www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Submission: On March 19 via manual (March 19th 2023, 11:18:37 am UTC) from AE — Scanned from DE

Summary HTTP 119 Redirects Behaviour Indicators

Summary

This website contacted 39 IPs in 4 countries across 25 domains to perform 119 HTTP transactions. The main IP is 104.20.60.209, located in and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com. The Cisco Umbrella rank of the primary domain is 55477.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 11th 2022. Valid for: a year.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
41	104.20.60.209 104.20.60.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.26.13.6 104.26.13.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
1	54.235.77.118 54.235.77.118	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:14ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.189.16 13.224.189.16	16509 (AMAZON-02) (AMAZON-02)
1	18.64.141.8 18.64.141.8	16509 (AMAZON-02) (AMAZON-02)
1 11	104.18.22.41 104.18.22.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2600:9000:211... 2600:9000:211e:7e00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
1	88.221.169.78 88.221.169.78	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2600:1901:0:7... 2600:1901:0:7416::1	15169 (GOOGLE) (GOOGLE)
1	34.160.110.8 34.160.110.8	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 6	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:3600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:e000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:225e:1c00:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	34.120.117.212 34.120.117.212	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:802::200d	15169 (GOOGLE) (GOOGLE)
1	3.66.33.201 3.66.33.201	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	18.66.122.74 18.66.122.74	16509 (AMAZON-02) (AMAZON-02)
2	54.78.253.158 54.78.253.158	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	104.18.23.41 104.18.23.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
119	39

41 104.20.60.209 (None, )

ASN13335 (CLOUDFLARENET, US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.77.118 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-77-118.compute-1.amazonaws.com

ssl-proxy-updated.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14ce (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-16.fra2.r.cloudfront.net

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.141.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-141-8.mct50.r.cloudfront.net

ecdn.firstimpression.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.18.22.41 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:211e:7e00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.169.78 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-78.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:7416::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

functionalfeather.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.110.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.110.160.34.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:3600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:e000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

developers.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:1c00:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.117.212 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 212.117.120.34.bc.googleusercontent.com

ls.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.66.33.201 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-33-201.eu-central-1.compute.amazonaws.com

audit-tcfv2.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

ins.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-74.fra60.r.cloudfront.net

cdn.firstimpression.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.253.158 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-253-158.eu-west-1.compute.amazonaws.com

tag.escalated.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.23.41 (None, )

ASN13335 (CLOUDFLARENET, US)

vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	bleepingcomputer.com www.bleepingcomputer.com — Cisco Umbrella Rank: 55477	198 KB
15	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 2994 cds.connatix.com — Cisco Umbrella Rank: 3033 capi.connatix.com — Cisco Umbrella Rank: 2625 ins.connatix.com — Cisco Umbrella Rank: 4295 vid.connatix.com — Cisco Umbrella Rank: 3737 img.connatix.com — Cisco Umbrella Rank: 3584	649 KB
10	google.com 2 redirects apis.google.com — Cisco Umbrella Rank: 107 developers.google.com — Cisco Umbrella Rank: 11654 accounts.google.com — Cisco Umbrella Rank: 73	138 KB
9	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 3496 r.skimresources.com — Cisco Umbrella Rank: 3347 t.skimresources.com — Cisco Umbrella Rank: 3516 p.skimresources.com — Cisco Umbrella Rank: 4548 ls.skimresources.com — Cisco Umbrella Rank: 10497	17 KB
7	consensu.org quantcast.mgr.consensu.org — Cisco Umbrella Rank: 3205 test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 17537 audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 44831	296 KB
5	bleepstatic.com www.bleepstatic.com — Cisco Umbrella Rank: 92829	16 KB
4	doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 168 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188	162 KB
3	functionalfeather.com functionalfeather.com — Cisco Umbrella Rank: 55569	22 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25 region1.google-analytics.com — Cisco Umbrella Rank: 2388	20 KB
2	escalated.io tag.escalated.io — Cisco Umbrella Rank: 37801	30 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 147	89 KB
2	firstimpression.io ecdn.firstimpression.io — Cisco Umbrella Rank: 25843 cdn.firstimpression.io — Cisco Umbrella Rank: 24840	101 KB
2	pub.network a.pub.network — Cisco Umbrella Rank: 4597 d.pub.network — Cisco Umbrella Rank: 4978	45 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	123 KB
1	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 444
1	gstatic.com ssl.gstatic.com	5 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 108
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 541	483 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 933	643 B
1	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 980	9 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 886	6 KB
1	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 1410	1 KB
1	analysis.fi ecdn.analysis.fi — Cisco Umbrella Rank: 30265	2 KB
1	herokuapp.com ssl-proxy-updated.herokuapp.com	17 KB
0	springserve.com Failed tv.springserve.com Failed
119	25

