.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 285 KB
285 KB 343ms
343ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure07.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ba5f38604d3d46c8ab6a42c0f795deab57b77d7e956236fcd180c6b568436a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Wed, 12 Jul 2023 02:14:32 GMT
x-prod-a-01: Yes
x-content-type-options: nosniff
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=10, origin; dur=324, ak_p; desc="469202_3245104802_1368342260_33423_1326_6_0_-";dur=1
x-prod-n-01: Yes
content-length: 291736
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:14:32 GMT
server: nginx
etag: W/"47398-60040c6bb3722"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=1788
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:44:20 GMT

GET
H2 200 UniversalRootkitLoader-Figure08-2.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 228 KB
229 KB 33ms
33ms Image
image/jpeg 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure08-2.jpg

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2be261a8f196631fc801a5e3ea0902cb8270c49e17d49ea195f4cc334ef5251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368342927_2240_1284_6_0_-";dur=1
content-length: 233557
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"39055-60040951c44b9"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=989
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:02 GMT

GET
H2 200 UniversalRootkitLoader-Figure10.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 100 KB
100 KB 21ms
20ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure10.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

04cb90cd5475714f45a5562264a035496163130291946f073c499cc8237081e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368342957_1209_1835_6_0_-";dur=1
content-length: 102231
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"18f57-60040951bd756"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1008
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:21 GMT

GET
H2 200 UniversalRootkitLoader-Figure11.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 283 KB
284 KB 18ms
18ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure11.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1f76fa434c34a06355281a8a9d5b62fc9b70b3aaa61fbdaf5215a8c64c932756

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=10, origin; dur=0, ak_p; desc="469202_3245104802_1368342981_980_1489_6_0_-";dur=1
content-length: 290088
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"46d28-60040951c40d1"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1010
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:23 GMT

GET
H2 200 UniversalRootkitLoader-Figure12.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 148 KB
148 KB 20ms
20ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure12.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a153406ed48b5ba1abedc31709fe4d1f0386a299b1803afa6080b2a17e9c486b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368343003_1178_1441_6_0_-";dur=1
content-length: 151420
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"24f7c-60040951c48a1"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=984
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:57 GMT

GET
H2 200 UniversalRootkitLoader-Figure13.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 51 KB
51 KB 88ms
88ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure13.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

14756cc2054f08522b6484664f50af92218ebd26030caea2ad7c8ea3b56cf6a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=71, origin; dur=0, ak_p; desc="469202_3245104802_1368343020_7110_1316_8_0_-";dur=1
content-length: 51754
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"ca2a-60040951b5283"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=909
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:42 GMT

GET
H2 200 UniversalRootkitLoader-Figure14.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 58 KB
59 KB 42ms
42ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure14.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

238bfe442a3a1faff7f21aa72c4fd53d8ed08d4dec06c88beb3220a71aff5308

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=28, origin; dur=0, ak_p; desc="469202_3245104802_1368343131_2828_1457_7_0_-";dur=1
content-length: 59808
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"e9a0-600409516c271"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=923
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:56 GMT

GET
H2 200 UniversalRootkitLoader-Figure15.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 154 KB
155 KB 21ms
20ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure15.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

216bea5fb2bb15869cfb182606f949111276886fcc501392a3b48e08c751e12f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=13, origin; dur=0, ak_p; desc="469202_3245104802_1368343168_1251_1348_6_0_-";dur=1
content-length: 158101
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"26995-600409516e1b2"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=927
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:00 GMT

GET
H2 200 UniversalRootkitLoader-Figure16.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 74 KB
74 KB 23ms
23ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure16.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b8f97aba3fc33d00b5058f30ac9b80efd2d1e7015fe3d0fd4f03ea83135045c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15, origin; dur=0, ak_p; desc="469202_3245104802_1368343187_1492_1292_6_0_-";dur=1
content-length: 75790
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1280e-600409516ca41"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=918
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:51 GMT

GET
H2 200 UniversalRootkitLoader-Figure17.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 71 KB
71 KB 19ms
19ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure17.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f56f4cadeb39b4aea576a0e390353d4858389d64c8b6911554b11814a20673cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368343202_1079_1380_6_0_-";dur=1
content-length: 72632
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"11bb8-60040951be30f"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=998
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:11 GMT

GET
H2 200 UniversalRootkitLoader-Figure18.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 236 KB
236 KB 18ms
17ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure18.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d20a47cc769dd4d879c7a3cd278a83c3e94ac5c8b8db593ef55f208d2637de83

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=10, origin; dur=0, ak_p; desc="469202_3245104802_1368343212_979_1247_6_0_-";dur=1
content-length: 241182
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"3ae1e-60040951b9cbd"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=962
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:35 GMT

GET
H2 200 UniversalRootkitLoader-Figure19.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 412 KB
412 KB 21ms
20ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure19.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0dd0b80ecb24acff971c30743630fc9c282c8ed186e9e8f90c37915001eb8e4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368343230_1190_2033_6_0_-";dur=1
content-length: 421602
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"66ee2-60040951b71c4"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1008
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:21 GMT

GET
H2 200 UniversalRootkitLoader-Figure20.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 74 KB
75 KB 19ms
19ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure20.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

17fd23fbf8800ea93808d750b30b38aec863cba09efdcf9723d3c0d607dedf11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368343257_1100_1595_6_0_-";dur=1
content-length: 75854
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1284e-60040951c0e08"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=976
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:49 GMT

GET
H2 200 UniversalRootkitLoader-Figure21.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 70 KB
70 KB 18ms
18ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure21.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1ba86162266cc439093ce2c66c9e840ecc17d0a172dbb5b05014916886a5e97d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=10, origin; dur=0, ak_p; desc="469202_3245104802_1368343273_1001_1549_6_0_-";dur=1
content-length: 71214
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1162e-60040951b8d1d"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=966
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:39 GMT

GET
H2 200 UniversalRootkitLoader-Figure22.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 276 KB
276 KB 26ms
26ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure22.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9693ea62c98cc157900c60558867f780c5702372b353378def5fe73d24501a36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=17, origin; dur=0, ak_p; desc="469202_3245104802_1368343285_1720_1349_6_0_-";dur=1
content-length: 282450
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"44f52-60040951b7994"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=982
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:55 GMT

GET
H2 200 UniversalRootkitLoader-Figure23.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 228 KB
228 KB 26ms
25ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure23.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

05e4b84b52a7f559bbae5584c7e6a6086f00aa0c3d9e524778f54bcdbc2068ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=14, origin; dur=0, ak_p; desc="469202_3245104802_1368343322_1386_1571_6_0_-";dur=1
content-length: 233250
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"38f22-60040951bc3ce"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=929
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:02 GMT

GET
H2 200 UniversalRootkitLoader-Figure24.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 69 KB
69 KB 19ms
18ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure24.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4148f72d9723522bf18a718743fae8f43b6e32117eac64a6c802d0e6df78e97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=10, origin; dur=0, ak_p; desc="469202_3245104802_1368343336_1070_1193_6_0_-";dur=1
content-length: 70313
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"112a9-60040951bbbfe"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=954
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:27 GMT

GET
H2 200 UniversalRootkitLoader-Figure25.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 105 KB
105 KB 21ms
21ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure25.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d36f82d84bb48f9d37780eaa34580c67ee90847011f2e0a275ee4de34c019ba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=13, origin; dur=0, ak_p; desc="469202_3245104802_1368343370_1283_1353_7_0_-";dur=1
content-length: 107276
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1a30c-60040951bcf86"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=956
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:29 GMT

GET
H2 200 UniversalRootkitLoader-Figure26.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 104 KB
104 KB 17ms
17ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure26.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9cee6cb090b5f8cd5284df534171066f53f81925da931587d69f10a0060990f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=9, origin; dur=0, ak_p; desc="469202_3245104802_1368343390_891_1799_6_0_-";dur=1
content-length: 106231
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"19ef7-60040951b8d1d"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=969
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:42 GMT

GET
H2 200 UniversalRootkitLoader-Figure27.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 61 KB
61 KB 32ms
32ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure27.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f971e6f54d7eef3fe8bd136d36718bd6ceed99e1bde8c18358a16fea59ecf583

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=16, origin; dur=0, ak_p; desc="469202_3245104802_1368343416_1609_1475_6_0_-";dur=1
content-length: 62084
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"f284-60040951bd36e"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1052
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:32:05 GMT

GET
H2 200 UniversalRootkitLoader-Figure28.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 129 KB
129 KB 19ms
19ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure28.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

26f4b8a9bd7ed3a7dbd1734ab7f0ef9025ced9f30afe1911589272a6a80c87bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368343438_1115_1328_6_0_-";dur=1
content-length: 132026
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"203ba-60040951bdb3e"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=915
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:48 GMT

GET
H2 200 UniversalRootkitLoader-Figure29.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 83 KB
84 KB 16ms
16ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure29.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

679c26f4b30b50616fa8275a9f953519418d92cd91de789f9ef93b46841d7dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=8, origin; dur=0, ak_p; desc="469202_3245104802_1368343452_819_1514_6_0_-";dur=1
content-length: 85249
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"14d01-60040951bfa7f"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1015
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:28 GMT

GET
H2 200 UniversalRootkitLoader-Figure30.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 58 KB
59 KB 19ms
19ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure30.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

33f72046ad70d60885ed9f6445665d786e0bb6f1a0328141df0bfade26681b3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368343472_1118_1641_6_0_-";dur=1
content-length: 59866
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"e9da-60040951b9cbd"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=991
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:04 GMT

GET
H2 200 UniversalRootkitLoader-Figure32.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 74 KB
75 KB 24ms
24ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure32.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0933a1a2cd3eedac201111e69fbc5cdfb218d0a8a399d5c5cf3673d21705b38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15, origin; dur=0, ak_p; desc="469202_3245104802_1368343496_1512_1439_6_0_-";dur=1
content-length: 76149
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"12975-60040951bd756"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1008
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:21 GMT

GET
H2 200 UniversalRootkitLoader-Figure33.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 92 KB
92 KB 19ms
18ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure33.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

65afce6d1d06e0c5de846da477e3939ec081f9ccef27ae7514b2fadec43571a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, ak_p; desc="469202_3245104802_1368343516_1065_1331_6_0_-";dur=1
content-length: 93884
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"16ebc-60040951bf697"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=931
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:04 GMT

GET
H2 200 UniversalRootkitLoader-Figure34.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 83 KB
83 KB 19ms
17ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure34.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

514ecf0c4ae5d94af3f42c53cd5bb3dd2e9d972521531f4d0192858a1f851181

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=10, origin; dur=0, ak_p; desc="469202_3245104802_1368343538_978_1332_6_0_-";dur=1
content-length: 85002
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"14c0a-60040951bd756"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=920
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:53 GMT

GET
H2 200 UniversalRootkitLoader-Figure35.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 104 KB
104 KB 33ms
33ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure35.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e56931818e000bba2e582bd8b020d83d2ce90607968bf3db6e7f7593d2096491

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=24, origin; dur=0, ak_p; desc="469202_3245104802_1368343556_2438_1323_6_0_-";dur=1
content-length: 106004
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"19e14-60040951ba48d"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1000
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:13 GMT

GET
H2 200 UniversalRootkitLoader-Figure36.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 131 KB
132 KB 25ms
25ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure36.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ac600769409043e65b9b5ba0677ec52989202868c43756d5374fc51fa13e5996

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=14, origin; dur=0, ak_p; desc="469202_3245104802_1368343585_1508_1556_6_0_-";dur=1
content-length: 134564
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"20da4-60040951b6ddc"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=970
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:43 GMT

GET
H2 200 UniversalRootkitLoader-Figure37.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 116 KB
117 KB 29ms
29ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure37.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

37f184083289b4d57ce67756a5a766a37f50d9e130a6cf5b4068e41bc7beaf39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=17, origin; dur=0, ak_p; desc="469202_3245104802_1368343615_1832_1424_6_0_-";dur=1
content-length: 119169
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1d181-60040951c2190"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1130
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:33:23 GMT

GET
H2 200 UniversalRootkitLoader-Figure38.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 217 KB
218 KB 30ms
30ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure38.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

dcae9bf037867f3fbc70a731bcefe918192a6dad58322aeb2b50c17629a5aa64

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=16, origin; dur=0, ak_p; desc="469202_3245104802_1368343668_1683_1577_7_0_-";dur=1
content-length: 222456
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"364f8-60040951b94ed"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1003
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:16 GMT

GET
H2 200 UniversalRootkitLoader-Figure39.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 99 KB
100 KB 21ms
21ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure39.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c04e4d65d5ca607d2af06851246a8429532b34536d461095920d423c3af5cccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=13, origin; dur=0, ak_p; desc="469202_3245104802_1368343691_1267_1574_6_0_-";dur=1
content-length: 101640
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"18d08-60040951bf2af"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=987
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:00 GMT

GET
H2 200 UniversalRootkitLoader-Figure40.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 56 KB
56 KB 22ms
21ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure40.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f1fd89fde4094d9e9cf162069777e058a37d5e703b8415a67d3d34b6e375f373

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=9, origin; dur=0, ak_p; desc="469202_3245104802_1368343722_904_1520_6_0_-";dur=1
content-length: 57125
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"df25-60040951ba0a5"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=904
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:37 GMT

GET
H2 200 UniversalRootkitLoader-Figure41.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 178 KB
178 KB 30ms
30ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure41.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c4a0cead3a20c2ebdb25153ad6c34a555b2a6e299e75e99cf584a7705e25521b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=21, origin; dur=0, ak_p; desc="469202_3245104802_1368343744_2161_1925_6_0_-";dur=1
content-length: 181946
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"2c6ba-60040951b854c"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=970
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:43 GMT

GET
H2 200 UniversalRootkitLoader-Figure42.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 228 KB
229 KB 21ms
21ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure42.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

96fdf0a4ca2f373b0514beed9c7d784fe86420abc1fe2cf8a27f9dc4f3363ce6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368343770_1224_1848_6_0_-";dur=1
content-length: 233837
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"3916d-60040951b8935"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=1004
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:31:17 GMT

GET
H2 200 UniversalRootkitLoader-Figure43.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 283 KB
284 KB 42ms
42ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure43.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

03d31adab235f1ff6d359ab136dbbd93281b9e1824bf86713d3d52ab7c07d686

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:34 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=34, origin; dur=0, ak_p; desc="469202_3245104802_1368343793_3391_1316_6_0_-";dur=1
content-length: 289948
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"46c9c-60040951b94ed"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=895
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:29 GMT

GET
H2 200 UniversalRootkitLoader-Figure44.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 27 KB
28 KB 28ms
28ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure44.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e6cbd6c0584fa15d9f5cc6dac11f12c9eb5c86705a34f61adecb2a74e287c015

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:34 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15, origin; dur=0, ak_p; desc="469202_3245104802_1368343841_1630_2125_6_0_-";dur=1
content-length: 27957
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"6d35-60040951bf697"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=930
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:04 GMT

GET
H2 200 UniversalRootkitLoader-Figure45.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 362 KB
363 KB 20ms
20ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure45.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

fe1d871a892f3d5fb5a18e96fa9622db8388827882b25ea1a0dad379ad329b82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:34 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368343874_1145_1445_6_0_-";dur=1
content-length: 370796
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"5a86c-60040951ba875"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=939
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:30:13 GMT

GET
H2 200 UniversalRootkitLoader-Figure46.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 111 KB
112 KB 20ms
19ms Image
image/png 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure46.png

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d83b00522d778f1b4669ce92af6546aafffc1e435f012c1affae480c642979cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:34 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="469202_3245104802_1368343890_1156_1553_6_0_-";dur=1
content-length: 113991
x-xss-protection: 1;mode=block
last-modified: Wed, 12 Jul 2023 02:00:39 GMT
server: nginx
etag: W/"1bd47-60040951bb816"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=911
accept-ranges: bytes
expires: Wed, 12 Jul 2023 02:29:45 GMT

GET
H2 200 granite.min.js Show response
www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/ 4 KB
2 KB 18ms
18ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

c986afd07a4082d65befeef18869a4cd5e00f3ac6e8228d49658802c7453a1b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Mon, 26 Jun 2023 01:44:19 GMT
server: Akamai Resource Optimizer
date: Wed, 12 Jul 2023 02:14:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341364_104_1749_6_0_-";dur=1
x-prod-n-01: Yes
content-length: 1422
x-xss-protection: 1;mode=block

GET
H2 200 clientLibs.min.js Show response
www.trendmicro.com/etc.clientlibs/trendmicro/editableTemplateComponents/content/footer/v1/footer/ 646 B
626 B 15ms
15ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendmicro/editableTemplateComponents/content/footer/v1/footer/clientLibs.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

db05d4267dfa54efcffce5353b6b16959137d2387075f61974be55c6d3d6413c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Thu, 15 Jun 2023 04:48:56 GMT
server: Akamai Resource Optimizer
x-prod-n-02: Yes
date: Wed, 12 Jul 2023 02:14:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341374_31_1575_6_0_-";dur=1
content-length: 251
x-xss-protection: 1;mode=block

GET
H2 200 sly.min.js Show response
www.trendmicro.com/content/dam/trendmicro/global/core-library/ 18 KB
7 KB 8ms
8ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
date: Wed, 12 Jul 2023 02:14:31 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341380_27_1509_6_0_-";dur=1
x-prod-n-01: Yes
content-length: 6497
x-xss-protection: 1;mode=block
last-modified: Sun, 02 Jul 2023 04:11:31 GMT
server: Akamai Resource Optimizer
etag: W/"48de-5ff793ea0c342"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=86273
accept-ranges: bytes
expires: Thu, 13 Jul 2023 02:12:24 GMT

GET
H2 200 jwplayer.js Show response
www.trendmicro.com/content/dam/trendmicro/global/core-library/ 81 KB
23 KB 9ms
9ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
x-prod-n-02: Yes
date: Wed, 12 Jul 2023 02:14:31 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341389_33_1776_6_0_-";dur=1
content-length: 22997
x-xss-protection: 1;mode=block
last-modified: Tue, 27 Jun 2023 04:28:28 GMT
server: Akamai Resource Optimizer
etag: W/"1457a-5ff14dbe7277c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=149931
accept-ranges: bytes
expires: Thu, 13 Jul 2023 19:53:22 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 1006 B
2 KB 156ms
57ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba4dde2c5e2251033818c4f743e6bb20635f9c2ea216bd000b7b882bb9bb4e62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Wed, 12 Jul 2023 02:14:31 GMT

GET
H2 200 clientlib-trendresearch.min.js Show response
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/ 385 KB
99 KB 9ms
9ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

199403cb09ddd1bb73cab095390b6cb2ef5e44e25cf6dd8886aff90840472af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Thu, 29 Jun 2023 17:41:40 GMT
server: Akamai Resource Optimizer
x-prod-n-02: Yes
date: Wed, 12 Jul 2023 02:14:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341458_92_1675_11_0_-";dur=1
content-length: 101370
x-xss-protection: 1;mode=block

GET
H2 200 header-footer.min.js Show response
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/ 35 KB
6 KB 29ms
29ms Script
application/javascript 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/header-footer.min.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

e926386e8f924613569b0605d37128f75f11b7899e581a4370d3c08f0b15c232

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-prod-a-01: Yes
last-modified: Sun, 25 Jun 2023 03:13:14 GMT
server: Akamai Resource Optimizer
x-prod-n-02: Yes
date: Wed, 12 Jul 2023 02:14:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368341553_1380_1756_5_0_-";dur=1
content-length: 5282
x-xss-protection: 1;mode=block

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
361 B 47ms
12ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:14:31 GMT
server: Oracle API Gateway
opc-request-id: /8EBFB1B80E17312E23568E07CA20C3D7/B0CE6A77A094784C9BC2AB305CEEDBF7
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 821060e3-3f9c-4a2f-8613-8e0db4841f79.json Show response
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/ 4 KB
2 KB 321ms
42ms XHR
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/821060e3-3f9c-4a2f-8613-8e0db4841f79.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fce7af9faf22ef2d8c844e6e46cd27657f9f28e27d91d50f63e690d96db3c33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 59166
content-md5: 5m4riiF3B2HkWjPaNJKoCQ==
content-length: 1715
x-ms-lease-status: unlocked
last-modified: Mon, 24 Apr 2023 20:49:26 GMT
server: cloudflare
etag: 0x8DB4505646243B9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1782af73-d01e-0039-22ee-769842000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e55c5ed5b9a91f0-FRA
expires: Thu, 13 Jul 2023 02:14:31 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
312 B 67ms
37ms XHR
application/json 2606:4700::6812:1c26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1c26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7e55c5edd82d37e4-FRA
access-control-allow-headers: Content-Type

GET
H2 200 autopilot_sdk.js Show response
cdn.bc0a.com/autopilot/f00000000017219/ 46 KB
17 KB 3204ms
134ms Script
application/javascript 35.201.125.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.125.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

192.125.201.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

55a23478291e8e3095cc198af9ea9c2fe74284e2e10dcd73a985461cec632577

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-goog-meta-marvel_enabled: true
content-security-policy: default-src 'self' 'unsafe-inline';
content-encoding: gzip
age: 0
x-guploader-uploadid: ADPycdvcqik9oHRnCcEb12NbZZd8nWJSMeWb169RdkRHAi61cLIpT0BvnRAqVok9He5gq94smmi9e2qDRgbjJQu67KF8rQ
x-goog-meta-sdk_canonical_host
x-goog-meta-sdk_whitelist
x-goog-stored-content-encoding: gzip
x-goog-meta-publishingdate: 2022-08-25 23:21:50
x-goog-meta-sdk_canonical_protocol
etag: "291f0921837a10fe276eb399927322e3"
vary: Accept-Encoding
x-goog-generation: 1661469710703449
content-language: en
access-control-allow-origin: *
x-goog-meta-custom: true
access-control-expose-headers: Content-Type
x-goog-meta-marvel_test_mode: false
cache-control: public, max-age=3600
content-type: application/javascript
x-goog-meta-spa: false
expires: Wed, 12 Jul 2023 03:14:34 GMT
x-goog-meta-sdk_version: 1.5.6
date: Wed, 12 Jul 2023 02:14:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-goog-meta-sdk_account_id: f00000000017219
x-goog-meta-sdk_request_parameters_case_sensitive: false
x-goog-meta-marvel_config_consistency_custom: {"data-url":"dataservice.tmok.tm/tc.png,trendmicro.scene7.com,0,.66,1&qlt=80,1.0&amp","data-dropsrcset":"true","data-customerid":"f00000000017219","data-ignorepath":"uat-author.we.trendmicro.com,uat.we.trendmicro.com,prod-author.we.trendmicro.com,qa-author.we.trendmicro.com,qa.we.trendmicro.com"}
x-goog-storage-class: MULTI_REGIONAL
x-goog-meta-marvel_customer_id
x-goog-meta-sdk_log_level: 2
x-goog-metageneration: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15689
x-goog-meta-content_only: false
last-modified: Thu, 25 Aug 2022 23:21:50 GMT
server: UploadServer
x-goog-hash: crc32c=FtM7/Q==, md5=KR8JIYN6EP4nbrOZknMi4w==
x-goog-stored-content-length: 15689
accept-ranges: bytes
x-goog-meta-disable_debug_elements: false

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.34.0/ 348 KB
83 KB 17ms
16ms Script
application/javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ywzctmjVIapkx83Pz3a+AQ==
age: 76669
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 84671
x-ms-lease-status: unlocked
last-modified: Tue, 17 May 2022 16:31:35 GMT
server: cloudflare
etag: 0x8DA3822B5C4CCF6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 314095dd-101e-012b-2de1-5aea0b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e55c5ff5fff4da1-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/f9ca69f4-5e0e-4fbc-8d49-019514af017f/ 280 KB
47 KB 35ms
35ms Fetch
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/f9ca69f4-5e0e-4fbc-8d49-019514af017f/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faa4bb5aeb4dd651cbc1fccebaea63c8905058dfe5cbf1065d7ab93131903140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10325
content-md5: N4tZj06NT/fzB0djVU8v9g==
content-length: 47588
x-ms-lease-status: unlocked
last-modified: Mon, 24 Apr 2023 20:49:31 GMT
server: cloudflare
etag: 0x8DB450567A2C87C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e3c56bf1-d01e-00b1-72ee-76209b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e55c5ff8abf91f0-FRA
expires: Thu, 13 Jul 2023 02:14:34 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.34.0/assets/ 13 KB
3 KB 24ms
24ms Fetch
application/json 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: e9t+XAucPzqMmpjFA11lKw==
age: 53844
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2959
x-ms-lease-status: unlocked
last-modified: Tue, 17 May 2022 16:31:25 GMT
server: cloudflare
etag: 0x8DA3822AFD03491
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 46b3aefd-801e-008b-5ae1-5a6338000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7e55c5ffeb2091f0-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.34.0/assets/ 21 KB
4 KB 24ms
24ms Fetch
text/css 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Jul 2023 02:14:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: /wtHD+oYY7dZRzCx50GZrQ==
age: 54044
x-ms-lease-status: unlocked
last-modified: Tue, 17 May 2022 16:31:39 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 29cc040f-b01e-0066-4be1-5a6abc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7e55c5ffeb2291f0-FRA

GET
H2 200 01327841797 Show response
ixfd2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/ 8 KB
2 KB 72ms
19ms XHR
application/json 34.111.194.12
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ixfd2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/01327841797?client=js_sdk&client_version=1.5.6&orig_url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&base_url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36
Requested by: Host: cdn.bc0a.com
URL: https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.194.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 12.194.111.34.bc.googleusercontent.com
Software: bws/1.0 /
Resource Hash: d172f2ebf38a578b105a8f3679bd3d73ec09e4388da4413526314df191623397

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-be-pop: BRU-1-301
date: Wed, 12 Jul 2023 02:14:30 GMT
content-encoding: br
via: 1.1 google
server: bws/1.0
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 KL7L2-AE63W-6L875-PUGB2-GU2BB Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 31ms
7ms Script
application/javascript 2a02:26f0:1700:38a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/KL7L2-AE63W-6L875-PUGB2-GU2BB
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:1700:38a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:34 GMT
content-encoding: br
last-modified: Sun, 02 Jul 2023 06:51:26 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 109 KB
21 KB 9ms
8ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 16108b9f20b105ca2b79d5d1f1f0d5a62a23e0593ed7ff958a0c4ce62d8277c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: gez2vvLTGS6cWSZSiYkD77r6TkFCTPYU
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:11:51 GMT
last-modified: Mon, 10 Jul 2023 17:44:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 164
x-amz-server-side-encryption: AES256
etag: W/"58bb6cb2493b40c7b60d9ba3dc13427d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: 813yzj44ArFlYWiv23y4LTH9EaYFFs3jE26v-sxintfBNrnVYEsUxQ==

GET
H2 200 OpenSans.woff2
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans/ 58 KB
58 KB 46ms
46ms Font
application/octet-stream 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans/OpenSans.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4a7f7e246fb61ccc3f57cd38061bbbdd4ada9768649d9d3e3362ec46be278bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Mon, 08 May 2023 17:33:35 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: public, max-age=962
server-timing: cdn-cache; desc=HIT, edge; dur=25, origin; dur=0, ak_p; desc="469202_3245104802_1368344328_2652_981_6_0_-";dur=1
content-length: 59444
x-xss-protection: 1;mode=block

GET
H2 200 material-symbols-outlined.woff2
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/resources/fonts/ 2 MB
2 MB 31ms
31ms Font
application/octet-stream 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/resources/fonts/material-symbols-outlined.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a0991dc31e6d81dee9c683472cf62aacf0c540e22b232f6dd879ff0d916e37c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Wed, 12 Jul 2023 02:14:34 GMT
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Thu, 25 Aug 2022 17:04:23 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: public, max-age=1502
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368344329_44_1723_6_0_-";dur=1
x-prod-n-01: Yes
content-length: 2014068
x-xss-protection: 1;mode=block

GET
H2 200 422ea8eb-ab70-4ffb-9bf3-5a841254edba-3.woff
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate/ 72 KB
72 KB 31ms
30ms Font
application/x-font-woff 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate/422ea8eb-ab70-4ffb-9bf3-5a841254edba-3.woff

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f64a06f7949a0dabe65e7683ade627d29301122d68a4bc3239b161ec00697e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
cache-control: public, max-age=852
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368344330_35_1568_6_0_-";dur=1
content-length: 73259
x-xss-protection: 1;mode=block

GET
H2 200 UniversalRootkitLoader-Figure11.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 88 KB
89 KB 90ms
29ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure11.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f98a692850c62cc221b0bf0049186b9606ffdf7858428cd566f7cc705bcbd630

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:52 GMT
x-amz-version-id: z1sUMNMTtyK7XyYNU8ZRXruLhU6Qq4SO
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: 9WPHGKNK9AY6MPGF
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65742
x-cache: Hit from cloudfront
content-length: 90034
x-amz-id-2: 35CdyIzECjh7T9lieodvAupKTwqi6IzNDIpo6YesOgmunCgGgI3SrdVTiwjTrVFbjwLD/wu9Ds0=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:53 GMT
server: AmazonS3
etag: "0dcda4adfa95a8b35013d3ef221b5d63"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: A7N_QN0-V2lKNxlCLJYau565SnwQOXGFUOuWbCUPuPgoxWCnP4pTPg==

GET
H2 200 UniversalRootkitLoader-Figure12.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 39 KB
40 KB 104ms
44ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure12.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a7bbfda1437f51f5827e2a96e2f0f171a46ec4a3e29c4ba87c36ca5762e75d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:55 GMT
x-amz-version-id: 15dgoc00Chw_SZn8xFho62C_v3LvFh30
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: MD8AEPPYWKS20333
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65740
x-cache: Hit from cloudfront
content-length: 40150
x-amz-id-2: aqHbaFK0TzQVGdR02Yi7f44Q1M9Sk0vmKBD5cSsx1U28rykFb3OLFeXjGWbTg9HsNcRyxXu8joU=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "576842beba8b694a8566df2d7576f273"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: LFkHoBwatfTg-8_-jYn3Cf3m6eJAQ-I9F9KWDXV_PSD54pPuEOA7zw==

GET
H2 200 UniversalRootkitLoader-Figure13.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 12 KB
12 KB 112ms
52ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure13.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e80c71f412a308a4d9f5684861f89dc53a3f80102683de6e6322783b05402a3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:55 GMT
x-amz-version-id: 6dbWCKg3Su11n_sVB6JHse1MMYIhkse9
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: MD84FKQA47ZV16S5
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65740
x-cache: Hit from cloudfront
content-length: 12022
x-amz-id-2: ANlkPjolO+zCuo3+rm/j9HBTPxRSM+qFewAhRrRrsMg7nUhen4jkhCQ6WO890LHJ/KpodbMq/j4=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "b3b0ab2d46b6c153cec2fab71b1bc294"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: g9WREE22_G6ispUXJ-ZKIVAVuXP3lbYXoRWmpvVzc4wQTT7DRKePyw==

GET
H2 200 UniversalRootkitLoader-Figure14.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 18 KB
19 KB 102ms
42ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure14.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0692c63a88a51fa56b7a0d2a0c588d30e64cda9eb3bdfd4989d70eb7fea5e5f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:55 GMT
x-amz-version-id: tM6dY_.zIiADW416uopRTDa.9vEOggRJ
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: MD8AV0AJK36CP297
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65740
x-cache: Hit from cloudfront
content-length: 18676
x-amz-id-2: 0tTlPqenqZrKbkLFyxIe343MWtVvz6U4GKpZF9A+lE/AdFslqpE3U+0/lGzjkGtUjboCBe03gjY=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "f59018bd7d54e4477229be3c9d9f2f8f"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 22-FYCv0M6TPSoPcCW2dRAh0eZv3TJ9v6zaYqSy0PAkDNYFBvev8Dg==

GET
H2 200 UniversalRootkitLoader-Figure15.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 50 KB
51 KB 110ms
50ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure15.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1df3d992d7210fa9586f40bd3148949c4009ef43d1f3ae1ed86d3551895d940a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:56 GMT
x-amz-version-id: Jq8fgkWbYyPDIOsXsu3pYm7sRJig9Psa
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: QAJ6Q9E751TE637D
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65739
x-cache: Hit from cloudfront
content-length: 51674
x-amz-id-2: JmQMP6OtzIQU1pMe+E1kpyk/dKUtlK2KoYyBKvM/68V+O7WNCDAFFotIPIGszpDw7SwA0aTNre4=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:50 GMT
server: AmazonS3
etag: "48e8fe485c01fe2744510fa58ee0f59a"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: izM8yqwt_Yd9g02aRi4d3fUe5tj-g2Z_LT-RO2ZXjWUijCk3kbtBeA==

GET
H2 200 UniversalRootkitLoader-Figure16.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 14 KB
15 KB 108ms
49ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure16.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e62e33c26699a4c8198639a1a08aeef3675e2ffc1f2bd89c7f1625db530126b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:56 GMT
x-amz-version-id: RRjhV7si0.Ck1E8QztwU4HJ2z64wVPBx
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: QAJ57Q0PTC6K6Z4Q
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65738
x-cache: Hit from cloudfront
content-length: 14686
x-amz-id-2: rdwetsJJF64L22Sa6tRujeXcIZ3/m/5EbLH8TfpclBm8SHU2vrdxgaEKwTyVw+TXTy5jsQ7Chu8=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "8525d9d529bc2fc83e598c02fb337012"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: uDJncjNai9gknYoWpZdjcatPWJ59gFuYxMnmSSkxRPBAZYKCAW49Lw==

GET
H2 200 UniversalRootkitLoader-Figure17.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 19 KB
19 KB 38ms
31ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure17.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dee39573f66beb94e1e159360500fd9b6f6198c051b71c9d378cb2515e3c2f1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:57 GMT
x-amz-version-id: rdSUh05giVAF8_brpkg4s9_d7Pr_INNf
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: TC3KBMRBSAFKGSWA
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65738
x-cache: Hit from cloudfront
content-length: 19154
x-amz-id-2: J2IG63qaxDl3qINSR+Tj/ibtCu90pjygr9TAjvRLxt/8w3N0Oi3/CpYCWai+06YnlpgUUr8hd/M=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "0cabec85b5c82cc60a24daf2433f373b"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 2QMUCIfJZVcVAYz-B1cGbZDtxF_lvFgh58FntKhtdbNNAY90pbpbyg==

GET
H2 200 UniversalRootkitLoader-Figure18.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 75 KB
75 KB 36ms
29ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure18.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 84cefd1aa644b3554bac62f5e3a3ed987274891af03231a93ff3931e40797077

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:56 GMT
x-amz-version-id: AN8qbiMmEJIa5gHRF.UNlhho.CCBpBL7
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: TC3WMP9TBMVAGED1
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65738
x-cache: Hit from cloudfront
content-length: 76464
x-amz-id-2: 4nKafTj6z6u+1v7/ooPf69lh4phSy/BiHS7w61o/rXKV1PP53FR2N558OT9jmaGVbFfsbIl+eAk=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:54 GMT
server: AmazonS3
etag: "b46bf970cc92e34ca778df0a9de3f56c"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: DdqwJGdtdeU-cVtEdAhXJ-Z_6pDBr6vQ0-vaR_PX01rlpkGNgo5Lbw==

GET
H2 200 UniversalRootkitLoader-Figure19.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 103 KB
104 KB 40ms
34ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure19.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4a99172dac84eee68d5bf206583998249f7854a2f0aa6b6dd5519341929fd632

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:57 GMT
x-amz-version-id: EblWYt5JqTGdWo8XWyM_yL0EnG_Ew3Wc
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: TC3TNYY1NJEAMJ2T
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65738
x-cache: Hit from cloudfront
content-length: 105726
x-amz-id-2: RDvsPUlRWy1gboln1wWI6sBkNFZdxdsIiXE7h2Cr5yvVsyyubWNtt5267RlavNp9NOwhL+dpR64=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:51 GMT
server: AmazonS3
etag: "3d0a781e0d0f0cc76a7a338327c1a3f6"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 0xHuvjZF_0Jk5mCMyvesai4hvkEitoEmmnMbjieANk_3LZoFQl7Aqw==

GET
H2 200 UniversalRootkitLoader-Figure21.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 23 KB
23 KB 34ms
27ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure21.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e13210d73f28d0e459be96b5902f6fe77a5bd5e0aded882bffa5b1d605d4a7d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:57 GMT
x-amz-version-id: nzxMCP9xSxfUx57zxn_paKJ9enpvSLfh
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: TC3G1447ED3KMGDD
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65738
x-cache: Hit from cloudfront
content-length: 23418
x-amz-id-2: X+ggnHQ5JDSc9aDCfsXqfgZR8YtkxI1WDPzhqqWr1ZnnQGrDPqN2UAZs+kzy69Wfads9UHfnB2k=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:50 GMT
server: AmazonS3
etag: "5e74228a306c95168971c9dec081448b"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: IGks59FB74hgLo95BnkXLr5nbQiCY3DpP-GNliqchDjvmJK39ETGrg==

GET
H2 200 UniversalRootkitLoader-Figure22.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 68 KB
69 KB 39ms
33ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure22.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0b563445bc6c7a78eda52d449ee0173eba18e9eb1dce52b241ab7c05ee5b1ba8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:59:12 GMT
x-amz-version-id: TkPvLRG_FKm5gw8m8M.EAME.XW8gAUKx
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: 5B4VZQGTVEEMZF5P
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 923
x-cache: Hit from cloudfront
content-length: 69580
x-amz-id-2: ily9LO0uQPXt4uxFFdnnjorUlgdVxKW9a3YmbhhETbyXxtMrb5e15iFXrTp4YDJA4a3WCV86GR0=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "41cac62a7a60c563417097b1e8c42c63"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: FNnM9qlM0bUCh1hiAFPW7Kvylp0IH4qbSEqQtJ9fz2zsQojGHhtpHQ==

GET
H2 200 UniversalRootkitLoader-Figure23.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 83 KB
83 KB 46ms
40ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure23.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fe0ed1bdffc4da26665247b23e1cb07ab4d1984d25a2800609f1b8156f8286ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:57 GMT
x-amz-version-id: dnZTbnZBKF3R7HfAmgdKYWXv5g9F4rXW
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: TC3HQDT51QCEK380
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65737
x-cache: Hit from cloudfront
content-length: 84786
x-amz-id-2: kd6+GkCfFzH9uHqT0AO5vstJ9CBcNqHJNYnz4/fdrHDHoDmFIQFmV6G3I8xU9RYkd4y2DvXtq1c=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:50 GMT
server: AmazonS3
etag: "a70447fa3a2f0410ab183978e3fb7af7"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: R0TUXa-CKrtwGXQxvp9W7FlX9LoNyTJJFAnk8K8xfbir1TBPk67rJw==

GET
H2 200 UniversalRootkitLoader-Figure24.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 26 KB
27 KB 37ms
31ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure24.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1efbd25a5b8845437607f4a68c808d0dea71b0ea4bf82e7c2db54b4b83210a32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:58 GMT
x-amz-version-id: FA6Ut5URkN5gVstC_3eBd9pIXX1YqU.M
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: DRFK9WX5FM6SFMCZ
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65737
x-cache: Hit from cloudfront
content-length: 27034
x-amz-id-2: XFzQG+/VhcY13z483m/esnVXDDgBbmnmD5oQ9Df722UPcKoKAWdQtT+j38UxHxBHIfjiGW7ijU4=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:51 GMT
server: AmazonS3
etag: "cebb5f2115d0e4d49bf6258c779828fb"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: DEyyCS1ae1tua6bF_Ubm1T9RTOnz4ZSa5_5_Pa5ZwQd0ZNUWKw6OeQ==

GET
H2 200 UniversalRootkitLoader-Figure25.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 36 KB
37 KB 53ms
47ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure25.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 60352cd1c7e6c92aed0943fd714484508da9887b5f361499343ecc329af67ba7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:58 GMT
x-amz-version-id: sr6kt6Dw2I0UQHYJT2gtVCBlv_GRwfNq
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: DRFJJW656V978ASV
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65737
x-cache: Hit from cloudfront
content-length: 36962
x-amz-id-2: lCpo/VY7Id1yx7XOFKiFtVvxaw4H01ulbceZ1YDqwlsEiRcys2FHem6yhBR0ndFm0kTuOQb4Dq4=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:48 GMT
server: AmazonS3
etag: "8d0457ea83bb1ed2c0e2b80d04ad2e8f"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ppDgRAyXVEu_YNglx9udTqo5XRvQIDYc_88Sef_jmsrtapHUyEYeWA==

GET
H2 200 UniversalRootkitLoader-Figure26.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 29 KB
30 KB 49ms
43ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure26.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 87be4c8f7e98a8df6d0ae79054b534abf5b54a3300a5a826fe63161a1ebf841e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:57 GMT
x-amz-version-id: _DtS4DsIHWLo_L_daNVWwsq50PrjLWu9
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: TC3XKMYG6K1HEBTG
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65737
x-cache: Hit from cloudfront
content-length: 30160
x-amz-id-2: nohpJLARlo0da71zM6iyVWqdgC6exBfIs5od3Rm8dp4v3l9K18/DYwVgyew3Lol5JOT4qQMTm4o=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "0f5fac86aeb670b74875aab88b40f73a"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: bZrM7lo0o2wHDv2NKX9NwM9nLW6Nzeiwm1eclkdmpJ3XsdhinwMrzQ==

GET
H2 200 UniversalRootkitLoader-Figure27.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 23 KB
24 KB 62ms
56ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure27.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 78a52e3055bc3e1d9acfb7001f05693b2adeb5ca9b7a034be8f7076752abaff7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:58 GMT
x-amz-version-id: FnuDjmALYmKnv4B8f688Nb9mmum_7e3_
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: DRFR84M1ZS3E44T2
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65737
x-cache: Hit from cloudfront
content-length: 23662
x-amz-id-2: QGGo3scGGGXbaKcjGZKsFQGngTu1J/tvCIGII9mGN/4mPsLf0aM1VrOzymGE8EG0nyFwi6YJvCI=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:48 GMT
server: AmazonS3
etag: "740a94ad1e4d4bdaeb5f58bacb0eec24"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: cNC5baAoRzBzZL_zWWegE384KF1IqZx-21aUCDxllD64FV7hIYAmFA==

GET
H2 200 UniversalRootkitLoader-Figure28.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 37 KB
38 KB 34ms
28ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure28.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a4fd41d09dad604a89574dbcee56eb1bf74cd4d4a7aecbf01eebc33b99bc724

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:59:12 GMT
x-amz-version-id: NAQ_oK_K6e0NyNv85VCEmyZiNQ8gS_2U
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: 5B4Z0AFN4BSD51RF
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 923
x-cache: Hit from cloudfront
content-length: 38388
x-amz-id-2: e8LsYfvMwAXMvzk6Y9YVNA35mzTBTKr2jbHc4Dp4YmqpYoqXqmDkx4Lq6ggvYnL8EgNNJIAI4tA=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:52 GMT
server: AmazonS3
etag: "0d088b213d732c2d5a4b8162996febf7"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: TODM_oHDKx_TznOwelQ0Xk7cbso9YE-tH9EpF8d0SxDXMr_O3X-RzQ==

GET
H2 200 UniversalRootkitLoader-Figure29.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 26 KB
27 KB 44ms
38ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure29.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e983fca67555129ed6f39bd6d39242fcf0e3b4a2835624a6e05a7a3e8259a4ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:58 GMT
x-amz-version-id: SzEtmLEVELJA1H6CZB7YuK00BgVd28Ma
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: DRFV19WVP38WAP21
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65737
x-cache: Hit from cloudfront
content-length: 27112
x-amz-id-2: B6sRfQ8kYQDI1+Exqf3m1PSJy/RUzKkSiNLJnU7MEd4joP4Wl1jeaYyAn5il5FxWftXljN9QMH8=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "129f1aad81e91ee36e86b7175d35b7cc"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: o10y5a0f_taQRnn4fh-vpCPULP2zRJk-uCWo96DRliNNVlsYuuFfQw==