	Domain	Requested by
41	www.bleepingcomputer.com	www.bleepingcomputer.com
7	img.connatix.com	www.bleepingcomputer.com
6	apis.google.com	1 redirects www.bleepingcomputer.com apis.google.com accounts.google.com
5	quantcast.mgr.consensu.org	www.bleepstatic.com quantcast.mgr.consensu.org
5	www.bleepstatic.com	www.bleepingcomputer.com
3	securepubads.g.doubleclick.net	cd.connatix.com securepubads.g.doubleclick.net
3	t.skimresources.com	www.bleepingcomputer.com s.skimresources.com
3	functionalfeather.com	a.pub.network
3	cds.connatix.com	www.bleepingcomputer.com cd.connatix.com
2	tag.escalated.io	ecdn.firstimpression.io a.pub.network
2	ins.connatix.com	cd.connatix.com
2	accounts.google.com	apis.google.com www.bleepingcomputer.com
2	ls.skimresources.com	s.skimresources.com
2	developers.google.com	1 redirects apis.google.com
2	p.skimresources.com	www.bleepingcomputer.com
2	connect.facebook.net	www.bleepingcomputer.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.bleepingcomputer.com www.googletagmanager.com
1	vid.connatix.com	cd.connatix.com
1	imasdk.googleapis.com	cd.connatix.com
1	cdn.firstimpression.io	ecdn.firstimpression.io
1	ssl.gstatic.com	accounts.google.com
1	audit-tcfv2.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	capi.connatix.com	cd.connatix.com
1	www.facebook.com	a.pub.network
1	test.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	static.adsafeprotected.com	www.bleepingcomputer.com
1	rules.quantcount.com	secure.quantserve.com
1	r.skimresources.com	s.skimresources.com
1	region1.google-analytics.com	www.googletagmanager.com
1	secure.quantserve.com	quantcast.mgr.consensu.org
1	static.cloudflareinsights.com	www.bleepingcomputer.com
1	s.skimresources.com	www.bleepingcomputer.com
1	d.pub.network	a.pub.network
1	widgets.outbrain.com	www.bleepingcomputer.com
1	ad.doubleclick.net	www.bleepingcomputer.com
1	cd.connatix.com	1 redirects
1	ecdn.firstimpression.io	www.bleepingcomputer.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	a.pub.network	www.bleepingcomputer.com
1	ssl-proxy-updated.herokuapp.com	www.bleepingcomputer.com
0	tv.springserve.com Failed	cd.connatix.com
119	42

This site contains no links.