GET
H2 200 UniversalRootkitLoader-Figure32.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 24 KB
25 KB 48ms
42ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure32.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce98040ef1495d50e893c599b758037b029a34f225730a4265330221bcef09db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:58 GMT
x-amz-version-id: S2JboyAc64LLglzbFTkBBeNMQC0d4iW1
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: DRFX1A8PAK2ZFY7T
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 24986
x-amz-id-2: bPtbw4Dyx6zTnsoQgshsU5uNVAqhiAgYzdnRzY0hFA5KjPsVDhzhcpuFRNjH4McIb5wUM/UIgas=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "fde52e868bf11f2aaa5a4272f7c15df0"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: PQZ4wH4UIyTYCEe4yYy44MWj9uIJoYcLoJpIdj0-vWcGbELMpZ_U6g==

GET
H2 200 UniversalRootkitLoader-Figure33.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 27 KB
27 KB 58ms
53ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure33.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b11e9c3e88d676b53c3b42a72a5da71cb62a34b3d0b54572cf411b2f3df31120

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 00:19:35 GMT
x-amz-version-id: fIYU4lwUlssYH1JAxmhqGILIB1EbQtNA
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YPKK9SE383F867PB
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 6900
x-cache: Hit from cloudfront
content-length: 27150
x-amz-id-2: l4GA3f6eS3XCfoHVqu3YexmBKDm0pfr0DVv+MXvuu9ytHvPVR0zJEji/LovziWn5ATVrUWtckNc=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "0075b806fb94edf9f5a53fdfd8245ea8"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Hc0CK1ugaano0Fwgx1GuiT9m_wxX8kbR3I0d3G0ouQxV8dkBjI1RRQ==

GET
H2 200 UniversalRootkitLoader-Figure34.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 29 KB
29 KB 46ms
40ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure34.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7cde031d5fb4dbd23c4ca39abb1d1e2e13b30167e0d92357a5a9980b474077d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: B0ogtbkRD_az.TNChW3njnTELTCELXEG
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECRKZAKBKE98HF2
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 29512
x-amz-id-2: Q0p7mmnFCm8X9RtEsgPVonBOg3GrvkkCaiJozO7dX8AhUn5aWP7dGqJR1vLj8rpY/jleYbwfhFA=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:48 GMT
server: AmazonS3
etag: "ff13793e1e1b31c52a173f5b9a665155"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Tgn3IiB0sLT2g4zA7W5jm8B_3C-jJ4v5n41jaccgOtmzcVDDcRMO8Q==

GET
H2 200 UniversalRootkitLoader-Figure35.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 34 KB
34 KB 55ms
49ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure35.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e0f513da92d9f876183769ba72a43dba1adf79894aa4251bca6c1e12cab98844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: UScVhZFWbR3HIhVB6IYP3iBRc42yK9AV
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECYP3N0BY77HDV0
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 34548
x-amz-id-2: rfJhc4yFn7GYdMxAWVPiYXDVEcY7/J1vUYhyiedeFFodvy/lWfJ3H5uczuB6ekcRTg/EGOi8wfs=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "97797a62998240f306fd1e46b1473083"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: TITi-ovJTrVNTGp5QTTFiPUrQErd3P96yH-uH3QgJpEC8yFTySNKXg==

GET
H2 200 UniversalRootkitLoader-Figure36.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 37 KB
38 KB 49ms
44ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure36.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8d6bfee017f78bfe2a9cb5500959ee26fd66b6b76f76d83607f35abaf94b03f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:58 GMT
x-amz-version-id: sVdwJCcC0aUBodzL5S4_qRwPoOsMJDAG
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: DRFHWMFH8SVBK4VR
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 38318
x-amz-id-2: k3uGA7xf5GU7vU7Tsja8lGvI01KIIbJSdB/P2q3x0dPExWtZ3WJeRLh1YAF8P0fCwhmivSWr77I=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:52 GMT
server: AmazonS3
etag: "e04f8fef7cbc6bfa322d19a1015a66bb"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: bFmX9vUe6V0C2M3nwZcZExnDGV-6hf9PLWqNlgrwghHuG4oXjCf1qQ==

GET
H2 200 UniversalRootkitLoader-Figure37.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 37 KB
37 KB 64ms
59ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure37.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c05711dd9e517a8e32c7fddae8f57fd8fc74a372a2a4475f7c7c724c325ecbd3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: 7akIfsw.jX2GvbzXaglEWvV78H5Y5waJ
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECV2W98W8NMPTN5
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 37602
x-amz-id-2: 4wqNEnphEMgM6jOo9WiRm50OeA71wx2r5YyWTKiLNaW9a5wk9in43ljKQkcpM+b2Gh992ig5YrI=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "3d5b7ee171c80d36120c99a25b82a9cf"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: HAf92V4-PXVmKoHlRrWo2AqFvLtMePCxfv9PGIVQ6nE7oae0ZE9z-Q==

GET
H2 200 UniversalRootkitLoader-Figure38.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 65 KB
65 KB 59ms
54ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure38.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 648048606c44a023ebc77f5a1b6d5bb8dca39528cd59d33f1078bc5da503bdcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: CXEUBX_77uGG66nAp2_E2aTilS2PwvxX
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECMR3GX1S9N9T1X
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 66354
x-amz-id-2: JjE361n4Czv+aGjrFupHPnrty2kLWmVuyxZARorvptmI518mMN5jR+dCng/RNs9lMHo6xYe6mlE=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:53 GMT
server: AmazonS3
etag: "b701f0785d313db8dcaaea44f1b8f237"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: -KuiHL7OQStHf2xhOiXXHVK6riM1IaWmNRcyDeuYKe0ZwMiw2dhUpA==

GET
H2 200 UniversalRootkitLoader-Figure39.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 36 KB
37 KB 53ms
48ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure39.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a3e731f69b88d795b5d1a4d40fbbe08dbfaaddd48359ac65a7bba6f82a96766e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: l4OjUPjWJCqWMlV5KCQ03k2EeZvb94jR
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECYT6DDH0CWQNW1
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 36904
x-amz-id-2: pxIYlRYYRLB11bbUmApi/CEXH2LQRUuPpb6a27Sz8zo18vTsEH/mKbxMT+dl6mDsTdOZ6cWH/4o=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "d4985e5c5c982d82bbdcf49d700a8cc0"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: LrUx9jaf7MWNMP82eauOAyt8zSGhLjATv6r-6GmrV9IP0SdN4S6iSg==

GET
H2 200 UniversalRootkitLoader-Figure41.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 44 KB
45 KB 59ms
54ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure41.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c73485194e7068e296702ffa46dfaffd159804fa9de43cdc2e884bb18d61218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: bIrsNRXObu8p4FCOe_bl2N8Nfh7UwT4N
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECZPKJQ0N2AK2GS
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 45540
x-amz-id-2: mn9MgeKviKsS9ZwkJBsMy8aLhL5ewb4y35mo5HTvr9HfvJb+kan8zOTGj+Y9KzR+4Yb+r7EDZYA=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "7f507e0d1c42b65b795dcd7387c5713a"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: N_2mxBbAOikD_4wqH3mcg7CRptVgptn5jux6zaNUU2QLyG7uJ6dKlQ==

GET
H2 200 UniversalRootkitLoader-Figure42.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 53 KB
54 KB 61ms
56ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure42.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 907a8519ebea0f486dcf1588d3a1c2a82401f212732a5ee719389286b3fc5203

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: 8abFX_9yH.6o9CqO1t6sjjKA8s3.QmGH
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECKPK2058T7Z27T
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 54538
x-amz-id-2: FIC1Hs3bUWsJGXhOSNC1rfOD8/z2ITShXlWUW8YZ6aB+bbRvF4Ho3w7aALdwsC6Fxf0w2EBwiV0=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:50 GMT
server: AmazonS3
etag: "faed59a7614deb00e8a52c2678ed8a46"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: WhFjJ3DS7n_AmvBZV_8Sb_MRBg25qEtEJbmxtKMMMyDCA2UGZNJwCw==

GET
H2 200 UniversalRootkitLoader-Figure43.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 68 KB
68 KB 63ms
58ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure43.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e083b7075e19454ef2b953fe638bef4a1544a5623a20b1b65164e492e4d96ccb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: 3YI6Gg3kpz9Kk6EDGku_iEtstvXRbm_l
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECXFAG4XJ1DQBDG
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 69130
x-amz-id-2: oibwT3OrYil15eawBw333zbigeY8C1nrviSZncNMRTcvdj/ubqeu07WKwSYHfTnnc4WLsUZUiJA=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:50 GMT
server: AmazonS3
etag: "566c57aec18b5dd099e2abbc618abdca"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: sYnIMjBTgR5LWwBDaeUfDlKpqhYrZJrOtiPGEVV3bMZNIZcRuXM1Uw==

GET
H2 200 UniversalRootkitLoader-Figure44.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 7 KB
7 KB 56ms
51ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure44.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4fbc58f1c12f8e96e460b5e8eb147e12e8228e4ca8918e20ac64f40a473bfe8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 07:58:59 GMT
x-amz-version-id: 9SZstPcWMcOjlrO630cuefo6jZ3CyBku
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: YECVVNQ4WHFA8JCG
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 65736
x-cache: Hit from cloudfront
content-length: 6968
x-amz-id-2: k9eM412Gy4F8VxKN8Q2LmuUtTEbQciYag0oCdjcGXKJt9Duea2uf0CdI47Q+Nxzy3mBezw4DIuQ=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:48 GMT
server: AmazonS3
etag: "a9db70a87078779d395b9693c5921653"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Spn4hz9ArxQFX-VtXzn6yD3JkxLOibnIfLCO6on3KPwInhSLxZS6ag==

GET
H2 200 UniversalRootkitLoader-Figure45.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 142 KB
143 KB 55ms
50ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure45.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5006aa3baab91bbaa51ceb957b2714358edde4ab0ecd1465a7a35995524c6c28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:59:13 GMT
x-amz-version-id: AiItA18yqOfKwXurH2XtUbSTtD4J7eyJ
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: K1HKFTKHTNEXJMBS
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 921
x-cache: Hit from cloudfront
content-length: 145624
x-amz-id-2: BXAJLEndgOVYMWTZcTsu9mtRcOG5td5B1EsIbU+EepW83hOj2FZEpkHw/f2ED8EewoXMlr2R1ig=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:49 GMT
server: AmazonS3
etag: "9836d8f3952dd8549686a77f0b6ede70"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: m_d2PZaJs7NBzKhsJJJ8LNOZNocv7W1KAmDI1SGRJEjXLOpTdzs6Tg==

GET
H2 200 UniversalRootkitLoader-Figure46.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/ 172 KB
172 KB 48ms
43ms Image
image/webp 2600:9000:2250:b200:0:f267:a5c0:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader/UniversalRootkitLoader-Figure46.png
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b200:0:f267:a5c0:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6a9246cee9b14aa7ff7883f322d0302111b16a7c3b371ffab61e7487cbc1608

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:59:14 GMT
x-amz-version-id: CYZnWkrLH8v9vpqIANe0qckd_uHPFVnc
via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-amz-request-id: RRSWX62NG17G0T9P
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
age: 921
x-cache: Hit from cloudfront
content-length: 175820
x-amz-id-2: by8FQj1vXyBoS/Rp3zNVQnGOP2pb8gozr+r8pDvw/Vbfvq9wc4ZrvO0GRKFjhnofgCznahe9eng=
x-amz-expiration: expiry-date="Tue, 07 Apr 2026 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Tue, 11 Jul 2023 07:42:53 GMT
server: AmazonS3
etag: "56caad4cbcc190ebd83967d4ea112a58"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: pdDHtNt2X6YXEQh_YYldXbV0x7gg-M8hU-3jQ2Zx0ipLk9OmjfW-tw==

GET
H2 200 OpenSans-SemiBold.woff2
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans-SemiBold/ 58 KB
58 KB 19ms
17ms Font
application/octet-stream 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/OpenSans-SemiBold/OpenSans-SemiBold.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5c30d00dbb97ec4c05d6b41e850ea8ffab1c1623692de4193bcb235639be1d8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Mon, 08 May 2023 17:33:35 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: public, max-age=904
server-timing: cdn-cache; desc=HIT, edge; dur=6, origin; dur=0, ak_p; desc="469202_3245104802_1368344406_528_1549_8_0_-";dur=1
content-length: 59480
x-xss-protection: 1;mode=block

GET
H2 200 dade3edf-02a3-4844-947e-95175f24faef-3.woff
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/InterstateExtraLight/ 37 KB
38 KB 16ms
14ms Font
application/x-font-woff 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/InterstateExtraLight/dade3edf-02a3-4844-947e-95175f24faef-3.woff

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d5f14381258973e1a93167d8b3486ae1b2665ea072feb622e1ec0a446facc400

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
cache-control: public, max-age=852
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368344408_226_1387_8_0_-";dur=1
content-length: 38313
x-xss-protection: 1;mode=block

GET
H2 200 Interstate-Bold.woff2
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/Interstate-Bold/ 50 KB
51 KB 35ms
34ms Font
application/octet-stream 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/Interstate-Bold/Interstate-Bold.woff2

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1203817a41844d7b3fb01f6ebdef78975b98e96e09719b60fecc368afde2fc6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Mon, 08 May 2023 17:33:35 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: public, max-age=849
server-timing: cdn-cache; desc=HIT, edge; dur=19, origin; dur=0, ak_p; desc="469202_3245104802_1368344409_2205_1392_6_0_-";dur=1
content-length: 51664
x-xss-protection: 1;mode=block

GET
H2 200 e9258aa9-8d38-4395-b7e7-e18df29986f1-3.woff
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate-light/ 68 KB
68 KB 18ms
17ms Font
application/x-font-woff 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate-light/e9258aa9-8d38-4395-b7e7-e18df29986f1-3.woff

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

beb4690cf911f555766083248e81809736077be198a40edad9868c9e4469ca65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Thu, 23 Apr 2020 17:32:22 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
cache-control: public, max-age=836
server-timing: cdn-cache; desc=HIT, edge; dur=4, origin; dur=0, ak_p; desc="469202_3245104802_1368344410_501_1430_8_0_-";dur=1
content-length: 69724
x-xss-protection: 1;mode=block

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
48 KB 130ms
39ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 05:45:28 GMT
x-content-type-options: nosniff
age: 332946
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 05:45:28 GMT

GET
H2 200 icomoon.ttf
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/ 24 KB
14 KB 14ms
13ms Font
application/x-font-ttf 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/icomoon.ttf

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

bc6e1ea2c2ddcb591413f7bd88178f4563bd3dbbb5726fa86ad11777f99d5bf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-prod-a-01: Yes
x-content-type-options: nosniff
last-modified: Thu, 09 Dec 2021 18:07:24 GMT
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-ttf
cache-control: public, max-age=754
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368344411_166_1213_8_0_-";dur=1
x-prod-n-01: Yes
content-length: 14370
x-xss-protection: 1;mode=block

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v35/ 49 KB
49 KB 185ms
95ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3642c7e774562f7483d7b0de93dd1759fc6928e85eebd7e62ddae72e9d46c9cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 19:05:20 GMT
x-content-type-options: nosniff
age: 371354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50440
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:13:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 19:05:20 GMT

GET
H2 200 conv_v3.js Show response
cdn.b0e8.com/ 67 KB
22 KB 295ms
14ms Script
application/javascript 35.190.5.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.b0e8.com/conv_v3.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.5.192 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

192.5.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

b1c1a4244de33316bdab018bf75ff07e00117f979075cf8a0c2c7b932b66fe3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:40:30 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline';
age: 2045
x-guploader-uploadid: ADPycdsaPV--slGWyEO2qiQ5zJZQV0nY5Z2U_hbe_viXBLYK94eR54IMM2LJDgZLWDHjvrVZHFXFWR_G3P03joy-AIdjKA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21618
last-modified: Mon, 13 Mar 2023 18:19:37 GMT
server: UploadServer
etag: "1da09eff1b7a39f87215784824e30f30"
vary: Accept-Encoding
x-goog-hash: crc32c=QUzV5A==, md5=HaCe/xt6OfhyFXhIJOMPMA==
x-goog-generation: 1678731577674397
content-language: en
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 21618
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 12 Jul 2023 02:40:30 GMT

GET
H2 404 token.json Show response
www.trendmicro.com/libs/granite/csrf/ 245 B
431 B 13ms
9ms XHR
text/html 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.trendmicro.com/libs/granite/csrf/token.json
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-189-179.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ddb3a051562457ce3d69a677341ad2cccad3a6c7dc6ca563c3a0c7a69ea181e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:34 GMT
content-encoding: gzip
x-prod-a-01: Yes
server: nginx
vary: Accept-Encoding
content-type: text/html; charset=iso-8859-1
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_3245104802_1368344487_20_1982_6_0_-";dur=1
content-length: 206

GET
H2 200 dict.en-US.json Show response
www.trendmicro.com/libs/cq/i18n/ 14 KB
4 KB 40ms
40ms XHR
application/json 2.17.189.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/libs/cq/i18n/dict.en-US.json

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.189.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-189-179.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

da8c4697d246d5dde073b87ff33798d3fc46c4a3c5ca37626292b8efc7c3de99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-prod-n-02: Yes
x-prod-a-01: Yes
x-content-type-options: nosniff
content-encoding: gzip
server: nginx
date: Wed, 12 Jul 2023 02:14:34 GMT
etag: "b91bea50244aae0b72b630e6c7e2791f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json;charset=utf-8
cache-control: public, max-age=87
server-timing: cdn-cache; desc=HIT, edge; dur=25, origin; dur=0, ak_p; desc="469202_3245104802_1368344598_2526_1730_6_0_-";dur=1
content-length: 4080
x-xss-protection: 1;mode=block

GET
H2 200 utag.69.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 9ms
8ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.69.js?utv=ut4.49.202006041752
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 12a49d4af2ec2d95476e6c96c9ab1d6b72314e21a3bad1392102e2142b03c523

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: XYQTxp6K_R9p8QPVRJR6AQjdJXUpm8HM
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"8cd07da6551aade79106cc2a56b17e65"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: aAZQDVMcd0o5Fyn3ogKmXsySOeVjg3n8GQO3PkwtngEPN01geEZkhw==

GET
H2 200 utag.138.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 15ms
15ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.138.js?utv=ut4.49.202010201643
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ef8b9e31459114323164f2e268930207669000845c974187eccf030c8b4dbce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: aa8PsFlZ2Hgkv2085hAGb6XSCFAjKHFA
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:10:25 GMT
last-modified: Mon, 10 Jul 2023 17:44:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 251
x-amz-server-side-encryption: AES256
etag: W/"20dcdb7dbb72f956589e9e1756809b4b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: BZ2iwgTPAn5k-HY36Hr6phFFs39V5b5UiiMBdegeo_zwq-nrSDOtQA==

GET
H2 200 utag.81.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 24 KB
6 KB 15ms
15ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.81.js?utv=ut4.49.202305162129
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86032ce845813767d4974c8a822df7f9e9833412716c4adea9648303aea95849

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: KDf27pcyJXx3Ajli5z0bOMry17UcEwym
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"29e2f5cd7ddcc694cde32ee32d543877"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: XCOQOd6AA5cOYFuTqMeoQKT_hVah3lxO-5OqoQcwjNi5W6MjVIN_5g==

GET
H2 200 utag.29.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 15ms
15ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.29.js?utv=ut4.49.201510262117
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1eec5c0901f05ca5cc50d03c5e87719cb12c5baa40939f7c5c81eae41f4b9732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 0OBX8Wj3GbNqCzJD_4TTV3ePZ.p_Rb2M
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"2d83998941abecc855c21199ca821886"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: sem2RNGk3OG9W5GVcYjuz0IQiDISUQAfYvwfPqn6wRg6ltg4r6PyvA==

GET
H2 200 utag.18.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 16ms
16ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.18.js?utv=ut4.49.201510262117
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ef7128999aa41f7c89193c9c49c881a7ebe0ec0c830bbbd90df2b587a9d1461

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 9szrzexczBHx0TK748cgKfRZtMF_1s6J
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"cd0ec21e2c1199ade63ab0304534738d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: -ub10--CQehEexa61OD5vIK53GOQyrlEtPeuBtRQcy8FDT2iPEbbVA==

GET
H2 200 utag.22.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.22.js?utv=ut4.49.201510262117
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 850b962bd54ae724fe114a2015c4f9ae9a8165fc4a5ba7748597e4859ad10126

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 3S3tD9FF8cWcGmzulFaOp3p9t4h2cHHL
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"ab93ba35b2f409a8117dace78e0c032a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: BxXaP_qookr_V2cbz4iOLMK8adw2XGGA-CVKkeI0FyIT0p0Qa_X78g==

GET
H2 200 utag.9.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 16ms
16ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.49.201510262117
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e5b4ca233557b04b1922e9fabf5a3d434ff25bf480ac31cf9569d5502b9fc950

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: vVNhnDg6LZ0c195w17djx2a9f3KimDWb
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"197f7864b594ba8797cab2e726c67a4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: YVrfNgZtp4KbZCBUV1qinqaQf-TtCdTo-jDJ9O_kEINbFlBjREId7A==

GET
H2 200 utag.43.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.43.js?utv=ut4.49.201510262117
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d733d569018593ba4d7257ffa1d2ff997ac5cc9a5c47e615d4805a9a7326ae33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: E1tAlbxTI4.LBBgheOVv8w9oFp7FGNtT
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"d057e2233b92cca46eda77226cf8fbcd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: _o7LJKZDYHXj5_J9bwqHralBSPmZlVsipYKRP69z5Gdo-Hu0QLD6cg==

GET
H2 200 utag.75.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 16ms
16ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.75.js?utv=ut4.49.201608171750
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1e9fd0cc6ed00115fad2499573553d28fa650ff6ac827537aa62f636e36d5bca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: C3RVHn8_BuvRS4O3BQEMLpXf61BFNsYh
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"b04e40f8fd803006fe159b3f4774071c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 0jWjTq9XeNF4mBR8gilEqn3RFN4H6vLBGRxpAb_4K43cCTtrcro5Qw==

GET
H2 200 utag.115.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 10 KB
3 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.115.js?utv=ut4.49.202109201636
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2cd5c6f15151f54402181f1545bdeaa8751a0194c35833feaeae58504f61352a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: mJvbFN9yKsEvJW63dG0xs7yfuRzY.X9Z
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"9fadffa49c11f80d4b2d50e338febe44"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 6a1eoj3MiS7gZWR6lBiCpt5kJeYROed50mGuJ_mOlc8ZoVbKmDJphA==

GET
H2 200 utag.117.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 17ms
16ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.117.js?utv=ut4.49.202109291943
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2b480ccb1417f45445cda8750a3f106d9f9da5f6d4dd0be650a7059d2c4d25b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: EW4ra9RpvL1ErrM96Fnh0q_ym46NXvIf
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"63f8273bd23a3ddda6d2063f16b62c7f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: N6Q1m_rZ3YtypBPGbS12zEKyTiZbeu4ji0t8XOqFhHwTXuH4AgB3XQ==

GET
H2 200 utag.127.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 118ms
118ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.127.js?utv=ut4.49.201905291644
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c3798a57e46338fe89f29699d3798669b3764c47c40ab8c3222e86fdeaa183c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: ZhM_93iDqRLyImEl5VDYR_OeAduxVN5W
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:14:36 GMT
last-modified: Mon, 10 Jul 2023 17:44:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
etag: W/"c9a7a092cce7438052369e105d83c1e6"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: s7ixdV_T5BqLYIpNCso03PfIG08gLQ-A9PF2RT_0bnpjh-pGKPQgFg==

GET
H2 200 utag.145.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 4 KB
2 KB 18ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.145.js?utv=ut4.49.202305162129
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 13792dfa9c563a70f282920cc74deca499da2085be25160d1d8f3df4a62c574f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: wT.biLgHXaawUA6KMdiskE6VSNaLekXJ
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"d89f03e94b0410c57d50d7184b55a6d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 7B4iftOw--OsMR1NDCnLmGfh1xhoLMYfU6lL5KR98vhFdy_qp3IPVg==

GET
H2 200 utag.151.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 18ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.151.js?utv=ut4.49.202109071517
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db5ea0c0a78110578ca87efd85a98576bffddb7e72f917594e23f57aa8930d23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 64mgCU2NdjPjEJCtKqz9O8hBnaGmojAm
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"083d3c62b1b074364b81fad63aa3ded2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: cKFFfaaInD3Op-MFcbRjuJsig74Yl6jJqrHCYz0-WWsYcXz2AqjNsg==

GET
H2 200 utag.171.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 14 KB
4 KB 18ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.171.js?utv=ut4.49.202307051625
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8552646919994af0c04b0f5e3fe6ce757cc3fe536bbf7d153fdfb0bc93ebe97a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: Wpt65bBVxFs.KtP47vFKxo0A2iQW5hml
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"2297aa6d783851b9e24c065fad4fa241"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: LQB2OopXO37PVYNTpcQc-PKh3R6fI3t_pDQt02fo8GvmYvOw7Qqy6Q==

GET
H2 200 utag.181.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 17ms
16ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.181.js?utv=ut4.49.202210212104
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 34e3e8e071df4405a399fac0b891f405466434ab78b1cda7283676801bd083fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 2MzDKR08OcB00gWOIvgzSPxFIZqPoueB
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:10:27 GMT
last-modified: Mon, 10 Jul 2023 17:44:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 249
x-amz-server-side-encryption: AES256
etag: W/"c6f8bf1e15c27ddc17e4d4a52e8166d4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 4Ao05LJVFgiUiti3BOKfzhq_Ae0sWmOGwTyeun9BndQ70EJL6hTybg==

GET
H2 200 utag.182.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 3 KB
2 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.182.js?utv=ut4.49.202212122044
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e750ccc343c82c8de711cda3e0286120f7b24fe4ed64eedf83caa7e6eb505742

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: _0JpQUlRAH7I_yrtCL5XdRZBB7v.JUwQ
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:10:27 GMT
last-modified: Mon, 10 Jul 2023 17:44:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 249
x-amz-server-side-encryption: AES256
etag: W/"028e7fed5b3b8bd9a78c63afbe5111f0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: H5OH-1FDc1mgYrjdofVXru-QO84MrxAmOkdk2Ux7FnBV3cpjpCQQyA==

GET
H2 200 utag.184.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
2 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.184.js?utv=ut4.49.202302161711
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 65980366624c2c94b641021c0cd411825587bdc2cbc8d6cf84238ca6a23b4d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: W_fNUcswPw3N7tc1o7eHSJ88tZX1r2jk
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:10:27 GMT
last-modified: Mon, 10 Jul 2023 17:44:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 249
x-amz-server-side-encryption: AES256
etag: W/"72954182fd12664e7ad688df69f86934"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: GLzGTPIqKzNFUjxe7fw9UYnOp_a2FgdolbXmTugXG7jH_NwRUauBdw==

GET
H2 200 utag.187.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.187.js?utv=ut4.49.202306210404
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 95bb5431dc66bbf816343df5593b2420833bd45c1792842f105df8ec9538a139

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: D.9v_PCB06fB2ZW5jSvtKVk2Hyncff2T
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"aede3466a92c4c601e78e792729b486d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: otmU8nfACJ24rd17cYlSn47LLwC26C6oF8fA63Xv9iy33Awe-6Xflw==

GET
H2 200 utag.189.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 12 KB
5 KB 17ms
17ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.189.js?utv=ut4.49.202305082144
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3698fc7e31c97eb87d996bdcc97841e9a07a7c85fbe07bdc44ba9d652723887a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: HquOnZScu0ekwHz788TJLAapPsFZX9JO
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:09:48 GMT
last-modified: Mon, 10 Jul 2023 17:44:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 299
x-amz-server-side-encryption: AES256
etag: W/"8e0f8ee3596620cf06fd8257477a4232"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 0ltu9XGST2g3zE8Yfiz8DskDdPM6nFNcnytmHMX562Zzij_adonXfA==

GET
H2 200 utag.192.js Show response
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ 2 KB
1 KB 395ms
394ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.192.js?utv=ut4.49.202305252141
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7699a7c6b907fb736876de9ab4d8411b2c2f2562af034c8c8283bf3ac9c60e70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 6aZW_O8BPTjQnMzWgFFNWbeh2h.Y_ug7
content-encoding: br
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
date: Wed, 12 Jul 2023 02:14:36 GMT
last-modified: Mon, 10 Jul 2023 17:44:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
etag: W/"85db45e57669a15b8e718a07a21fcbd4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: qKl0WM44eN1aMXwt773HnvHFuxCkDwzZ_UMQyfLSbbciUMGZBCbA8g==

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/f2f137c6/www-widgetapi.vflset/ 203 KB
63 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/f2f137c6/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9811e7fd34b988c9cdd407f944154f52be1c39c1a3221f68dd583cf875b3450a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 00:15:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64337
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 01:48:40 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 11 Jul 2024 00:15:25 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 396 KB
94 KB 191ms
107ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5844fdee62548492f0f94e2bb664a8cac96c6d129a28ee5d48d220c741a84468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95626
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 137 KB
53 KB 98ms
49ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MT6DHL8&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0693dd5edc411e865c967df2f0980a09d1bd653fc23b8ff5df10349b0dd344ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53435
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 167ms
38ms Script
text/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.29.js?utv=ut4.49.201510262117

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 02:13:50 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 45
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Wed, 12 Jul 2023 04:13:50 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 38ms
6ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 02:14:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 342ms
14ms Script
application/javascript 91.228.74.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.168 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
etag: "sLp6xTjO7svFVaOemhLWUQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Wed, 19 Jul 2023 02:14:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 123ms
39ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 01:04:37 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4198
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 12 Jul 2023 03:04:37 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 145ms
48ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

ac1928b4eed775725d2c16502e1aefa6b1bb11569e9e3904a77a91470dcf65b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16519
x-xss-protection: 0
server: cafe
etag: 5789111909933878205
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H2 200 insight.min.js Show response
sjs.bizographics.com/ 1 KB
690 B 308ms
7ms Script
application/x-javascript 2a02:26f0:3100::1735:28a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://sjs.bizographics.com/insight.min.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.43.js?utv=ut4.49.201510262117

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a59dc65855e86e08b66245adcdfda19081d45e5f9b9ede39cc18af792e45c6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Jul 2023 13:00:13 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=39097
accept-ranges: bytes
content-length: 479

GET
H2 200 revenuepulse-lib-v3.js Show response
resources.trendmicro.com/rs/945-CXD-062/images/ 2 KB
1 KB 301ms
134ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.trendmicro.com/rs/945-CXD-062/images/revenuepulse-lib-v3.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 May 2023 01:55:33 GMT
server: cloudflare
etag: "4414cc-6f3-5fb89845fee08"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 7e55c6081dcd9164-FRA
content-length: 695
expires: Wed, 12 Jul 2023 02:15:35 GMT

GET
H2 200 ktag.js Show response
resources.xg4ken.com/js/v2/ 9 KB
4 KB 120ms
30ms Script
application/javascript 99.80.55.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.xg4ken.com/js/v2/ktag.js?tid=KT-N3AA7-3EB

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.80.55.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-80-55-69.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6269bafb85bd4d4fed6589655f7e0b8b612397226168098f95d3507848075f6d

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
last-modified: Mon, 14 Nov 2022 12:23:07 GMT
server: nginx
etag: "6372332b-dd8"
content-type: application/javascript
cache-control: max-age=86400, public
content-length: 3544
x-xss-protection: 1; mode=block
expires: Thu, 13 Jul 2023 02:14:35 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 27ms
11ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 12 Jul 2023 02:14:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: RmPWRQdwOQSI1t0z+aSxwd3h0bxhRksdi2AXiAN3WVl/H6DtpI0ZAaldEzzUAg+12XErfDGUo4m4qmVMLGbuoQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 35 KB
11 KB 42ms
7ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 May 2023 00:27:16 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64641f64-8a3f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 11052
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H2 200 sv2uuh4gw3ms.js Show response
js.driftt.com/include/1689128100000/ 213 KB
60 KB 583ms
314ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1689128100000/sv2uuh4gw3ms.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.151.js?utv=ut4.49.202109071517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5eb019e359fbb25ee979392549a9b4218b5908dfab4856b8c79c10d78e7e80bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: yrthcx18fSw4JgfLpIuUeZPGC3LDaCmZ
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Wed, 12 Jul 2023 02:14:36 GMT
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Thu, 29 Jun 2023 19:06:59 GMT
server: istio-envoy
etag: W/"75bd77d2f62545286bbf96d0d5ff309e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BdNpOzXR_8t7G-xtK7_jeLBblhxEgYOuFVj7JphQWRAybS173SU_iQ==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 1047ms
10ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230104-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
88 KB 77ms
76ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a9543c7b9d74f3d881d3557c48987098d6a428c4c18a25f3d15b0d644757bfc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89508
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H/1.1 200
OK pixel.js Show response
origin.acuityplatform.com/event/v2/ 2 KB
3 KB 300ms
9ms Script
application/javascript 23.56.201.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://origin.acuityplatform.com/event/v2/pixel.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.201.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-201-15.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 /
Resource Hash: 89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 02:14:35 GMT
Last-Modified: Wed, 04 Jan 2023 18:57:40 GMT
Server: nginx/1.14.0
ETag: "63b5cc24-978"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2424

GET
H2 200 / Show response
load.sumome.com/ 2 KB
2 KB 579ms
7ms Script
text/javascript 169.150.247.37
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumome.com/
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-247-37.datapacket.com
Software: BunnyCDN-DE1-1080 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: AWAG2VMC0X0TVY7Y
cdn-cachedat: 07/07/2023 01:42:14
cdn-pullzone: 53731
x-amz-id-2: bL694RuqFWYojQfMWiwGJFtkoLfi300scoxG2Otl/i4thS6aB/ktFgCQFOHqQz8oUUskwGXyFXM=
last-modified: Wed, 05 Oct 2022 16:50:13 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
cdn-requestid: 19ce7692dc11e223542a3e1c955ce87e
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 equally-widget.min.js Show response
widget.equally.ai/ 933 KB
256 KB 47ms
16ms Script
application/javascript 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.equally.ai/equally-widget.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.187.js?utv=ut4.49.202306210404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f05dd8d672174616de12f9b724a33cf82796fe6319db0e757d12787392eaa5b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 08:00:36 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 65640
etag: W/"59d1b78ed4db39823bd12b14015c17c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: xgq_ipautBClgEov6sMa0iRBJxOGmrsUXfthAgPU_ShtGTPuAikSNA==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 389ms
30ms Script
text/javascript 104.18.13.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.127.js?utv=ut4.49.201905291644
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.13.159 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 32694
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7e55c60a5fc30408-FRA
expires: Wed, 12 Jul 2023 02:34:35 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
6 KB 9ms
7ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 02:14:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Fri, 20 Oct 2023 02:14:35 GMT

GET
H2 200 brightedge3.php
a1.b0e8.com/ 35 B
226 B 304ms
21ms Image
image/gif 34.111.78.58
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a1.b0e8.com/brightedge3.php?id=f00000000017219&p_id=JR6NLA28RJ24R2NR2N6JR8LRAAAAAAAAAH&bf=955313392b6de5d9a2591062ba95d2de&url=https%3A//www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html&ref=&bn=1&bv=3.46&title=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&metadesc=&metakeywords=latest%20news%2Cmalware%2Cresearch%2Ccyber%20threats&s_id=JR6NLA28RJ24RJ2RPR2JR8LRAAAAAAAAAH
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.78.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 58.78.111.34.bc.googleusercontent.com
Software: bws/1.0 /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-be-pop: BRU-1-301
date: Wed, 12 Jul 2023 02:14:34 GMT
via: 1.1 google
last-modified: Wed, 23 Jun 2021 22:46:15 GMT
server: bws/1.0
etag: "60d3b9b7-23"
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 243552383039605 Show response
connect.facebook.net/signals/config/ 378 KB
108 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/243552383039605?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

41a27a9fa0aac6bb3cd619f91090bed5db0ea85aa47cc2057510e26e3853575c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 12 Jul 2023 02:14:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110313
x-xss-protection: 0
pragma: public
x-fb-debug: vVN0Kcbm0E4ATp/upjHY1dCX2cyNehlQ936wzp4hEVScakT3TBOFqtBx7Zd4Rt43QxvnebrKXTC0s1bribElRA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 51 B
323 B 606ms
39ms XHR
application/json 23.215.21.253
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=KL7L2-AE63W-6L875-PUGB2-GU2BB&d=www.trendmicro.com&t=5630427&v=1.720.0&sl=0&si=a8cdcc71-deb4-4331-b241-55bd5d047e19-rxnvk7&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=807181
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.215.21.253 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-21-253.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3c32db3e0a7ce1e76ba9ed6a2325f2a79e5a78a91607a35e8a2fe72267c13f2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 12 Jul 2023 02:14:36 GMT
Cache-Control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 51
Content-Type: application/json

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
578 B 1300ms
13ms XHR
application/json 185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
an-x-request-uuid: f9397736-fe62-4d0e-80b8-f0cdb4a47365
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.trendmicro.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.193; 185.213.155.193; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 8ms
7ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.trendmicro.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
305 B 49ms
11ms XHR
text/html 2a02:26f0:ab00::5c7a:d72a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::5c7a:d72a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c6670ba74f4332547bf31bf9937a31573a81a16e7f1ccc10b8d7c86ff5ce6e2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.trendmicro.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:6:f011::7e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469202_1551554342_40893799_24_730_6_0_-";dur=1
content-length: 20
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 49ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=243552383039605&ev=PageView&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&rl=&if=false&ts=1689128075497&sw=1600&sh=1200&v=2.9.111&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1689128075495.8608084&cs_est=true&it=1689128075464&coo=false&rqm=GET

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:34:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1129
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 12 Jul 2023 02:34:23 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
811 B 40ms
39ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 12 Jul 2023 03:03:53 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 263 KB
87 KB 65ms
60ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MT6DHL8&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e60ddc42b5a5313af35fb03e659d9ad6c0e654e77e9b53b61308b949bdacec20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88584
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 12 Jul 2023 02:14:35 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/1015287688/ 3 KB
2 KB 50ms
49ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1015287688/?random=1689128075534&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

c3ce2e555de1ff1f6d93d5b04804b49b8a7a58db95efd73633b04469a62953bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1486
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 293ms
292ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=null&visitor=0ad1fe9d-551e-4dda-8106-6a65a12ef387&session=a7e4dc4f-1bae-47c5-8086-f7eba556275e&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A7e%22%7D&isIframe=false&m=%7B%22description%22%3Anull%2C%22keywords%22%3A%22latest%20news%2Cmalware%2Cresearch%2Ccyber%20threats%22%2C%22title%22%3A%22Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&pageViewId=9c6e5c01-76bf-40e2-8f98-6fd8af07c9c9

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 46ms
45ms Image
image/gif 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1985200817&utmhn=www.trendmicro.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&utmhid=1653703114&utmr=-&utmp=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&utmht=1689128075558&utmac=UA-29051577-12&utmcc=__utma%3D44797537.1151377426.1689128076.1689128076.1689128076.1%3B%2B__utmz%3D44797537.1689128076.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1720041602&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAABAAAE~

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 340ms
109ms Script
text/javascript 3.210.10.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.192.js?utv=ut4.49.202305252141
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.10.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-10-81.compute-1.amazonaws.com
Software: /
Resource Hash: 4974edb305c1eb164de890732645672c21ca61781bc396e5cbc01bc0520fcdfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 12 Jul 2023 02:14:35 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
432 B 17ms
16ms Script
application/javascript 2600:9000:223e:de00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=trendmicro/nabucms/202307101743&cb=1689128075606
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:de00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Wed, 12 Jul 2023 02:11:44 GMT
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 172
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: f6fh4rXT_Kw9oHhZxMAO42AoJUqWWDpvHE6Sa-IX5SoEPKJIq7-uzA==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
210 B 49ms
49ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1653703114&t=pageview&cu=&_s=1&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&ul=en-us&de=UTF-8&dt=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=44797537.1151377426.1689128076.1689128076.1689128076.1&_utmz=44797537.1689128076.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1689128075644&_u=aGBCCAIrBAAAACAMIg~&cid=1151377426.1689128076&tid=UA-44592531-1&_gid=1131596037.1689128076&_slc=1&cd15=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&cd2=Mahmoud%20Zohdy%7CThreat%20Researcher%2CSherif%20Magdy%7CThreat%20Researcher%2CMohamed%20Fahmy%7CThreat%20Researcher&cd3=2023-07-11&z=377274497

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trendmicro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 746 B
585 B 27ms
12ms XHR
application/json 52.57.57.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.57.222 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-57-222.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 188ed90abe595d002972d6451c908f1ad1fd4d49603ae48084ed0314fdfafdb1

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
Authorization: Token f0978075a275d14104571cd0b3e9919c9748869b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.trendmicro.com
access-control-allow-credentials: true
content-length: 398

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 47ms
8ms Preflight 52.57.57.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.57.222 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-57-222.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.trendmicro.com
access-control-max-age: 1800
date: Wed, 12 Jul 2023 02:14:35 GMT
server: nginx

GET activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=5665829723980;gtm=45He37a0;auiddc=416777788.1689128076;u1=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.h...
5427711.fls.doubleclick.net/ Frame DEE7 0
0

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 69ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 12 Jul 2023 02:14:35 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 35D2E085EA464CB9895B9A80A701A13F Ref B: FRAEDGE1507 Ref C: 2023-07-12T02:14:35Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/929919117/ 3 KB
2 KB 152ms
57ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/929919117/?random=1689128075679&cv=11&fst=1689128075679&bg=ffffff&guid=ON&async=1&gtm=45He37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&hn=www.googleadservices.com&frm=0&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&auid=416777788.1689128076&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aabadabee2129c884ffcc9a4a4125235df60c82531664af4b91c78aa4518b7bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1376
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activityi;src=9572106;type=trend002;cat=globa0;ord=719415800906;gtm=45He37a0;auiddc=416777788.1689128076;u1=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;u...
9572106.fls.doubleclick.net/ Frame EBA4 0
0

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 1046ms
7ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 09:05:50 GMT
Content-Encoding: gzip
Via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 66838
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: bZ-lNrADD9PH5mZHgj0yU3v0DOp0jLjdS0mwaOU4T8FPRC8YnaDrFg==

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://marvel-b1-cdn.bc0a.com/f00000000017219/s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000017219&url=https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.trendmicro.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687

0
234 B

410ms
364ms

Image
application/json

2600:9000:2251:2c00:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Server: 2600:9000:2251:2c00:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:38 GMT
via: 1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: PtKlZjw777zEt9Mf1BkgVBUslLQeW9-fRV_eVTMmeW7h1yLHNbSB0g==
content-length: 0
apigw-requestid: H7bmPjOToAMEVUg=

Redirect headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:37 GMT
an-x-request-uuid: 18eea64c-b37f-4714-831e-f882ebd102bf
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687
x-proxy-origin: 185.213.155.193; 185.213.155.193; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK visitWebPage
945-cxd-062.mktoresp.com/webevents/ 2 B
318 B 701ms
95ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://945-cxd-062.mktoresp.com/webevents/visitWebPage?_mchNc=1689128075710&_mchCn=&_mchId=945-CXD-062&_mchTk=_mch-trendmicro.com-1689128075709-86302&_mchHo=www.trendmicro.com&_mchPo=&_mchRu=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 02:14:36 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: d48b9686-23d5-4c88-a309-1dfcfb52dfb6

GET
H2

200

/
www.google.de/pagead/1p-conversion/1015287688/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTy...
https://www.google.com/pagead/1p-conversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&...
https://www.google.de/pagead/1p-conversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u...