Subject Issuer	Validity	Valid
bleepingcomputer.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-11` - `2023-05-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-16` - `2023-05-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.herokuapp.com Amazon RSA 2048 M01	`2023-02-23` - `2023-05-31`	3 months	crt.sh
analysis.fi Amazon RSA 2048 M01	`2023-02-28` - `2023-12-02`	9 months	crt.sh
*.firstimpression.io Sectigo RSA Domain Validation Secure Server CA	`2022-11-27` - `2023-12-05`	a year	crt.sh
cmp.quantcast.com R3	`2023-02-13` - `2023-05-14`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-11`	a year	crt.sh
functionalfeather.com R3	`2023-03-03` - `2023-06-01`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2022-03-19` - `2023-04-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-26`	2 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.skimresources.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-25` - `2023-11-08`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
quantserve.com R3	`2023-02-13` - `2023-05-14`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2022-08-22` - `2023-09-23`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.escalated.io Go Daddy Secure Certificate Authority - G2	`2023-01-03` - `2024-02-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Frame ID: B8F52BB38BFB21170C7FC51809360357
Requests: 101 HTTP requests in this frame

Frame: https://cds.connatix.com/p/245069/connatix.playspace.dc.js?tier=1
Frame ID: 4D8183AC8C464B821C32EAFB49CC3323
Requests: 11 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6894021137351312
Frame ID: 2FC6C3C846D3C70E07AC2C969489610D
Requests: 1 HTTP requests in this frame

Frame: https://developers.google.com/?hl=de
Frame ID: 5D607DFF13A2F014BA635329168B97EE
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.Kkp5jCVP1mE.O%2Fd%3D1%2Frs%3DAHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw%2Fm%3D__features__
Frame ID: C8EB49A41C42313FF6C7A2D0DDD9D60C
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

script.aculo.us (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/(?:scriptaculous|protoaculous)(?:\.js|/)

Page Statistics

119
Requests

95 %
HTTPS

50 %
IPv6

25
Domains

42
Subdomains

39
IPs

4
Countries

1945 kB
Transfer

6685 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://cd.connatix.com/connatix.playspace.js HTTP 302
https://cds.connatix.com/p/245069/connatix.playspace.dc.js?tier=1

Request Chain 75

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F689755%2Fhighly-advanced-root-kit-or-virus%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.Kkp5jCVP1mE.O%2Fd%3D1%2Frs%3DAHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw%2Fm%3D__features__ HTTP 301
https://developers.google.com/ HTTP 302
https://developers.google.com/?hl=de

119 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/ 354 KB
74 KB 1499ms
1470ms Document
text/html 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9750f8a2275f1d5089b27482da3b029eac455a01d2f4b42d68dbd9ce8dde626b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7aa550095ad03a96-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests;
content-type: text/html;charset=ISO-8859-1
date: Sun, 19 Mar 2023 11:18:06 GMT
expires: Sat, 18 Mar 2023 11:18:06 GMT
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN

GET
H2 200 prettify.css
www.bleepingcomputer.com/forums/public/style_css/ 1 KB
564 B 30ms
25ms Stylesheet
text/css 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/prettify.css?ipbv=27abb701147009d4a8a9411a195be634

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfd753d445592a633d4e3b8f74fe6e4ca85ab95a1f0b2fc00f11afeaaeed8194

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
age: 900
cf-polished: origSize=2207
etag: W/"89f-4dddda0323b00-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=18000
cf-ray: 7aa55012b9cd3a96-FRA

GET
H2 200 prototype.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 134 KB
36 KB 32ms
27ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prototype.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2a0ed3ea5aebdf80781e96b0e677656f9db72ea592b679299953852fef84b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
age: 1367
cf-polished: origSize=180829
etag: W/"2c25d-4dddd9fb82900-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa55012b9d53a96-FRA

GET
H2 200 ipb.js Show response
www.bleepingcomputer.com/forums/public/js/ 81 KB
21 KB 34ms
30ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=27abb701147009d4a8a9411a195be634&load=quickpm,hovercard,sharelinks,topic,like

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d813e6becda7ebe8b6bf1a54e7b83aa2a2551dc41bf4f07877834984a293958e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 15 Nov 2020 20:33:38 GMT
server: cloudflare
age: 900
cf-polished: origSize=128896
etag: W/"1f780-5b42b2d2db890-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa55012b9d63a96-FRA