42 B
108 B

101ms
54ms

Image
image/gif

2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIyNmxt4yIgAMVBcO7CB1Pig3w&is_vtc=1&ocp_id=iwyuZIjoIYWG7_UPz5S2gA8&random=682349906&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/1015287688/?random=1014405695&cv=9&fst=1689128075534&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIyNmxt4yIgAMVBcO7CB1Pig3w&is_vtc=1&ocp_id=iwyuZIjoIYWG7_UPz5S2gA8&random=682349906&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 286ms
286ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=null&visitor=0ad1fe9d-551e-4dda-8106-6a65a12ef387&session=a7e4dc4f-1bae-47c5-8086-f7eba556275e&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22f0978075a275d14104571cd0b3e9919c9748869b%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22810eb8f4ed8abcee5cd1e233263d8d3f%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2012%20Jul%202023%2002%3A14%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3Anull%2C%22keywords%22%3A%22latest%20news%2Cmalware%2Cresearch%2Ccyber%20threats%22%2C%22title%22%3A%22Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&pageViewId=9c6e5c01-76bf-40e2-8f98-6fd8af07c9c9

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 162 KB
60 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-44592531-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

56973f9e418401b76a5c15b4f04f3ca9731641b987a07099e12fbd3bfc162bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61018
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Jul 2023 02:14:35 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 60ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-4502MK3B94&gtm=45je37a0&_p=1653703114&gdid=dYmQxMT&cid=1151377426.1689128076&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1689128075&sct=1&seg=0&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&dt=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&en=page_view&_fv=1&_ss=1&_ee=1&ep.consumer=not_consumer
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trendmicro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 39ms
8ms Script
application/x-javascript 2a02:26f0:3100::1735:28c0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: sjs.bizographics.com
URL: https://sjs.bizographics.com/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28c0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 656
date: Wed, 12 Jul 2023 02:14:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Jun 2023 22:21:38 GMT
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=17442
accept-ranges: bytes
content-length: 4777

GET
H2 200 rules-p-yyb3JEF9Pm8ey.js Show response
rules.quantcount.com/ 3 B
448 B 36ms
7ms Script
application/javascript 2600:9000:223c:e600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-yyb3JEF9Pm8ey.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:e600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 06:30:45 GMT
via: 1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 71062
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 21:25:15 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: n5n5qwjRnKA0KtZ1qX74vDzqYAq3UKVt7iQmUs9rrOtRbantGVUzhQ==

GET
H/1.1 200
OK pj Show response
e.acuityplatform.com/ 1 KB
2 KB 1138ms
15ms Script
text/javascript 154.59.122.94
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://e.acuityplatform.com/pj?pk=5371219865983838496&pu=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 154.59.122.94 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: 02b968e5612a461f91a35f423ce0b6eebfb3b3d07f6b8e5a5a1dfadaac95a403

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Content-Length: 1072
Content-Type: text/javascript

GET
H2 204 26044208.js Show response
bat.bing.com/p/action/ 0
116 B 100ms
100ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/26044208.js

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 12 Jul 2023 02:14:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ABFD687BEAC04D1DAD9895251CE81356 Ref B: FRAEDGE1507 Ref C: 2023-07-12T02:14:35Z
x-cache: CONFIG_NOCACHE

GET
H2 200 /
www.google.com/pagead/1p-user-list/929919117/ 42 B
455 B 70ms
50ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/929919117/?random=1689128075679&cv=11&fst=1689127200000&bg=ffffff&guid=ON&async=1&gtm=45He37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&frm=0&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&fmt=3&is_vtc=1&random=2667393226&rmt_tld=0&ipr=y

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/929919117/ 42 B
455 B 138ms
53ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/929919117/?random=1689128075679&cv=11&fst=1689127200000&bg=ffffff&guid=ON&async=1&gtm=45He37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&frm=0&tiba=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&fmt=3&is_vtc=1&random=2667393226&rmt_tld=1&ipr=y

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 45ms
45ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1653703114&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&ul=en-us&de=UTF-8&dt=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=44797537.1151377426.1689128076.1689128076.1689128076.1&_utmz=44797537.1689128076.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1689128075993&_u=aGDCCUIrBAAAACAMIg~&jid=1791691593&gjid=416044437&cid=1151377426.1689128076&tid=UA-44592531-1&_gid=1131596037.1689128076&_r=1&gtm=457e37a0&jsscut=1&z=2122817631

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trendmicro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 157ms
113ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1279657&r=1689128076005&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 12 Jul 2023 02:14:36 GMT
expires: Wed, 12 Jul 2023 02:14:36 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdtGxgKn-lgftYgrR5LC4vnghxr-2Q2yt5cuDRVAjeixBCNAI6dL7WxI7pbbDxqKNDxhl4Kx1SknMfkw4TmKjla-

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
463 B 120ms
119ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1279657&r=1689128076005&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&version=2.4
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1279657
Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdva2o7Zlzyo2sOhGKkpJm8c3HBx1S7Ra0QGQTu8gEGw5EH4L92WmkBB_hYP7qmm6C9U7jFVirQIY2Irr3knb9Gi
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 12 Jul 2023 03:14:36 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 7ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=243552383039605&ev=Microdata&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&rl=&if=false&ts=1689128076009&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader%22%2C%22meta%3Akeywords%22%3A%22latest%20news%2Cmalware%2Cresearch%2Ccyber%20threats%22%7D&cd[OpenGraph]=%7B%22article%3Apublished_time%22%3A%222023-07-11%22%2C%22article%3Atag%22%3A%22malware%22%2C%22article%3Asection%22%3A%22latest%20news%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html%22%2C%22og%3Atitle%22%3A%22Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader%22%2C%22og%3Asite_name%22%3A%22Trend%20Micro%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.trendmicro.com%2Fcontent%2Fdam%2Ftrendmicro%2Fglobal%2Fen%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader%2FUniversalRootkitLoader-Header.jpg%22%2C%22og%3Alocale%22%3A%22en_US%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.111&r=stable&a=tmtealium&ec=1&o=30&fbp=fb.1.1689128075495.8608084&it=1689128075464&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 12 Jul 2023 02:14:36 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/8866/domain/trendmicro.com/ 36 B
375 B 58ms
8ms XHR
application/json 2600:9000:20eb:7e00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/8866/domain/trendmicro.com/token
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:7e00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 01:29:18 GMT
content-encoding: gzip
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 2718
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: tZKyvuaR19dE6zOqgHZVOtbjgXMB2woHzWAi6cfhPGQw_a0V3CBFWw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.htm...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8866%26time%3D1689128076012%26url%3Dhttps%253A%252F%252Fwww.trendmicro.com%252Fen...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.htm...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.ht...

0
265 B

416ms
149ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&cookiesTest=true&liSync=true&e_ipv6=AQKhQh-xLedbhgAAAYlH4QUvdd_9lZGdwMVCQZ7TqqlLnqDmS1wYMvOUDiTUR78qmZnDFeuq
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B5D920280DF849C7A80B72B16C56E6CC Ref B: FRAEDGE2015 Ref C: 2023-07-12T02:14:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYAQMcChdikwUypQUjF4g==

Redirect headers

date: Wed, 12 Jul 2023 02:14:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 13055011FF45413EA1CB0F1DDA58B897 Ref B: FRAEDGE1122 Ref C: 2023-07-12T02:14:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1689128076012&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&cookiesTest=true&liSync=true&e_ipv6=AQKhQh-xLedbhgAAAYlH4QUvdd_9lZGdwMVCQZ7TqqlLnqDmS1wYMvOUDiTUR78qmZnDFeuq
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYAQMb8Jp1cU7mf+u20jg==

GET
H2 200 pixel;r=1183326564;rf=0;a=p-yyb3JEF9Pm8ey;url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;uht=2;fpan=1;fpa=P0-1217862033-...
pixel.quantserve.com/ 35 B
371 B 26ms
9ms Image
image/gif 91.228.74.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1183326564;rf=0;a=p-yyb3JEF9Pm8ey;url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;uht=2;fpan=1;fpa=P0-1217862033-1689128075894;pbc=;ns=0;ce=1;qjs=1;qv=c818c8ec-20230509111053;cm=;gdpr=0;ref=;d=trendmicro.com;dst=0;et=1689128076015;tzo=0;ogl=url.https%3A%2F%2Fwww%252Etrendmicro%252Ecom%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-univer%2Ctitle.Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader%2Csite_name.Trend%20Micro%2Cimage.https%3A%2F%2Fwww%252Etrendmicro%252Ecom%2Fcontent%2Fdam%2Ftrendmicro%2Fglobal%2Fen%2Fresearch%2F23%2Fg%2Fhuntin%2Clocale.en_US;ses=b7eb86ca-1b02-42f9-bf0a-658eeab93499;mdl=

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.168 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 108ms
108ms Stylesheet
text/css 3.210.10.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.10.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-10-81.compute-1.amazonaws.com
Software: /
Resource Hash: 5a0deae67410acca63b6c0199ab8265193d814fa1f47258267aaff0330b4f78b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 12 Jul 2023 02:14:36 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 320ms
106ms Fetch
image/jpeg 3.210.10.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.10.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-10-81.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 12 Jul 2023 02:14:36 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
351 B 308ms
19ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-44592531-1&cid=1151377426.1689128076&jid=1791691593&gjid=416044437&_gid=1131596037.1689128076&_u=aGDCCUIrBAAAACAMIg~&z=1495422294

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 12 Jul 2023 02:14:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trendmicro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 44ms
19ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
content-encoding: br
cdn-edgestorageid: 1082
x-amz-request-id: DWH3EZTXQGETBFDB
cdn-cachedat: 01/05/2023 13:19:16
cdn-pullzone: 53731
x-amz-id-2: Rw1xVINT2j50j9I6kG8DKvMCsaenbxK7VMBQ0tvyDvTYd5p/peDoVzbf2snyDrK0p3sjxYcqUro=
last-modified: Wed, 05 Oct 2022 16:49:50 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 98966c252014f431a08c6008906c66cd
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 31ms
6ms Script
text/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
content-encoding: br
cdn-edgestorageid: 1081
x-amz-request-id: DWH88T81ZZEBPF44
cdn-cachedat: 01/05/2023 13:19:16
cdn-pullzone: 53731
x-amz-id-2: jOqTwrO7CKADB6A99P2KE8erCfBGDinliCUfMCHx9ofCH5Hyp/WWaFB+LMZTpDm3rXJNnXg+404=
last-modified: Wed, 05 Oct 2022 16:49:51 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-requestid: 9bb5e013595bad75a4bdfc30bff35816
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
BLOB 200
OK 606e73cd-ffd6-406a-b41d-a9ca86c065cd
https://www.trendmicro.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.trendmicro.com/606e73cd-ffd6-406a-b41d-a9ca86c065cd
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 163 B
359 B 108ms
108ms XHR
text/plain 3.210.10.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=1j7Ig4BaDD-2O7rpgSDWYw&is_js=true&landing_url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&t=Hunting%20for%20A%20New%20Stealthy%20Universal%20Rootkit%20Loader&tip=JfZI-khEaXqF3hKw1CAarJ_V7Dh2N8bAxHKKYLix9TQ&host=https://www.trendmicro.com&sa_conv_data_css_value=%270-05047fe2-12d4-5631-4ab2-5958629e8175%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd905047fe212d456314ab25958629e8175b9d59bc1&sa-user-id-v2=s%253ABQR_4hLUVjFKsllYYp6BdbnVm8E.kZHAXvrb75FVFHN%252FOwrgplYDgDAW1V4QjtNVn0wR2vU&sa-user-id=s%253A0-05047fe2-12d4-5631-4ab2-5958629e8175.fSEoLkWV3mq0sXVoT7NMKdttaZ9zAHcvaMw6ErE7pk8
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.10.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-10-81.compute-1.amazonaws.com
Software: /
Resource Hash: 7aa5165924f115f6e8c64a1e2d6bf238c5f33665fac27c6d69ba9e05a6bc701a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.trendmicro.com
date: Wed, 12 Jul 2023 02:14:36 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 163
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 51ms
49ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-44592531-1&cid=1151377426.1689128076&jid=1791691593&_u=aGDCCUIrBAAAACAMIg~&z=767455704

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 49ms
48ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-44592531-1&cid=1151377426.1689128076&jid=1791691593&_u=aGDCCUIrBAAAACAMIg~&z=767455704

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 184ms
184ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 212ms
183ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=fd47de89-1de6-40ce-b622-e869e339180e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ae2f0de8-dc0d-4c14-bbb4-852811bfd23c&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tw_iframe_status=0&txn_id=oalxs&type=javascript&version=2.3.29

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 174
date: Wed, 12 Jul 2023 02:14:36 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 9e7b322580ceafb9
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 7eab0d6af68809194512cc19bce5e18c584b3aa1cdff60b73c5af254dfee9299
content-length: 43

GET adsct
analytics.twitter.com/1/i/ 0
0

GET
H2 200 adsct
t.co/1/i/ 43 B
204 B 211ms
187ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1f88f442-023d-429e-ab1d-2a84ee8a2b3e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ae2f0de8-dc0d-4c14-bbb4-852811bfd23c&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tw_iframe_status=0&txn_id=nuwoi&type=javascript&version=2.3.29

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 180
date: Wed, 12 Jul 2023 02:14:36 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: fdebae2f319498f2
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 7eab0d6af68809194512cc19bce5e18c584b3aa1cdff60b73c5af254dfee9299
content-length: 43

GET adsct
analytics.twitter.com/1/i/ 0
0

GET
H2 200 config Show response
api.equally.ai/api/v1/widget/ 16 KB
16 KB 131ms
131ms XHR
application/json 44.196.174.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=0325cbac1a139aa79e612cd088303e97
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.174.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-174-154.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 261f7e2d8cf88b7864ad3fbfa973a3a960c5ee2f871863db02c54c54fe1984af

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
X-Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 12 Jul 2023 02:14:37 GMT
server: nginx
content-length: 16627
apigw-requestid: H7bmHg6UIAMEJ0Q=
content-type: application/json

OPTIONS
H2 204 config
api.equally.ai/api/v1/widget/ Frame 0
0 337ms
116ms Preflight 44.196.174.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=0325cbac1a139aa79e612cd088303e97
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.174.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-174-154.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-referer
Access-Control-Request-Method: GET
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: H7bmGiNuoAMEJIA=
date: Wed, 12 Jul 2023 02:14:37 GMT
server: nginx

OPTIONS
H2 204 config
api.equally.ai/api/v1/widget/ Frame 0
0 106ms
106ms Preflight 44.196.174.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=0325cbac1a139aa79e612cd088303e97
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.174.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-174-154.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-referer
Access-Control-Request-Method: POST
Origin: https://www.trendmicro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: H7bmJg93oAMEJgg=
date: Wed, 12 Jul 2023 02:14:37 GMT
server: nginx

GET
H2 200 OpenDyslexic-Regular.otf
widget.equally.ai/fonts/ 213 KB
136 KB 24ms
8ms Font
font/ttf 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.equally.ai/fonts/OpenDyslexic-Regular.otf
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dd11c8008b7eab2ea917b46defaea238cddfb05bff238f92b52eccd072401c29

Request headers

Referer: https://www.trendmicro.com/
Origin: https://www.trendmicro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:38:09 GMT
content-encoding: gzip
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 79217
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
etag: W/"a8330e9d483bfacd2e974f09e19a0b52"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET
content-type: font/ttf
access-control-allow-origin: *
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: 5WlrBQ1hRHO211M50Wnsk5dIayBdSPATxVLY36jOYRLKgAcQs-DZUQ==

POST
H2 200 config Show response
api.equally.ai/api/v1/widget/ 27 B
158 B 136ms
135ms XHR
application/json 44.196.174.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.equally.ai/api/v1/widget/config?apiKey=82MjGgGBc5p9X1otEipH&userID=0325cbac1a139aa79e612cd088303e97
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.174.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-174-154.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 16270c15435abfbd1e22c9a06378d29d8823f68d61216d61422d1b0b0643e776

Request headers

Referer: https://www.trendmicro.com/
accept-language: de-DE,de;q=0.9
X-Referer: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 12 Jul 2023 02:14:37 GMT
server: nginx
content-length: 27
apigw-requestid: H7bmKiN8IAMEJEQ=
content-type: application/json

GET
H2 200 en.json Show response
widget.equally.ai/locales/ 11 KB
4 KB 8ms
8ms Fetch
application/json 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.equally.ai/locales/en.json
Requested by: Host: widget.equally.ai
URL: https://widget.equally.ai/equally-widget.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 62397e880d321a76a895a59a25ad7c322339b8d0a38725d8d8f02933849f36ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 09:15:54 GMT
content-encoding: gzip
via: 1.1 a23fc047c59f0902384fa94644607c00.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 61150
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
etag: W/"d60b8ef7554b56a9831a07675d038e5d"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET
content-type: application/json
access-control-allow-origin: *
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: tEnyT4dBsdcf5XJRwOwM9uxlrNgyrUSeEQU4trc8ove9dCFn3stmJg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 281ms
281ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 equallyai-widget.css
widget.equally.ai/ Frame 5A11 32 KB
7 KB 8ms
7ms Stylesheet
text/css 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.equally.ai/equallyai-widget.css
Requested by: Host: widget.equally.ai
URL: https://widget.equally.ai/equally-widget.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a28484c80af69892fcb64ee2186d0f9ebc96b371628e4099c6275077caf8fec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:12:12 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46982
x-amz-server-side-encryption: AES256
etag: W/"cf8acde581e32d159ff654819561fd14"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: TH7_zP4Xblu_0kZHbVD6OW-w8LloMm-B13fHsLRPRpylG0jDiawAvw==

GET
H2 200 en.svg
widget.equally.ai/flags/ Frame 5A11 1 KB
822 B 9ms
7ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/en.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a8f57ae36e7533f330d488d78955b84759053d8890dbc12a940f5f16c0169c47

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:30:15 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 81863
x-amz-server-side-encryption: AES256
etag: W/"ebf36f856cee41bb0004b1be873bc62f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: si7WcRAQkjPpBsflH0aGq9hVHJzZy2sw1H0teRTYAn1tdC1vn0NVCA==

GET
H2 200 es.svg
widget.equally.ai/flags/ Frame 5A11 148 KB
36 KB 11ms
8ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/es.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f8b2beb661f2060ad9acfc574d17fb9b51d984c3ec4559defc2360a1192ba667

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 04:47:48 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 77695
x-amz-server-side-encryption: AES256
etag: W/"ce15a45bbe7193fd267a2b79f695f851"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: Z2HCr6DEI66ui2f-mhDuT3iwR91lmfP-AhIRPq1BvBVwdB3r-G8YWA==

GET
H2 200 de.svg
widget.equally.ai/flags/ Frame 5A11 411 B
778 B 11ms
8ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/de.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 22c3fd46dc28317aef90042c0753148aa68707737146640e11165d6df6c02178

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 09:58:03 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 58595
x-amz-server-side-encryption: AES256
etag: "53d375e4d05c0f07c61381c149666a95"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 411
x-amz-cf-id: etScB-NTuhDxaOpABXltNF5NcjRpDc_Kw_2CyL7OJJF9XY9-s6Yh9Q==

GET
H2 200 pt.svg
widget.equally.ai/flags/ Frame 5A11 11 KB
5 KB 12ms
9ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/pt.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 42f2a22d45c6f2d8ba1ebc17ed8b417762baeed4f314c68deb39d8534b8f8ab0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:52:58 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 80966
x-amz-server-side-encryption: AES256
etag: W/"3db75d5500aac310ba9be72fe78c09a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: rOhtULYr_543H9Je9UHpNGCzjoyZTu7CBaHOtYSKDweNl5OTH60HQA==

GET
H2 200 fr.svg
widget.equally.ai/flags/ Frame 5A11 468 B
835 B 12ms
9ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/fr.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3d85ea6dbd284d131f55a919eccaf1eb6bc6b8b57804859ee984bc57bb931a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "aba229ec8b9399af14875fba8715b4e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 468
x-amz-cf-id: 3_bdHAodA9hbBHwv6Qq7i81CeNcWX45utcMBuC8kZUHoTZSxQb7eUg==

GET
H2 200 it.svg
widget.equally.ai/flags/ Frame 5A11 202 B
551 B 12ms
9ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/it.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 985a85728ad37064b2b77bf64f50abedc823aee1f9f85918aa1adbb54e6af176

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 02:26:14 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 85704
etag: "4f6374bbba141514028cfee25e6b8b50"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 202
x-amz-cf-id: DWn4BhDxT0LFhtn2ewHZnQDYVX6KZdSecngRDE_GL4OEk5JCAvwDsA==

GET
H2 200 ru.svg
widget.equally.ai/flags/ Frame 5A11 232 B
600 B 13ms
10ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/ru.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a8b719965d947ab374c07d0da488c475e73334fc9ca9f2c970f0c176ea609f0c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:52:58 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 80966
x-amz-server-side-encryption: AES256
etag: "8c35008bdd453eb7092e5589433ee345"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 232
x-amz-cf-id: _7NzehQqqm8nJe2vXCa-EIZPGXxmmm1u6qxPkKcCaPguvqsQhAzHzQ==

GET
H2 200 nl.svg
widget.equally.ai/flags/ Frame 5A11 175 B
542 B 14ms
11ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/nl.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0d04d9eadc49c5514881c1c3f7c465a10a37ead378bc5e61cf96fdfcb3599e54

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 08:13:14 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 64884
x-amz-server-side-encryption: AES256
etag: "5f6ef944bbde5608a5cfd566abc3a61a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 175
x-amz-cf-id: JUC1u0NGSrqSR-gEEsNX7wRM-g7860t297FtHXTu7WGrOWOUQuadPw==

GET
H2 200 pl.svg
widget.equally.ai/flags/ Frame 5A11 142 B
507 B 12ms
10ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/pl.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 608e5ed6a0820b02ac00e5ee7457a9822b5e5c1be9cba69d17c5a3e9ca4a4377

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "e2afe0f6676f52f2142f71e9b3570e81"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 142
x-amz-cf-id: GWk7a4t7vX7oEHru0I8hcgL8h4A-Mc02UBff05bZnD955YXAysxKzg==

GET
H2 200 bg.svg
widget.equally.ai/flags/ Frame 5A11 294 B
660 B 13ms
10ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/bg.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3beaf2aa05abc754a560f723315ba58156356abc654d952382c6e6bb60cfb7f2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 08:18:51 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 64547
x-amz-server-side-encryption: AES256
etag: "d35abad4c97cd9e2b3cc342cb745d11d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 294
x-amz-cf-id: oiWfDBILLcy11-r2W6fXiTN-379wRDdqOFrv6qGKl3PPms2EefMsqw==

GET
H2 200 he.svg
widget.equally.ai/flags/ Frame 5A11 856 B
1 KB 18ms
15ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/he.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0d86756671757b1622e49e7b1405334d749dc18b0377b422fa0b8a0c493d9dc6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "39aa6f7e5890377271d5434c4f76386b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 856
x-amz-cf-id: xHsGEpsq5hysXfcBnVCHNMRvKVBc2hLpGg7ewxMV-lbOdwJe3z69wQ==

GET
H2 200 cz.svg
widget.equally.ai/flags/ Frame 5A11 212 B
578 B 16ms
14ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/cz.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a71bcb7e97223bdca2ff6105c4e261e96eaed1009d6326c404abe20011ed7dad

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "047e732decd62b9d3ce350a2cd8f4de6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 212
x-amz-cf-id: E6vh9ZY0bi-TvyRF-pKX0-Ky0M_InpTFBsRm5BeI3l9Kkd-CmkuHYg==

GET
H2 200 dk.svg
widget.equally.ai/flags/ Frame 5A11 222 B
588 B 19ms
16ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/dk.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dc4827058fb343b6fa6383fb5e3471f4ab744a82d0f6ec9d895e8ce5d2a969ff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 04:47:48 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 77695
x-amz-server-side-encryption: AES256
etag: "c0cd63470ccdd66eb1b70437c4897d2e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 222
x-amz-cf-id: vWTOPWJif_pin32LReSOJd2SSxUqL_i1eyqb4DCmqHWaQp12ZW6tUw==

GET
H2 200 fi.svg
widget.equally.ai/flags/ Frame 5A11 233 B
599 B 18ms
15ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/fi.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2f57f5b4ec3968d3127d25c1ba8973b593df0bfa8171a12d7c9f399a038ca071

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "079f4bcbd1f4a3a2ac55d1071961eaa4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 233
x-amz-cf-id: rLnlIaQ_eoJyG_F5P2WyYKHK_1259O9Y6Mkf4mrIx-2b7wADlKpjZA==

GET
H2 200 se.svg
widget.equally.ai/flags/ Frame 5A11 216 B
581 B 18ms
16ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/se.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1d7c3fc0594c8fb856d9fd0a13a752dfaf8643c8b073582909c88be24e7e416f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:30:15 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 81863
x-amz-server-side-encryption: AES256
etag: "1f642770ccba1a8f5948ac69923c15ba"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 216
x-amz-cf-id: 3hlIaued52PnOnXB-BJEMJ9wkoik71-MefcYhyW4grE4Ubjt0X8GKA==

GET
H2 200 lt.svg
widget.equally.ai/flags/ Frame 5A11 178 B
544 B 17ms
15ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/lt.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 429d40e370103a47cb2fa03e143136308ce0ad387fc05acfff349d40406440a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:52:58 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 80966
x-amz-server-side-encryption: AES256
etag: "60ce52ef375f0a7bf84149719ad6a8e2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 178
x-amz-cf-id: KjQfKK8IP1YKmhh1TicclYg3TdtXnZ2PzCQrn5tjaXVVHrZQOvBwrA==

GET
H2 200 ro.svg
widget.equally.ai/flags/ Frame 5A11 178 B
546 B 19ms
17ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/ro.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ea3e3c17cfd414a403313ddc73a62a264cbc205d962214e272321566e0d78ce8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "a9e8cdfefb0cb78dfe786276f500656a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 178
x-amz-cf-id: xxKvKjiEecP7G6EU9E_FIcQNjW8ZI_Yl_WP6PE-fJokEf4zMSyjgPQ==

GET
H2 200 gr.svg
widget.equally.ai/flags/ Frame 5A11 206 B
572 B 19ms
17ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/gr.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86cce2a11b19e83087b4ea15be2c293563f8dc90df958488174c2194e2adac07

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:00 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: "abd7d677957e863655f6bc059dbaebfb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 206
x-amz-cf-id: 3qnbntqt4h12duycjxUWSESj4QJbWqpoz_AP26ueucsp_EF37aD8QA==

GET
H2 200 hr.svg
widget.equally.ai/flags/ Frame 5A11 66 KB
28 KB 20ms
18ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/hr.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ecd619e1013f1de98ab10d4693d8d17ff1924494c099aaef02b0700636b51339

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 04:47:48 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 77695
x-amz-server-side-encryption: AES256
etag: W/"f4e06f4da88eab5e630a6263b8f5ebdf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: JhhCdQb997XMKFzvA7JBGhybUFw8jv8k7PoQ4hDEyBni0bDW2OO3YQ==

GET
H2 200 lv.svg
widget.equally.ai/flags/ Frame 5A11 138 B
504 B 19ms
17ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/lv.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 442240b6d0d4290a8a5bf289beae6d52665dc71f7cb529034682c8fdcf313bb1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 09:58:06 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 58591
x-amz-server-side-encryption: AES256
etag: "12cebcfb5d166f7cd2b6a3fb48c0924d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 138
x-amz-cf-id: qcm12HzE-ruYYqTiCO4Tom4ggCyDwJzaxnA_yT7GVi7SXJMXKl510A==

GET
H2 200 sl.svg
widget.equally.ai/flags/ Frame 5A11 2 KB
1 KB 19ms
18ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/sl.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aa4fda18694f1e60c937933eebd752cc3ed0701652f0dfca84677c3267b26db9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:52:58 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 80966
x-amz-server-side-encryption: AES256
etag: W/"9b4bb3b189e8285e10fc2637df225958"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: xnnudnyMUIsRzQ6b3xNC6206HMnXXyE3cnGX_6mby0vW02helj_tdg==

GET
H2 200 mt.svg
widget.equally.ai/flags/ Frame 5A11 15 KB
7 KB 20ms
18ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/mt.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a5c2eee915ed72695afcc7898018bf57c41e62c9b7b964e8de8bbbec9e895d2d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 03:52:59 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 80966
x-amz-server-side-encryption: AES256
etag: W/"66e76e37d320e1ef728362a420f7eb3e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: 59QTNTbHiDLgwU3ATzd8uJ145kacd9tCSLsmlEEzaE5HaAiOYQdNLw==

GET
H2 200 sk.svg
widget.equally.ai/flags/ Frame 5A11 1 KB
952 B 21ms
19ms Image
image/svg+xml 52.222.214.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget.equally.ai/flags/sk.svg
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 645f75dbf15f9931d4c25509f2d3b55e8be7d97209957535382ecfd96658d7b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:14:17 GMT
content-encoding: gzip
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jul 2023 13:07:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 46821
x-amz-server-side-encryption: AES256
etag: W/"45bde9f51532f5f7cc44fa912e57fa26"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: WHRGD_FLx5Co62KOD_SDeKhR2uexCeFnbEZnxabAsWxNYngMQNLMPg==

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687

0
234 B

350ms
349ms

Image
application/json

2600:9000:2251:2c00:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
Protocol: H2
Server: 2600:9000:2251:2c00:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:38 GMT
via: 1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: iMM_lNQY8Fsc-u7vMZhgy3V_4GnCXCC4vE6mgIBr-aO4ksuFvzCMqw==
content-length: 0
apigw-requestid: H7bmUjg1oAMEVQQ=

Redirect headers

pragma: no-cache
date: Wed, 12 Jul 2023 02:14:38 GMT
an-x-request-uuid: c1b89f48-de9b-4dd7-a467-25a426a32d1b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=www.trendmicro.com&pId=6755469265966947687
x-proxy-origin: 185.213.155.193; 185.213.155.193; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 185ms
185ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame 3B21 2 KB
1 KB 296ms
296ms Document
text/html 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html

Requested by

Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2d629f289895461e21d84586f22c3f13ec967a94db43dcb98f18f224bc464ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.trendmicro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 12 Jul 2023 02:14:38 GMT
etag: W/"65f30129bbd62f11fa724bd8d6571382"
last-modified: Thu, 29 Jun 2023 19:06:49 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-id: 5FIqgg6zx1CoGmEeh7R_oSdrxpdQ9n6UXqF5O0pPeqb0Zpbho88IGg==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: fB1S0CyMLJHR17UtlnCvP9KPpCePP0bM
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 7789 2 KB
1 KB 307ms
307ms Document
text/html 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1689128100000/sv2uuh4gw3ms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2d629f289895461e21d84586f22c3f13ec967a94db43dcb98f18f224bc464ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.trendmicro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 12 Jul 2023 02:14:38 GMT
etag: W/"65f30129bbd62f11fa724bd8d6571382"
last-modified: Thu, 29 Jun 2023 19:06:49 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-id: 8dHrcTiCF7UJX2p0dnI2sx9MxhWRPVUThk4BR1jELvMGiENWDLBgWA==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: fB1S0CyMLJHR17UtlnCvP9KPpCePP0bM
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

POST /
sumo.com/api/load/ 0
0

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame F558 0
182 B 113ms
33ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=g2lzvow&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&upid=803df29&upv=1.1.0
Requested by: Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.trendmicro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Wed, 12 Jul 2023 02:14:38 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 runtime~main.02ef51f0.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 6 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

88057ddacc1543613b0ee53043ce9abda8c2fa8bf584df3c8da2ed9ffdb08f93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: 8umjs9Qos4riOhMKisjLoyJvF.scLuv8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:41 GMT
server: istio-envoy
etag: W/"95d1c74bdc24f5ed7f8ed455813b49b7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ho3u4RVWbAIIRvle3dSwmSvXu-nHcDhlWg2Iyj7ddgcpB2Cr7Yy2Ig==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 35 KB
13 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 14287782
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yslafwyjFrShpj90epkwFvQ7BCZ8A3voZhVCFtLeyIa8CQNr1b-iMw==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 7 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:46 GMT
x-amz-version-id: _6ChWa7QfxwgvKvHcksc0_7OHMp8jBKX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1853572
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 20 Jun 2023 14:23:11 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3gRErfvHOcagNNfG-_ZDCYboa0lCVaw8lpzBKa5lP6DO0Kvpw3Cuug==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 23 KB
8 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qjutZttIY_SWLyb0XUY5rADr1dJzr-ln6r756tZA5_Od3PzyRd1VvQ==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 36 KB
10 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 528265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NAT9pTbJ01WOXJWToFhKeV7RPmFheAYHicAmkZYkCnt_znKE7W11jw==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 32 KB
11 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1853572
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xFGeNikqy9SEaP8lL9eN-861Lba70C9hGACM8r1Lw-1aZUUnM6BQrw==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 17 KB
6 KB 10ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3181165
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vitjgcg4a5bK5gTePIrL4yrrxH4t7NxbyPJZPeKW9EfXh_AZqbqjqA==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 25 KB
8 KB 10ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 427775
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: az7rz0GNOC2BGsweFFlDVfL-nsHZ0EfEkuNZjU8e3DalDPu7bwA4uA==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 74 KB
23 KB 11ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ukuXMqZaBoE6xID056KmWB0xEHmIXKmX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 69
last-modified: Fri, 16 Jun 2023 20:26:54 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cKTAbqH_2Y7x44Pk0lmmQZGR2KdWY2pDZfMb-EOrbEwodqiigQpInA==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 66 KB
20 KB 12ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4129551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yOtl_QxpAhQ6c23Zuz-GlIaLPGH5bgNth6Dq3E6HgYKCsN62iscSiw==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 91 KB
28 KB 13ms
12ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 396579
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Kaydm-Q5WdRc4cVr8WXWC7eFeX1QYnfGblHC5_MA8qhUShjkUKG8Ew==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 23 KB
7 KB 13ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3683506
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b6bHZhoZc6Jqmkn4rlKp1bmqLw40-rh1aRblI-rc3r44L3l4Ig99KQ==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 62 KB
20 KB 14ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1210368
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZPkYhYZ1X70T5SnAj6NWMqUq-TtOGMjS2JQk5MZ73llX4PS86wHKBw==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 105 KB
34 KB 15ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6HCj0_U32IicigJ-2qWy0JzU3AMsCPYo1j5YUv5aGSdJJZlo4UgQAw==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 12 KB
4 KB 15ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 26 May 2023 02:53:30 GMT
x-amz-version-id: d.D0r_vXgX7w1FTWdc3SLpv412I4sjOB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4058469
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Wed, 24 May 2023 17:52:54 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TklM3wwTxL_Zz6NlIAR0fc1LZJ6zrM_dynDVBcgsQRSsaNTY534C2g==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 13 KB
6 KB 16ms
16ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Es8W5wH6EQ43lYNyaWLVtOr6yX47CcdXwaZAvxNEKXgy4zEJBLA_2A==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 17 KB
7 KB 17ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 09:24:39 GMT
x-amz-version-id: VsfA8TLYa9RNEpzywKZv5LmrplRhx_G6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3171000
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 72
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HgzcZ96bA-eXD3N5eMa8FNpp8_3T0cRfi8kX2kWZfPdFtA_TqC3MqQ==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 3B21 31 KB
4 KB 17ms
16ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n6ugCr9idre1iqrgH81yPpFn0NQz6rgrdudjDH2pBRK6STMsQbY2_Q==

GET
H2 200 8.4f36d6d3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 81 KB
25 KB 17ms
16ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.4f36d6d3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: OvTTtuWZAdZ_8FikHg8oq2SJobSEIlCt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Thu, 29 Jun 2023 18:36:40 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: immgKIdrGu9ASeVvZDH1IbHCFB7XuWlaG7Fmw56q0-zN2FXiI3dnAA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 3B21 24 B
695 B 18ms
17ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 5231108
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Gc3S1V9wZWHtcWp6hYs2Xy7mSRNMykRcC4TFGpIigqshVrig9-fAoA==

GET
H2 200 16.d21cfb1d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 91 KB
23 KB 18ms
18ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.d21cfb1d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

288a9ccd9b1eeefd3dbb1472e44e1de6b28ce3cc808b7f89745f3e6caaefd3b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: d.6IKrCAQiM3_pBacs73GiOdIbiSZpjT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"ca720b81e8f86c6b2257cdf1343f755c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: M3DkhjAWGo5PZYumR7BMGRg8vcMcPW--Ozi5wi5Rsa8U4a6LnEK7Pw==

GET
H2 200 24.b3a2b2ff.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 50 KB
14 KB 20ms
19ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.b3a2b2ff.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

801d37a3e3ca1817d45173f1b2991f9f8b576714436fae4bfdf13adc926b8654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: Ragnb6AMJHLJxZu7pxAUKeTDlhYQ2C70
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"36d9e825bfd0b9d778f826ff1802ad0c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Laa_KwntU_cRnnFasus4GRUdTjxhpQWrn1xiE31COhfl1k_rZSLUDA==

GET
H2 200 17.643e5310.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 40 KB
13 KB 20ms
20ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.643e5310.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3ab024f4b3bee687327d55fcb3791e699f903744ef30a6b13160cd0204656db0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: lgRtz1DdpvQS6RXsMQb3Dti7IikLYChH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"8ec0c6ca6900325b3aec6c54db564bac"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nJqqqRTkxvw9pEZGEFGyfg-Z4dVw4h3Zyos_xVeEF9kTZfpmou0Zeg==

GET
H2 200 runtime~main.02ef51f0.js Show response
js.driftt.com/core/assets/js/ Frame 7789 6 KB
3 KB 17ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

88057ddacc1543613b0ee53043ce9abda8c2fa8bf584df3c8da2ed9ffdb08f93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: 8umjs9Qos4riOhMKisjLoyJvF.scLuv8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062471
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:41 GMT
server: istio-envoy
etag: W/"95d1c74bdc24f5ed7f8ed455813b49b7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: P0_7e5aW6qqGHOGUlIvOv0lg7iDnOOm1TPuwrs7VORPO-4cqWq9BHA==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 35 KB
13 KB 18ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 14287783
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _JT51ZBDnIFo7GB9dmANk6DbNSH0UYYsLKoougWMLyfpfQAbbxlctg==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 7 KB
3 KB 19ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:46 GMT
x-amz-version-id: _6ChWa7QfxwgvKvHcksc0_7OHMp8jBKX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1853573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 20 Jun 2023 14:23:11 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3UtaMAhxanAL6cbcPFo9fP02-KeSy5WmzWVeC1E0OB1gDZrxr24yxw==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 9 KB
3 KB 8ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 24 May 2023 04:23:57 GMT
x-amz-version-id: GhA8rzRSUOsszJIxxjXIx4g.f98pPnBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4225842
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Tue, 23 May 2023 23:00:49 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VsSFBWLUW4Ap_Or7E2jyZb1LMrCTvOKnxbf3SkRE_2jkl1z9aokJKg==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 35 KB
10 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:02:59 GMT
x-amz-version-id: nle0j8birQ7TqZcCTCj2_Aiuc4PU4FBJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1901500
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hH34RmWQ757mnbRssyTWDMW6A_1gOP-aBowYenfj578XNLXr_dwcFw==

GET
H2 200 28.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 3B21 8 KB
2 KB 10ms
9ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 03:39:57 GMT
x-amz-version-id: 6lL5RAKv.3W6LARvL8dkmwjhs74xFC1K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1895682
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gc6LRKeE5uvgwNV-HS8D9lMEDSnUTZItsYJ2iUdelamXmHofjecoRA==

GET
H2 200 28.bdd92ff2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 14 KB
6 KB 10ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.bdd92ff2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: FN2mK9FP.1iG0EPXu5GaP7vFrDcTGt2G
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1853572
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"260fbabe310bd2cae5c44538f3d833ad"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: N00E0ZAT4Cf02_YiSounbPdqDRUL5J4bacW0l6LSJ4fVv6xmVcvajw==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 3B21 365 B
1 KB 10ms
10ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: ZuuQmAv287PLv09x8YJDQ63ijAfFLcLS
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 1853572
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
content-length: 365
last-modified: Tue, 20 Jun 2023 14:23:06 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9kPnEVwiwhFMcltI8c8QzI7UAGhdo93wHsdyqV35PjuKiOULb44Hgw==

GET
H2 200 25.afef3be0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3B21 91 KB
25 KB 10ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.afef3be0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8c7f57de0d28efc5119de35f1fbca187f933e86f66fb76d9d0d31d1ab317c6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=sv2uuh4gw3ms&eId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=67276b85-8a7f-401d-886e-bc7f6efc77da&sessionStarted=1689128078.679&campaignRefreshToken=21480c23-0f7d-4c43-9d7e-0fd17a7a3523&hideController=false&pageLoadStartTime=1689128070902&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: S6nBo_XZPGSh2l1p_Jh0Esw_QLOW7CS8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"8143a01fcadcee27b5755c3249aeb2f2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nrEpYNruYJE3LXTDtRd9DBtFkh24EBGD1ZPmOnk38WE-eq3-M7YkDA==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 23 KB
8 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FJmQ1ExUV4WCYAecxrvwc_Gw5t55q8rAOGOLZn-m0LAtRh_BmEN5QA==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 36 KB
10 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 528265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gutZ1JcQ99-mjVgoeoHndaKKodp1z0OxO8OwLNK3mRaIVjUcok_Pjg==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 32 KB
11 KB 9ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1853572
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pgGRgHU1HcxI0qUgqn6PNfj7qRWhSMYYZgOl4AesdvtUa7TO3rfnhw==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 17 KB
6 KB 9ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3181165
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: txLBJsj-v-vkBYr1MlBJW5VkuoSWHLVJqrE38YHk5VlrxPBRMRgEpA==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 25 KB
8 KB 10ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 427775
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nxZzTVCQV44vAhBlG_zqXTRameEM7ebimY-HSfKrx3MxxbFhj6o7ww==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 74 KB
23 KB 11ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ukuXMqZaBoE6xID056KmWB0xEHmIXKmX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 69
last-modified: Fri, 16 Jun 2023 20:26:54 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VT5GmLQuvKV-hwB6zS2qG9DFI26LJ4oPAO6khI_o7JrTtigBxrCabA==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 66 KB
20 KB 11ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4129551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: u_AL1D3pDLxHx1-2bYw3xYbvNPYH018yJ1ltPogvfBZYkXpTRpzOVA==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 91 KB
28 KB 12ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 396579
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hD-snI3u_WGCmKvTa_TjFCiW76Ut2zsCGciC9Wpoxh2h-W82NGnBsQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 23 KB
7 KB 13ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3683506
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Csb0Ln27QP67z4nUHWh-gYprNLpgOXf0Jm3bJStoQBeWkuaDKendRw==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 62 KB
20 KB 14ms
12ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1210368
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TyuZ2FLRCvwqgne256VY-5VwaaKBH3dV9Q8Yspdmd-wvzJM-K9LZfA==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 105 KB
34 KB 15ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AU02W7c68Qc7o4dNGM0d-S_zLQALGp3m9MqX4yzKXuSHie4AUoTSzw==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 12 KB
4 KB 16ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 26 May 2023 02:53:30 GMT
x-amz-version-id: d.D0r_vXgX7w1FTWdc3SLpv412I4sjOB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4058469
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Wed, 24 May 2023 17:52:54 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8MdQiWCTFNBPRYc4acD7QqHpfEtE1RKAPKC2aeLnUood2G48HnP5dg==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 13 KB
6 KB 19ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: utQlu5fbsXQgWdDXBK03rzvznkxko2_W1lX7xF8w_DALRKUeOZoStA==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 17 KB
7 KB 19ms
18ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 09:24:39 GMT
x-amz-version-id: VsfA8TLYa9RNEpzywKZv5LmrplRhx_G6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3171000
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 72
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mP--mHlboDbTTvp_VOTv1IAeF0xOlmxDZwRRgzGmGSxxNsEiQQQizg==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 7789 31 KB
4 KB 20ms
19ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1898799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: y5qvXQ26P9lgtWL1uzrRb7pvFv9C-TteUK6loms1dZz6-r2LSR_KqQ==

GET
H2 200 8.4f36d6d3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 81 KB
25 KB 21ms
20ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.4f36d6d3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: OvTTtuWZAdZ_8FikHg8oq2SJobSEIlCt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Thu, 29 Jun 2023 18:36:40 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JDn8ALWWPuqGZBdtYaMaspVI3aLnG8dHwFXQiJmgTcmVs6wuHJfmeA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 7789 24 B
696 B 21ms
19ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 5231108
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NYzEmke5yWU6psfbbp9yjtPUbMk3-3cdIIC6yD8J0uDiYKsidLuBAw==