GET
H2 200 scriptaculous-cache.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/ 55 KB
15 KB 25ms
22ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/scriptaculous-cache.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a10fb2699752353ba3f55bdb022589d690843ebbbf9f3b80789f2a57010475e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 16 Nov 2020 16:14:01 GMT
server: cloudflare
age: 6553
cf-polished: origSize=79650
etag: W/"13722-5b43baa8f0d38-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa55012b9d73a96-FRA

GET
H2 200 ipb.lang.js Show response
www.bleepingcomputer.com/forums/cache/lang_cache/1/ 28 KB
8 KB 27ms
25ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/cache/lang_cache/1/ipb.lang.js?nck=4b93cd7f1f76df9c2c1783aae5cc39b1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d88cb5d257b60d6a83577ae57ca7d69545f3dfb1ac545201b3b6cd1b0fc35557

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 05 Sep 2022 22:17:47 GMT
server: cloudflare
age: 900
cf-polished: origSize=30126
etag: W/"75ae-5e7f5731b35ba-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa55012b9da3a96-FRA

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 2 KB
2 KB 40ms
14ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28d4e8c1043164607dcdeb358e2a08c9565fe286ceeeabea79e67f8c680187e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 412
cf-polished: origSize=3904
cf-bgj: minify
last-modified: Mon, 05 Oct 2020 20:38:13 GMT
server: cloudflare
etag: W/"2345400546"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d0GybjtLY9BMLEf9Gfwo7Hu2r5bcEWk79IBVoqg9ErclIdJd3wufSAhoi8%2BQyr7bHnfQvUqFaMBlOvpbwy1aMR%2Bmr7zaBz3SnUX4qR6%2B%2BvomIKS5evMDa13o7xSzZh5gKBzaQso%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 7aa550133cb591e4-FRA
expires: Mon, 20 Feb 2023 04:50:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
45 KB 49ms
29ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd8073cfec57e28b26e9b76dfc068aafdd7ece59b8effc27d2201fc467f774ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 45659
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 19 Mar 2023 11:18:06 GMT

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/ 575 B
782 B 23ms
20ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe9d30276e3d66a71219ad2b0ed5a9663020a5c534557dd0f5c8ba71da4ebd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: status=not_needed
content-length: 575
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "23f-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135a993a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 forum-logo.png
www.bleepstatic.com/logo/ 5 KB
5 KB 16ms
12ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logo/forum-logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e5a1148e6ba00dec0218671857bc04820e1a4628a6de00a659ece715a6ed2f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 824831
cf-polished: origFmt=png, origSize=9361
content-disposition: inline; filename="forum-logo.webp"
content-length: 4656
cf-bgj: imgq:85,h2pri
last-modified: Fri, 26 Nov 2010 18:53:37 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tD6tJJEIqHaZSgg%2BPLwkYIzvjezawLNVFCGfFgQlBvuqqhgJ8FeMbYvZfpFXe3LgRut%2FUF7Gn26iDR5FsXTFZW2CMUZ8HUnrTQUz56cVaRN8qbmggWyMNcZY3%2FRj6AVUHM8MuYM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135cd491e4-FRA
expires: Sat, 08 Apr 2023 22:10:54 GMT

GET
H2 200 useropts_arrow.png
www.bleepingcomputer.com/forums/public/style_images/master/ 81 B
275 B 23ms
20ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/useropts_arrow.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7451690fed2a104bf6ff86e5ab0b3a7d8393d26a859a4bad6ba81b1d7aa339d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=129, status=vary_header_present
content-length: 81
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "81-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135a9d3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 default_large.png
www.bleepingcomputer.com/forums/public/style_images/master/profile/ 2 KB
3 KB 25ms
21ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/profile/default_large.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f7ad438c88cd0653af6066d4c148e00824961112a865f9611e258b9f3cc0981

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1408769
cf-polished: origSize=2589, status=vary_header_present
content-length: 2456
cf-bgj: imgq:85,h2pri
last-modified: Wed, 09 Mar 2011 20:59:50 GMT
server: cloudflare
etag: "a1d-49e13027a9d80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135a9f3a96-FRA
expires: Sun, 02 Apr 2023 03:58:37 GMT