GET
H2 200 16.d21cfb1d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 91 KB
23 KB 22ms
21ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.d21cfb1d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

288a9ccd9b1eeefd3dbb1472e44e1de6b28ce3cc808b7f89745f3e6caaefd3b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: d.6IKrCAQiM3_pBacs73GiOdIbiSZpjT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"ca720b81e8f86c6b2257cdf1343f755c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Lc1JQm6Y06CozVl2FJdeGgBvsqi_b0ZqddeMHq3KIaptPSLU1CkAww==

GET
H2 200 24.b3a2b2ff.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 50 KB
14 KB 22ms
21ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.b3a2b2ff.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

801d37a3e3ca1817d45173f1b2991f9f8b576714436fae4bfdf13adc926b8654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: Ragnb6AMJHLJxZu7pxAUKeTDlhYQ2C70
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"36d9e825bfd0b9d778f826ff1802ad0c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AQTvFFJyCtj-hJ_9vD9j3i1qR6FA6N6tFsKroXLhG2qOKq-VRnOLhg==

GET
H2 200 17.643e5310.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 40 KB
13 KB 23ms
22ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.643e5310.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3ab024f4b3bee687327d55fcb3791e699f903744ef30a6b13160cd0204656db0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:48 GMT
x-amz-version-id: lgRtz1DdpvQS6RXsMQb3Dti7IikLYChH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"8ec0c6ca6900325b3aec6c54db564bac"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WSte4VGT8aqJb-o3PE-YyxcXRrHCwW5rG852_eJKs2_Yx7_u9N11xA==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 7789 3 KB
1 KB 8ms
7ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 00:43:49 GMT
x-amz-version-id: 6S9dem0QqRNKdsXJa9pt.hiZoFHo8G8.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 523850
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 58
last-modified: Fri, 30 Jun 2023 16:16:07 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JfBQogD--d86TK_ZFf8XUyXiCyeWLcAViK6glsgntiZY_aeKXl74vw==

GET
H2 200 37.298cbb69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 3 KB
2 KB 8ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 04:59:35 GMT
x-amz-version-id: Fv09MwZ9_aib0TbI3DWT7N_8oqF8DxL_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1890904
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"86b289eeb2bf9d30034f30d9794e8041"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w_BMnkARb_H5FdcqmQsqfKsoZLe7HZXdZapsh6o2c1U8sDpIrwHijA==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 9 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 24 May 2023 04:23:57 GMT
x-amz-version-id: GhA8rzRSUOsszJIxxjXIx4g.f98pPnBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4225842
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Tue, 23 May 2023 23:00:49 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oioWVfh1nTxL3wcwZjqXr9RtDP6mYtGP6wqiywa2TXRHIXod3cuhjQ==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 7789 7 KB
2 KB 8ms
7ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 26 May 2023 01:55:58 GMT
x-amz-version-id: mj1uBZn49IegQv8DQD1iQuBHBtNoawj8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4061921
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 136
last-modified: Wed, 24 May 2023 17:36:04 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: npHHQVvhOFvBCe65C7lG8df_CEJF-PwdDk_RvVQy0VTGo5EgfgvIBA==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 54 KB
15 KB 9ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 29 May 2023 23:15:04 GMT
x-amz-version-id: FE5y8IPJ04Yp7NIoBaxWwnwnvwyWwyRX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3725975
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 116
last-modified: Fri, 26 May 2023 19:24:43 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RCXbEOaQri_NVo36VLKzZWccyBHEKbX6admlXDtYfM3g0SeyujSKEw==

GET
H2 200 1.573fce08.chunk.css
js.driftt.com/core/assets/css/ Frame 7789 44 KB
7 KB 9ms
6ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.573fce08.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6ca4f32f43694ee56dda6581a83ef02225af274dc0aee381e86284c091911913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 14:59:03 GMT
x-amz-version-id: XdFniRGgVHIu8.3BmgbjhB8YM7.t.OSn
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2200536
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"21db740ef8d5ab04f559239c11897518"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tBnQZzyS_GU0_tUvXav1hplEh6nE5mAu13sk4nQzeVehJJGh8gr8ow==

GET
H2 200 1.be8346b1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 54 KB
17 KB 10ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.be8346b1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: PLfb_l_4aFe.aYN3FEG.I5zIcM2Rb4sy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"c2bd45f4e9f02db923342d39137bf141"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JGldBtDmZNBkTSzKpVx3yi9vqGTwcxRTfupJQPYcVgUgTqzD3heCsw==

GET
H2 200 4.9157d420.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 23 KB
10 KB 11ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.9157d420.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6882bb97b25bf71ecd9de333bcaa4eea46fd9f6763b383d07eff4c73b9c7ba30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: eBDiuofq2HCcTp2YJVFhjc9KFdMxPH5F
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"714f93293759e579de42cfdc6c40fe53"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YMBSNi3ryuWNOELOCge2DDyEs3-2rrmYmq-y-lObWRWnAjSMefe2Jw==

GET
H2 200 34.0504aac4.chunk.css
js.driftt.com/core/assets/css/ Frame 7789 16 KB
3 KB 10ms
8ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.0504aac4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: Y0eUMP8TZIUm_xphXPO8Cb7kobR8Sp8P
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 29 Jun 2023 18:36:37 GMT
server: istio-envoy
etag: W/"95b017fb41a8751bd7175f8a73f035f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rSiv8DbjdDbXY3saHnkKDIkLpg-1S2oous6a_ZZasn5KBdi9YkEMbg==

GET
H2 200 34.26535e57.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 7789 12 KB
5 KB 11ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.26535e57.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.02ef51f0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1689128070902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: pP4ZKQ0wl7_jYctuYheBxCj9PF_v.ESa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1062470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"d1f726d8d49e4c3e218775f6ce78039f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rn9ugMRvHDTGiWX1FRjuCbnQduwVkIs0F48uzToFdu9y1mm3anqShw==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 3B21 146 B
588 B 562ms
111ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

ce7dc91291f13d36243e5d6238b7a71e5f5adc6adc1e8394991b3eefd140da0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Jul 2023 02:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 312d07bbcb510137
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 10
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 146

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 235ms
235ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:39 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 3B21 25 B
89 B 119ms
113ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Jul 2023 02:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 2b49bfb25a821d54
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 3B21 43 KB
13 KB 537ms
537ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

2d9abd5461afa19e28ac14d9f0eaa260f9ba3207f5ce9e1f07fba1dd8c3e2b71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Jul 2023 02:14:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 3e5e9a109e1ad552
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 437
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 200ms
200ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:40 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 195ms
194ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.trendmicro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 02:14:41 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 5427711.fls.doubleclick.net
URL: https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=5665829723980;gtm=45He37a0;auiddc=416777788.1689128076;u1=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html?

Domain: 9572106.fls.doubleclick.net
URL: https://9572106.fls.doubleclick.net/activityi;src=9572106;type=trend002;cat=globa0;ord=719415800906;gtm=45He37a0;auiddc=416777788.1689128076;u1=%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html?

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=fd47de89-1de6-40ce-b622-e869e339180e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ae2f0de8-dc0d-4c14-bbb4-852811bfd23c&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tw_iframe_status=0&txn_id=oalxs&type=javascript&version=2.3.29

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1f88f442-023d-429e-ab1d-2a84ee8a2b3e&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ae2f0de8-dc0d-4c14-bbb4-852811bfd23c&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&tw_iframe_status=0&txn_id=nuwoi&type=javascript&version=2.3.29

Domain: sumo.com
URL: https://sumo.com/api/load/

Verdicts & Comments Add Verdict or Comment

292 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

55 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.trendmicro.com/en_us/research/23/g	1970-01-20 13:55:20	Name: __smVID Value: da77998ca9a043efb245f5833f6ece492670135634de2e5bddd1359eb8272aa2
.trendmicro.com/	1970-01-20 13:12:11	Name: AKA_A2 Value: A
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 1pfutbbKtcc
.youtube.com/	1970-01-20 17:31:20	Name: VISITOR_INFO1_LIVE Value: rwvhbw5X5lI
.trendmicro.com/	1970-01-20 21:57:44	Name: utag_main Value: v_id:018947e0ff35007c085ac5756fa403074006706c00b08$_sn:1$_se:1$_ss:1$_st:1689129875062$ses_id:1689128075062%3Bexp-session$_pn:1%3Bexp-session
.trendmicro.com/	1969-12-31 23:59:59	Name: _c1Ref Value: /en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html
.trendmicro.com/	1970-01-20 13:13:34	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Jul+12+2023+02%3A14%3A35+GMT%2B0000+(GMT)&version=6.34.0&hosts=&consentId=fbac0f0d-5d94-4855-8b3a-2a55910b050d&interactionCount=0&landingPath=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fg%2Fhunting-for-a-new-stealthy-universal-rootkit-loader.html&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A0%2CC0004%3A0
.trendmicro.com/	1970-01-20 22:48:08	Name: BE_CLA3 Value: p_id%3DJR6NLA28RJ24R2NR2N6JR8LRAAAAAAAAAH%26bf%3D955313392b6de5d9a2591062ba95d2de%26bn%3D1%26bv%3D3.46%26s_expire%3D1689214475419%26s_id%3DJR6NLA28RJ24RJ2RPR2JR8LRAAAAAAAAAH
.trendmicro.com/	1970-01-20 15:21:44	Name: _fbp Value: fb.1.1689128075495.8608084
.trendmicro.com/	1970-01-20 13:13:34	Name: _gid Value: GA1.2.1131596037.1689128076
www.trendmicro.com/	1970-01-20 22:48:08	Name: _gd_visitor Value: 0ad1fe9d-551e-4dda-8106-6a65a12ef387
www.trendmicro.com/	1970-01-20 13:12:22	Name: _gd_session Value: a7e4dc4f-1bae-47c5-8086-f7eba556275e
.trendmicro.com/	1970-01-20 22:48:08	Name: __utma Value: 44797537.1151377426.1689128076.1689128076.1689128076.1
.trendmicro.com/	1969-12-31 23:59:59	Name: __utmc Value: 44797537
.trendmicro.com/	1970-01-20 17:34:56	Name: __utmz Value: 44797537.1689128076.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.trendmicro.com/	1970-01-20 13:12:08	Name: __utmt Value: 1
.trendmicro.com/	1970-01-20 13:12:09	Name: __utmb Value: 44797537.1.10.1689128076
.trendmicro.com/	1970-01-20 15:21:44	Name: _gcl_au Value: 1.1.416777788.1689128076
.resources.trendmicro.com/	1970-01-20 13:12:09	Name: __cf_bm Value: es.LdKyBxy1mtrXIQ1u6kIlCq4A37JT.0p4uW7Am7qo-1689128075-0-AQWyrCbyN7M4yEooDYG/jPco+gtb1co13VZrqo1/KGbxDmOcDP/3UjyhTU/CbFpaxWheAXdF8SObTx8LiMyDHF0=
.trendmicro.com/	1970-01-20 22:48:08	Name: _mkto_trk Value: id:945-CXD-062&token:_mch-trendmicro.com-1689128075709-86302
.trendmicro.com/	1970-01-20 22:48:08	Name: _ga_4502MK3B94 Value: GS1.1.1689128075.1.0.1689128075.0.0.0
.doubleclick.net/	1970-01-20 13:12:08	Name: test_cookie Value: CheckForPermission
.techtarget.com/	1970-01-20 13:12:09	Name: __cf_bm Value: qKwv8x025IEP7ySpB1iaPPwsR8zLCr0R36zhfxw7SWk-1689128075-0-AXd78NPMN4VHyOkOt0KOtdx8P3GvJyaFHKNVDJ7619UOTvagbawwiCjmfTyudiQdVR3nOmUT/ujW/jwR/ifV4vc=
.trendmicro.com/	1970-01-20 13:13:34	Name: _uetsid Value: d8f79570205911ee82b95189649a3f9e
.trendmicro.com/	1970-01-20 22:33:44	Name: _uetvid Value: d8f7b500205911ee8e2cfd509c088480
.trendmicro.com/	1970-01-20 22:48:08	Name: _ga Value: GA1.2.1151377426.1689128076
.trendmicro.com/	1970-01-20 13:12:08	Name: _gat_gtag_UA_44592531_1 Value: 1
tags.srv.stackadapt.com/	1970-01-20 21:57:44	Name: sa-user-id Value: s%3A0-05047fe2-12d4-5631-4ab2-5958629e8175.fSEoLkWV3mq0sXVoT7NMKdttaZ9zAHcvaMw6ErE7pk8
.srv.stackadapt.com/	1970-01-20 21:57:44	Name: sa-user-id Value: s%3A0-05047fe2-12d4-5631-4ab2-5958629e8175.fSEoLkWV3mq0sXVoT7NMKdttaZ9zAHcvaMw6ErE7pk8
tags.srv.stackadapt.com/	1970-01-20 21:57:44	Name: sa-user-id-v2 Value: s%3ABQR_4hLUVjFKsllYYp6BdbnVm8E.kZHAXvrb75FVFHN%2FOwrgplYDgDAW1V4QjtNVn0wR2vU
.srv.stackadapt.com/	1970-01-20 21:57:44	Name: sa-user-id-v2 Value: s%3ABQR_4hLUVjFKsllYYp6BdbnVm8E.kZHAXvrb75FVFHN%2FOwrgplYDgDAW1V4QjtNVn0wR2vU
tags.srv.stackadapt.com/	1970-01-20 21:57:44	Name: sa-user-id-v3 Value: s%3AAQAKIKoJGSdNmxvXOGsuccMFJZJWcDu_M0Ti7ailpAu-_F4VEHwYBCCLmbilBjABOgQUeniFQgRbJjlD.kglu47R9XPQQSyuwq9BEVL1zT7X9PA1wXAVmsblavOk
.srv.stackadapt.com/	1970-01-20 21:57:44	Name: sa-user-id-v3 Value: s%3AAQAKIKoJGSdNmxvXOGsuccMFJZJWcDu_M0Ti7ailpAu-_F4VEHwYBCCLmbilBjABOgQUeniFQgRbJjlD.kglu47R9XPQQSyuwq9BEVL1zT7X9PA1wXAVmsblavOk
www.trendmicro.com/	1970-01-20 21:57:44	Name: sa-user-id Value: s%253A0-05047fe2-12d4-5631-4ab2-5958629e8175.fSEoLkWV3mq0sXVoT7NMKdttaZ9zAHcvaMw6ErE7pk8
www.trendmicro.com/	1970-01-20 21:57:44	Name: sa-user-id-v2 Value: s%253ABQR_4hLUVjFKsllYYp6BdbnVm8E.kZHAXvrb75FVFHN%252FOwrgplYDgDAW1V4QjtNVn0wR2vU
.quantserve.com/	1970-01-20 22:42:22	Name: mc Value: 64ae0c8c-0d690-93d61-2d901
.trendmicro.com/	1970-01-20 22:36:36	Name: __qca Value: P0-1217862033-1689128075894
www.trendmicro.com/	1970-01-20 13:13:34	Name: ln_or Value: eyI4ODY2IjoiZCJ9
.6sc.co/	1970-01-20 22:48:08	Name: 6suuid Value: bd641102c8a236008c0cae64570000005f5ba400
.linkedin.com/	1970-01-20 15:21:44	Name: li_sugr Value: 87ccca56-db14-48e6-a50f-e7607b224497
.linkedin.com/	1970-01-20 21:57:44	Name: bcookie Value: "v=2&8ed9e42d-8c83-42d1-8198-3ada1e53ebc5"
.linkedin.com/	1970-01-20 13:13:34	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2554:u=1:x=1:i=1689128076:t=1689214476:v=2:sig=AQHDbf1by-lAbvl3UscQJw5LYTCrq38_"
.linkedin.com/	1970-01-20 13:55:20	Name: UserMatchHistory Value: AQJxn6T7ZVQ2YAAAAYlH4QP2yKP1E6lnblU7oTnah30mBgpw7UKTj1yMYhjgBxX957ySjePQhXt46w
.linkedin.com/	1970-01-20 13:55:20	Name: AnalyticsSyncHistory Value: AQJX62pmx-j9zQAAAYlH4QP29A-6w1RWxw20Q9ipNuqJguY91YcqhETgsX8NhMkJGbFOKvm4-8GmwrFPWEOE3Q
.www.linkedin.com/	1970-01-20 21:57:44	Name: bscookie Value: "v=1&2023071202143651e3e195-31db-4647-89d4-d58604125eaaAQHPoiBsKf2qC-4w_rmjATIeWERzdzx0"
.linkedin.com/	1970-01-20 17:31:20	Name: li_gc Value: MTswOzE2ODkxMjgwNzY7MjswMjHusLl90lEXPbDxew5l92rMvCtIDsLnScJZkG2l0mF1ew==
.t.co/	1970-01-20 22:48:08	Name: muc_ads Value: cb8979bf-a40c-42dc-a1d8-af12d5b54814
www.trendmicro.com/	1970-01-20 13:22:12	Name: _an_uid Value: 0
.acuityplatform.com/	1970-01-20 21:57:44	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqBNjT6jXVzZXJNYXRjaGluZ0lkJAKAkWxhc3REcm9wVGltZU1pbGxpcyUBRFF8EDigmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMhj3RoaXJkUGFydHlVc2VySWQh+4IxMjj6QiQEgEMlAURRfBA4oEQhRSH7gTE3+kIkokMlAURRfBA4oEQhRSH7gDL6QsRDJQFEUXwQOKBEIUUh+4IxMTT6QiQDpEMlAURRfBA4oEQhRSH7gDT6QshDJQFEUXwQOKBEIUUh+4EyN/pCJLZDJQFEUXwQOKBEIUUh+4IxMjX6QiQDukMlAURRfBA4oEQhRSH7gTYz+kIkAb5DJQFEUXwQOKBEIUUh+4IxMjf6QiQDvkMlAURRfBA4oEQhRSH7+4Z2ZXJzaW9uwvs="
.acuityplatform.com/	1970-01-20 21:57:44	Name: auid Value: 799056952284
.adnxs.com/	1970-01-20 15:21:44	Name: uuid2 Value: 6755469265966947687
www.trendmicro.com/	1970-01-20 13:12:09	Name: drift_campaign_refresh Value: 21480c23-0f7d-4c43-9d7e-0fd17a7a3523
.www.trendmicro.com/	1970-01-20 13:22:12	Name: RT Value: "z=1&dm=www.trendmicro.com&si=a8cdcc71-deb4-4331-b241-55bd5d047e19&ss=ljz38ot4&sl=1&tt=63j&rl=1&ld=63l"
www.trendmicro.com/	1970-01-20 22:48:08	Name: drift_aid Value: 25871175-f647-451a-bd3d-0f082e6ad33a
www.trendmicro.com/	1970-01-20 22:48:08	Name: driftt_aid Value: 25871175-f647-451a-bd3d-0f082e6ad33a