GET
H2 200 lock.png
www.bleepingcomputer.com/forums/public/style_images/master/ 729 B
849 B 23ms
20ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lock.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28119ca11bc23f972f8e463761547044174823430b09a0f1fbfed91acbeb35d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1398379
cf-polished: status=not_needed
content-length: 729
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "2d9-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135aa13a96-FRA
expires: Sun, 02 Apr 2023 06:51:47 GMT

GET
H2 200 icon_share.png
www.bleepingcomputer.com/forums/public/style_images/master/ 188 B
330 B 28ms
25ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_share.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1832b7da0292ab076dfe046f8b1c2d5fcfd1bfb5628b7e21a3754a20308aa57

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=1201, status=vary_header_present
content-length: 188
cf-bgj: imgq:85,h2pri
last-modified: Fri, 12 Oct 2012 09:31:38 GMT
server: cloudflare
etag: "4b1-4cbd95ac45280"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135aa23a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 post_top.png
www.bleepstatic.com/skin_images/bc/ 226 B
608 B 16ms
14ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/skin_images/bc/post_top.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efc6361ebe5a559578c83bf197d5407b7f6bf44f74d35c4ee8eb22c810fb34a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1616776
cf-polished: origFmt=png, origSize=3076
content-disposition: inline; filename="post_top.webp"
content-length: 226
cf-bgj: imgq:85,h2pri
last-modified: Wed, 09 Jun 2010 03:08:32 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YO0sUDmNS4SATe8qlCHbsOEmOk%2FJMXYVL6P0VnGiWjocmNT8tm%2Bvtb%2FUditWmBenUp3S0zmoPOGicxpOVQLP0XLDkKWX82AYoiO8daXV4I%2FbwvzJhBPQWKtJqEr%2FOcXoWfqt4Pg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135cd691e4-FRA
expires: Thu, 30 Mar 2023 18:11:50 GMT

GET
H2 200 bot.jpg
www.bleepstatic.com/images/site/forum/bots/ 934 B
1 KB 16ms
13ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/forum/bots/bot.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63e2dfceaeeb7e8b933fa7fe96048fac66ad3fab6ab270b8e4a28ce02c1b73ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2933
cf-polished: qual=85, origFmt=jpeg, origSize=1566
content-disposition: inline; filename="bot.webp"
content-length: 934
cf-bgj: imgq:85,h2pri
last-modified: Tue, 20 Oct 2009 04:08:57 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FdBiVOIbmMxvs8gxveRhvwlzAkEKFJ3MSbqjIiisdx7PWP6AFaptrRKQ%2FBac8PDmKQ2%2FhgvQaScW6OUgYGYESLMgPdsODETj44fE1Mnfgws6592c53qG3cOm2dRm58cYXff4wTw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135cd791e4-FRA
expires: Sat, 18 Mar 2023 23:13:15 GMT

GET
H2 200 photo-thumb-72247.gif
www.bleepingcomputer.com/forums/uploads/profile/ 4 KB
4 KB 28ms
26ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-72247.gif?_r=0

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1c32bf45adff327691e2c6e609790aa727e85dc3392ffbf412a347d298dcb7d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1389373
cf-polished: origSize=3912, status=vary_header_present
content-length: 3714
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Feb 2013 13:21:09 GMT
server: cloudflare
etag: "f48-4d52250db5b40"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135aa43a96-FRA
expires: Sun, 02 Apr 2023 09:21:53 GMT

GET
H/1.1 200
OK /
ssl-proxy-updated.herokuapp.com/d8354d7bc41e4cfdd6bddac09b1d2a6c82033c52/687474703a2f2f646565707279626b612e74726f6a616e65722d626f6172642e64652f657365742f656e672f6174746163686c6f67732e706e67/ 16 KB
17 KB 1030ms
727ms Image
image/png 54.235.77.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl-proxy-updated.herokuapp.com/d8354d7bc41e4cfdd6bddac09b1d2a6c82033c52/687474703a2f2f646565707279626b612e74726f6a616e65722d626f6172642e64652f657365742f656e672f6174746163686c6f67732e706e67/