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://www.trendmicro.com/libs/granite/csrf/token.json Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5427711.fls.doubleclick.net
945-cxd-062.mktoresp.com
9572106.fls.doubleclick.net
a1.b0e8.com
analytics.twitter.com
api.equally.ai
attr.ml-api.io
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
c.go-mpulse.net
cdn.b0e8.com
cdn.bc0a.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
connect.facebook.net
customer.cludo.com
e.acuityplatform.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
insight.adsrvr.org
ipv6.6sc.co
ixfd2-api.bc0a.com
j.6sc.co
js.adsrvr.org
js.driftt.com
load.sumo.com
load.sumome.com
marvel-b1-cdn.bc0a.com
marvel-processor.bc0a.com
metrics.api.drift.com
munchkin.marketo.net
origin.acuityplatform.com
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
resources.trendmicro.com
resources.xg4ken.com
rules.quantcount.com
s.go-mpulse.net
s.ml-attr.com
s7.addthis.com
secure.adnxs.com
secure.quantserve.com
sjs.bizographics.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
sumo.com
t.co
tags.srv.stackadapt.com
tags.tiqcdn.com
trendmicro.scene7.com
trk.techtarget.com
widget.equally.ai
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.trendmicro.com
www.youtube.com
5427711.fls.doubleclick.net
9572106.fls.doubleclick.net
analytics.twitter.com
sumo.com
104.102.38.132
104.17.72.206
104.18.13.159
104.244.42.197
108.138.15.119
13.107.42.14
142.250.186.138
146.75.116.157
154.59.122.94
169.150.247.37
172.217.18.2
18.66.112.118
185.89.210.244
192.28.144.124
2.17.100.193
2.17.189.179
2001:4860:4802:32::36
23.206.208.114
23.215.21.253
23.56.201.15
2400:52e0:1e00::1081:1
2600:9000:20eb:7e00:2:53b2:240:93a1
2600:9000:223c:e600:6:44e3:f8c0:93a1
2600:9000:223e:de00:7:2bfb:7c00:93a1
2600:9000:2250:b200:0:f267:a5c0:93a1
2600:9000:2251:2c00:12:3734:2a40:93a1
2606:4700:10::6816:1d60
2606:4700::6812:1c26
2606:4700::6812:a972
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2008
2a00:1450:4001:801::2004
2a00:1450:4001:802::2008
2a00:1450:4001:803::200e
2a00:1450:4001:806::2002
2a00:1450:4001:828::2003
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c1b::9a
2a02:26f0:1700:38a::11a6
2a02:26f0:3100::1735:28a8
2a02:26f0:3100::1735:28c0
2a02:26f0:3500:12::1730:17af
2a02:26f0:ab00::5c7a:d72a
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
3.210.10.81
34.111.194.12
34.111.208.231
34.111.78.58
35.190.5.192
35.201.125.192
35.201.70.94
35.71.131.137
44.196.174.154
50.16.7.188
52.222.214.80
52.57.57.222
68.67.153.60
91.228.74.168
99.80.55.69
00f7b1c95d34ae707d0b5a46f93e3d922c2c2b6b9b39deb0c8526b3ca0d8ba1d
02b968e5612a461f91a35f423ce0b6eebfb3b3d07f6b8e5a5a1dfadaac95a403
03d31adab235f1ff6d359ab136dbbd93281b9e1824bf86713d3d52ab7c07d686
04019f1a2e806799934779c93fee5dc96a8893931a47914beeaa8943fbce949f
04cb90cd5475714f45a5562264a035496163130291946f073c499cc8237081e2
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05e4b84b52a7f559bbae5584c7e6a6086f00aa0c3d9e524778f54bcdbc2068ae
0692c63a88a51fa56b7a0d2a0c588d30e64cda9eb3bdfd4989d70eb7fea5e5f7
0693dd5edc411e865c967df2f0980a09d1bd653fc23b8ff5df10349b0dd344ad
0933a1a2cd3eedac201111e69fbc5cdfb218d0a8a399d5c5cf3673d21705b38c
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0a24885b49ed513c1e14f2bce9ccc9efbb05e7875f6822544a0a54b8d4c3dd95
0b563445bc6c7a78eda52d449ee0173eba18e9eb1dce52b241ab7c05ee5b1ba8
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0d04d9eadc49c5514881c1c3f7c465a10a37ead378bc5e61cf96fdfcb3599e54
0d86756671757b1622e49e7b1405334d749dc18b0377b422fa0b8a0c493d9dc6
0dd0b80ecb24acff971c30743630fc9c282c8ed186e9e8f90c37915001eb8e4f
10d1802647ea3d7fc2fae8542d61819f937adae7ee2b39e49e599cf1e33beed0
1203817a41844d7b3fb01f6ebdef78975b98e96e09719b60fecc368afde2fc6e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
12a49d4af2ec2d95476e6c96c9ab1d6b72314e21a3bad1392102e2142b03c523
13792dfa9c563a70f282920cc74deca499da2085be25160d1d8f3df4a62c574f
14756cc2054f08522b6484664f50af92218ebd26030caea2ad7c8ea3b56cf6a6
14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c
16108b9f20b105ca2b79d5d1f1f0d5a62a23e0593ed7ff958a0c4ce62d8277c1
16270c15435abfbd1e22c9a06378d29d8823f68d61216d61422d1b0b0643e776
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
179eb991060face02477e0406b1a413ac50ec26fe9f397e07e4ee95f7e6a5298
17fd23fbf8800ea93808d750b30b38aec863cba09efdcf9723d3c0d607dedf11
188ed90abe595d002972d6451c908f1ad1fd4d49603ae48084ed0314fdfafdb1
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
199403cb09ddd1bb73cab095390b6cb2ef5e44e25cf6dd8886aff90840472af0
1a7bbfda1437f51f5827e2a96e2f0f171a46ec4a3e29c4ba87c36ca5762e75d7
1b154bfaea92a935726ed4a450101dc646a86588cfa0f066cae2050130124569
1b973667ceb759e49f2982721f36e4d20a2f8b5dce8c47ccf3039d6ab748143e
1ba86162266cc439093ce2c66c9e840ecc17d0a172dbb5b05014916886a5e97d
1c580985c46f2d69e9d251c3275a031da27d8219e702677f7285ddad9134c562
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d7c3fc0594c8fb856d9fd0a13a752dfaf8643c8b073582909c88be24e7e416f
1df3d992d7210fa9586f40bd3148949c4009ef43d1f3ae1ed86d3551895d940a
1e9fd0cc6ed00115fad2499573553d28fa650ff6ac827537aa62f636e36d5bca
1eec5c0901f05ca5cc50d03c5e87719cb12c5baa40939f7c5c81eae41f4b9732
1efbd25a5b8845437607f4a68c808d0dea71b0ea4bf82e7c2db54b4b83210a32
1f76fa434c34a06355281a8a9d5b62fc9b70b3aaa61fbdaf5215a8c64c932756
216bea5fb2bb15869cfb182606f949111276886fcc501392a3b48e08c751e12f
22c3fd46dc28317aef90042c0753148aa68707737146640e11165d6df6c02178
238bfe442a3a1faff7f21aa72c4fd53d8ed08d4dec06c88beb3220a71aff5308
261f7e2d8cf88b7864ad3fbfa973a3a960c5ee2f871863db02c54c54fe1984af
26f4b8a9bd7ed3a7dbd1734ab7f0ef9025ced9f30afe1911589272a6a80c87bd
288a9ccd9b1eeefd3dbb1472e44e1de6b28ce3cc808b7f89745f3e6caaefd3b4
293ceaa480bda1594e9f61f6a52858999cd0aad1ef4f5d3eafe7cc559727e41d
2a4fd41d09dad604a89574dbcee56eb1bf74cd4d4a7aecbf01eebc33b99bc724
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2b480ccb1417f45445cda8750a3f106d9f9da5f6d4dd0be650a7059d2c4d25b9
2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e
2be261a8f196631fc801a5e3ea0902cb8270c49e17d49ea195f4cc334ef5251b
2cd5c6f15151f54402181f1545bdeaa8751a0194c35833feaeae58504f61352a
2d629f289895461e21d84586f22c3f13ec967a94db43dcb98f18f224bc464ac4
2d9abd5461afa19e28ac14d9f0eaa260f9ba3207f5ce9e1f07fba1dd8c3e2b71
2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ef8b9e31459114323164f2e268930207669000845c974187eccf030c8b4dbce
2f57f5b4ec3968d3127d25c1ba8973b593df0bfa8171a12d7c9f399a038ca071
2fa1d425d12173f380683dfc5441805dbc9061607d22d3638e93c5430cec0dee
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
33f72046ad70d60885ed9f6445665d786e0bb6f1a0328141df0bfade26681b3c
34e3e8e071df4405a399fac0b891f405466434ab78b1cda7283676801bd083fc
3642c7e774562f7483d7b0de93dd1759fc6928e85eebd7e62ddae72e9d46c9cb
3698fc7e31c97eb87d996bdcc97841e9a07a7c85fbe07bdc44ba9d652723887a
372a90f11d04b5f23b65e506a4b508583ef185a175fbdb9f6511dbccc5d6f65f
37f184083289b4d57ce67756a5a766a37f50d9e130a6cf5b4068e41bc7beaf39
3a3abfe7b0630828bff7d1f3a6e29c316f1a432e1909877d8c713abf14e43c3e
3ab024f4b3bee687327d55fcb3791e699f903744ef30a6b13160cd0204656db0
3beaf2aa05abc754a560f723315ba58156356abc654d952382c6e6bb60cfb7f2
3c32db3e0a7ce1e76ba9ed6a2325f2a79e5a78a91607a35e8a2fe72267c13f2b
3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f
3ef7128999aa41f7c89193c9c49c881a7ebe0ec0c830bbbd90df2b587a9d1461
3f95c868390ea2426ee26d756867a51141df402ab30ccc73404c16450fc10f4b
3fce7af9faf22ef2d8c844e6e46cd27657f9f28e27d91d50f63e690d96db3c33
4148f72d9723522bf18a718743fae8f43b6e32117eac64a6c802d0e6df78e97e
41a27a9fa0aac6bb3cd619f91090bed5db0ea85aa47cc2057510e26e3853575c
429d40e370103a47cb2fa03e143136308ce0ad387fc05acfff349d40406440a2
42f2a22d45c6f2d8ba1ebc17ed8b417762baeed4f314c68deb39d8534b8f8ab0
442240b6d0d4290a8a5bf289beae6d52665dc71f7cb529034682c8fdcf313bb1
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
488f7d2c84db69159374afde4ed9e2dcf1ccd92217b7b1703c12b1ac0fba08c3
4974edb305c1eb164de890732645672c21ca61781bc396e5cbc01bc0520fcdfe
4a7f7e246fb61ccc3f57cd38061bbbdd4ada9768649d9d3e3362ec46be278bf5
4a99172dac84eee68d5bf206583998249f7854a2f0aa6b6dd5519341929fd632
4ab83592ce402440f1cbf8260a541ef669652a1992abba72a62b20fee5d5a74a
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
4c38452d4117e2bb77829601aca27ac6584ebdf4d42ce505c0f7b1ae0f933147
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
4fbc58f1c12f8e96e460b5e8eb147e12e8228e4ca8918e20ac64f40a473bfe8b
5006aa3baab91bbaa51ceb957b2714358edde4ab0ecd1465a7a35995524c6c28
514ecf0c4ae5d94af3f42c53cd5bb3dd2e9d972521531f4d0192858a1f851181
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
55a23478291e8e3095cc198af9ea9c2fe74284e2e10dcd73a985461cec632577
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56973f9e418401b76a5c15b4f04f3ca9731641b987a07099e12fbd3bfc162bfa
5844fdee62548492f0f94e2bb664a8cac96c6d129a28ee5d48d220c741a84468
5a0deae67410acca63b6c0199ab8265193d814fa1f47258267aaff0330b4f78b
5c30d00dbb97ec4c05d6b41e850ea8ffab1c1623692de4193bcb235639be1d8d
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1
5eb019e359fbb25ee979392549a9b4218b5908dfab4856b8c79c10d78e7e80bf
60352cd1c7e6c92aed0943fd714484508da9887b5f361499343ecc329af67ba7
608e5ed6a0820b02ac00e5ee7457a9822b5e5c1be9cba69d17c5a3e9ca4a4377
62397e880d321a76a895a59a25ad7c322339b8d0a38725d8d8f02933849f36ad
6269bafb85bd4d4fed6589655f7e0b8b612397226168098f95d3507848075f6d
645f75dbf15f9931d4c25509f2d3b55e8be7d97209957535382ecfd96658d7b2
648048606c44a023ebc77f5a1b6d5bb8dca39528cd59d33f1078bc5da503bdcf
65980366624c2c94b641021c0cd411825587bdc2cbc8d6cf84238ca6a23b4d2f
65afce6d1d06e0c5de846da477e3939ec081f9ccef27ae7514b2fadec43571a5
676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
679c26f4b30b50616fa8275a9f953519418d92cd91de789f9ef93b46841d7dfc
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
6882bb97b25bf71ecd9de333bcaa4eea46fd9f6763b383d07eff4c73b9c7ba30
68c21f3bfefc064bc07808b48bba6165dfc210d152ba4a6a35a567ed49151877
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6c73485194e7068e296702ffa46dfaffd159804fa9de43cdc2e884bb18d61218
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6ca4f32f43694ee56dda6581a83ef02225af274dc0aee381e86284c091911913
6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
74f5da663574c88f8694494adf45161949674fcfff783f3306b0644dc2a84adb
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7699a7c6b907fb736876de9ab4d8411b2c2f2562af034c8c8283bf3ac9c60e70
78a52e3055bc3e1d9acfb7001f05693b2adeb5ca9b7a034be8f7076752abaff7
78e40b1d012f9caf57a3f6fbf8d43c659d70f5848aac51cd4a185159738faf65
799cb15a25ed2fa78bdba496d1afbc68f033a3a5dd9ead12f4eaac4e0a93236d
7aa5165924f115f6e8c64a1e2d6bf238c5f33665fac27c6d69ba9e05a6bc701a
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7cde031d5fb4dbd23c4ca39abb1d1e2e13b30167e0d92357a5a9980b474077d9
801d37a3e3ca1817d45173f1b2991f9f8b576714436fae4bfdf13adc926b8654
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84cefd1aa644b3554bac62f5e3a3ed987274891af03231a93ff3931e40797077
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84f657435e631a1442815def2faa66eb24833b1047908ebd71275bfbef9690ed
850b962bd54ae724fe114a2015c4f9ae9a8165fc4a5ba7748597e4859ad10126
8552646919994af0c04b0f5e3fe6ce757cc3fe536bbf7d153fdfb0bc93ebe97a
86032ce845813767d4974c8a822df7f9e9833412716c4adea9648303aea95849
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
86cce2a11b19e83087b4ea15be2c293563f8dc90df958488174c2194e2adac07
87105e0592efc3a8a20b1b72aa7733ab06d140b12daf481fb2da62aab1d3080c
87be4c8f7e98a8df6d0ae79054b534abf5b54a3300a5a826fe63161a1ebf841e
88057ddacc1543613b0ee53043ce9abda8c2fa8bf584df3c8da2ed9ffdb08f93
89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533
8a59dc65855e86e08b66245adcdfda19081d45e5f9b9ede39cc18af792e45c6f
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6
8c7f57de0d28efc5119de35f1fbca187f933e86f66fb76d9d0d31d1ab317c6bd
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
907a8519ebea0f486dcf1588d3a1c2a82401f212732a5ee719389286b3fc5203
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
95bb5431dc66bbf816343df5593b2420833bd45c1792842f105df8ec9538a139
9693ea62c98cc157900c60558867f780c5702372b353378def5fe73d24501a36
96fdf0a4ca2f373b0514beed9c7d784fe86420abc1fe2cf8a27f9dc4f3363ce6
9811e7fd34b988c9cdd407f944154f52be1c39c1a3221f68dd583cf875b3450a
985a85728ad37064b2b77bf64f50abedc823aee1f9f85918aa1adbb54e6af176
9a28484c80af69892fcb64ee2186d0f9ebc96b371628e4099c6275077caf8fec
9cee6cb090b5f8cd5284df534171066f53f81925da931587d69f10a0060990f7
a0991dc31e6d81dee9c683472cf62aacf0c540e22b232f6dd879ff0d916e37c6
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11a4de90fb7f0a2618818e9a85a55817eb7560f898b1c8233bbdf4992184ac4
a153406ed48b5ba1abedc31709fe4d1f0386a299b1803afa6080b2a17e9c486b
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a3e731f69b88d795b5d1a4d40fbbe08dbfaaddd48359ac65a7bba6f82a96766e
a445dbe9164974a9d74b12b56e7479c4a8724c51361f65d43955892f72e81008
a5c2eee915ed72695afcc7898018bf57c41e62c9b7b964e8de8bbbec9e895d2d
a71bcb7e97223bdca2ff6105c4e261e96eaed1009d6326c404abe20011ed7dad
a8b719965d947ab374c07d0da488c475e73334fc9ca9f2c970f0c176ea609f0c
a8f57ae36e7533f330d488d78955b84759053d8890dbc12a940f5f16c0169c47
a9543c7b9d74f3d881d3557c48987098d6a428c4c18a25f3d15b0d644757bfc3
aa4fda18694f1e60c937933eebd752cc3ed0701652f0dfca84677c3267b26db9
aabadabee2129c884ffcc9a4a4125235df60c82531664af4b91c78aa4518b7bb
ac1928b4eed775725d2c16502e1aefa6b1bb11569e9e3904a77a91470dcf65b8
ac600769409043e65b9b5ba0677ec52989202868c43756d5374fc51fa13e5996
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b07770d8983d2f71938eb2831dfe622a79a895749e139ff3fa561d87c1871abf
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b11e9c3e88d676b53c3b42a72a5da71cb62a34b3d0b54572cf411b2f3df31120
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b1c1a4244de33316bdab018bf75ff07e00117f979075cf8a0c2c7b932b66fe3d
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b8f97aba3fc33d00b5058f30ac9b80efd2d1e7015fe3d0fd4f03ea83135045c3
ba4dde2c5e2251033818c4f743e6bb20635f9c2ea216bd000b7b882bb9bb4e62
ba5f38604d3d46c8ab6a42c0f795deab57b77d7e956236fcd180c6b568436a3f
baab390c2d7313aff54f9e972aec75d7293ed44cef9fd2eec59c1debe9343dfd
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bc6e1ea2c2ddcb591413f7bd88178f4563bd3dbbb5726fa86ad11777f99d5bf4
beb4690cf911f555766083248e81809736077be198a40edad9868c9e4469ca65
c04e4d65d5ca607d2af06851246a8429532b34536d461095920d423c3af5cccf
c05711dd9e517a8e32c7fddae8f57fd8fc74a372a2a4475f7c7c724c325ecbd3
c3798a57e46338fe89f29699d3798669b3764c47c40ab8c3222e86fdeaa183c6
c3ce2e555de1ff1f6d93d5b04804b49b8a7a58db95efd73633b04469a62953bb
c4a0cead3a20c2ebdb25153ad6c34a555b2a6e299e75e99cf584a7705e25521b
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c6670ba74f4332547bf31bf9937a31573a81a16e7f1ccc10b8d7c86ff5ce6e2f
c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3
c986afd07a4082d65befeef18869a4cd5e00f3ac6e8228d49658802c7453a1b8
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd1eef6ba8780ec4e408014498fe98f8691792cc00168d4b115f1500d502a3fc
ce7dc91291f13d36243e5d6238b7a71e5f5adc6adc1e8394991b3eefd140da0d
ce98040ef1495d50e893c599b758037b029a34f225730a4265330221bcef09db
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d172f2ebf38a578b105a8f3679bd3d73ec09e4388da4413526314df191623397
d20a47cc769dd4d879c7a3cd278a83c3e94ac5c8b8db593ef55f208d2637de83
d36f82d84bb48f9d37780eaa34580c67ee90847011f2e0a275ee4de34c019ba2
d5f14381258973e1a93167d8b3486ae1b2665ea072feb622e1ec0a446facc400
d6dc5d544d4b7902d19f8e02ffe940b582d99061ccc5b1021d03bbc0e7a31c37
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d733d569018593ba4d7257ffa1d2ff997ac5cc9a5c47e615d4805a9a7326ae33
d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3
d83b00522d778f1b4669ce92af6546aafffc1e435f012c1affae480c642979cd
d92c0eca2e492fde2b2f4fdfbd246e60c27773efa928e923c7292fbd60dd7211
d9adda21309e834d6b954f994610a2442bfbba1d146e6be62aa7e81cc64b3d35
da8c4697d246d5dde073b87ff33798d3fc46c4a3c5ca37626292b8efc7c3de99
db05d4267dfa54efcffce5353b6b16959137d2387075f61974be55c6d3d6413c
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
db5ea0c0a78110578ca87efd85a98576bffddb7e72f917594e23f57aa8930d23
dc4827058fb343b6fa6383fb5e3471f4ab744a82d0f6ec9d895e8ce5d2a969ff
dcae9bf037867f3fbc70a731bcefe918192a6dad58322aeb2b50c17629a5aa64
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd11c8008b7eab2ea917b46defaea238cddfb05bff238f92b52eccd072401c29
ddb3a051562457ce3d69a677341ad2cccad3a6c7dc6ca563c3a0c7a69ea181e7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dee39573f66beb94e1e159360500fd9b6f6198c051b71c9d378cb2515e3c2f1b
e083b7075e19454ef2b953fe638bef4a1544a5623a20b1b65164e492e4d96ccb
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e0f513da92d9f876183769ba72a43dba1adf79894aa4251bca6c1e12cab98844
e13210d73f28d0e459be96b5902f6fe77a5bd5e0aded882bffa5b1d605d4a7d6
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d85ea6dbd284d131f55a919eccaf1eb6bc6b8b57804859ee984bc57bb931a1
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e56931818e000bba2e582bd8b020d83d2ce90607968bf3db6e7f7593d2096491
e5b4ca233557b04b1922e9fabf5a3d434ff25bf480ac31cf9569d5502b9fc950
e60ddc42b5a5313af35fb03e659d9ad6c0e654e77e9b53b61308b949bdacec20
e62e33c26699a4c8198639a1a08aeef3675e2ffc1f2bd89c7f1625db530126b2
e6a9246cee9b14aa7ff7883f322d0302111b16a7c3b371ffab61e7487cbc1608
e6cbd6c0584fa15d9f5cc6dac11f12c9eb5c86705a34f61adecb2a74e287c015
e750ccc343c82c8de711cda3e0286120f7b24fe4ed64eedf83caa7e6eb505742
e80c71f412a308a4d9f5684861f89dc53a3f80102683de6e6322783b05402a3c
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
e8d6bfee017f78bfe2a9cb5500959ee26fd66b6b76f76d83607f35abaf94b03f
e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10
e926386e8f924613569b0605d37128f75f11b7899e581a4370d3c08f0b15c232
e983fca67555129ed6f39bd6d39242fcf0e3b4a2835624a6e05a7a3e8259a4ce
ea3e3c17cfd414a403313ddc73a62a264cbc205d962214e272321566e0d78ce8
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ecd619e1013f1de98ab10d4693d8d17ff1924494c099aaef02b0700636b51339
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05dd8d672174616de12f9b724a33cf82796fe6319db0e757d12787392eaa5b8
f1fd89fde4094d9e9cf162069777e058a37d5e703b8415a67d3d34b6e375f373
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f56f4cadeb39b4aea576a0e390353d4858389d64c8b6911554b11814a20673cb
f64a06f7949a0dabe65e7683ade627d29301122d68a4bc3239b161ec00697e66
f7c4b2a5a3e0e96fa5d9e35e3321512d0e390aabf2c2f2cc3b9093c2da534df4
f8b2beb661f2060ad9acfc574d17fb9b51d984c3ec4559defc2360a1192ba667
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f971e6f54d7eef3fe8bd136d36718bd6ceed99e1bde8c18358a16fea59ecf583
f98a692850c62cc221b0bf0049186b9606ffdf7858428cd566f7cc705bcbd630
faa4bb5aeb4dd651cbc1fccebaea63c8905058dfe5cbf1065d7ab93131903140
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe0ed1bdffc4da26665247b23e1cb07ab4d1984d25a2800609f1b8156f8286ba
fe1d871a892f3d5fb5a18e96fa9622db8388827882b25ea1a0dad379ad329b82
ffc79feebdfe105c3de8840c2a5814b3fae59d3529463fdf9329080967ed92ba

www.trendmicro.com Open in urlscan Pro 2.17.189.179 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

337 Requests

97 %HTTPS

45 %IPv6

48 Domains

71 Subdomains

60 IPs

6 Countries

13554 kBTransfer

20449 kBSize

55 Cookies

29 Outgoing links

Redirected requests

337 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.trendmicro.com Open in urlscan Pro
2.17.189.179 Public Scan

Screenshot
Live screenshot

Full Image

337
Requests

97 %
HTTPS

45 %
IPv6

48
Domains

71
Subdomains

60
IPs

6
Countries

13554 kB
Transfer

20449 kB
Size

55
Cookies

337 HTTP transactions
1 data transactions