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.235.77.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-235-77-118.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

19e7c5b2f103b9ed6dbd1ed864515815f1b67350d4bbff9c9e1284e81531ef0b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Security-Policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Sun, 19 Mar 2023 11:18:07 GMT
Via: 1.1 vegur
Camo-Host: ssl-proxy-updated
Connection: keep-alive
Content-Length: 16366
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 28 Mar 2015 13:37:23 GMT
Server: Cowboy
Etag: "3fee-5125959578df2"
X-Frame-Options: deny
Content-Type: image/png
Cache-Control: max-age=2592000, public
Expires: Tue, 18 Apr 2023 11:18:07 GMT

GET
H2 200 txt.gif
www.bleepingcomputer.com/forums/public/style_extra/mime_types/ 203 B
335 B 29ms
27ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/mime_types/txt.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e6b6895ab9c1fab302d73906ec3259ac826ffc4a3ae743412bf8a096a33054

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1144517
cf-polished: status=not_needed
content-length: 203
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "cb-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550135aa53a96-FRA
expires: Wed, 05 Apr 2023 05:22:49 GMT

GET
H2 200 ips.quickpm.js Show response
www.bleepingcomputer.com/forums/public/js/ 5 KB
2 KB 22ms
21ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.quickpm.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=27abb701147009d4a8a9411a195be634&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f34544ddb27241b3eccb8e06d7447230005e8718b463a30d9dd83d1e8bada1a1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
age: 899
cf-polished: origSize=7306
etag: W/"1c8a-4dddda0323b00-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550132a593a96-FRA

GET
H2 200 ips.hovercard.js Show response
www.bleepingcomputer.com/forums/public/js/ 7 KB
2 KB 23ms
22ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.hovercard.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=27abb701147009d4a8a9411a195be634&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e3b8f6c06d2d74cc294ee6439e67b08890587be0081249a158469ace2eaeaaf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
age: 899
cf-polished: origSize=12576
etag: W/"3120-4dddda0323b00-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550132a5b3a96-FRA

GET
H2 200 ips.sharelinks.js Show response
www.bleepingcomputer.com/forums/public/js/ 4 KB
1 KB 25ms
24ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.sharelinks.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=27abb701147009d4a8a9411a195be634&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f1e90548e911e24dedcb2ca0ffee6847a49a8648e9c615bcd0582bb7c7993fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
age: 899
cf-polished: origSize=5869
etag: W/"16ed-4dddd9fb82900-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550132a5c3a96-FRA

GET
H2 200 ips.topic.js Show response
www.bleepingcomputer.com/forums/public/js/ 28 KB
7 KB 20ms
20ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.topic.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=27abb701147009d4a8a9411a195be634&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a51f645170637f10f3eba218020318af3fff3ad8e7087db87ef607896f19a940

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 29 Dec 2015 18:39:43 GMT
server: cloudflare
age: 899
cf-polished: origSize=45653
etag: W/"b255-5280dbeb879c0-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550132a5d3a96-FRA

GET
H2 200 ips.like.js Show response
www.bleepingcomputer.com/forums/public/js/ 4 KB
1 KB 22ms
21ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.like.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=27abb701147009d4a8a9411a195be634&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf50c94253085740a5cce42e9c14f7b897cfc384303b38a5d9d7a0ab8ea5160f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
age: 6308
cf-polished: origSize=6287
etag: W/"188f-4dddd9fb82900-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550132a5e3a96-FRA

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 107 KB
38 KB 54ms
24ms Script
application/javascript 2606:4700::6812:14ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ebe6c2f9e0ba857a6a251603ee815915306191edbf34e2bb1108952e9f19e25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 137329
x-guploader-uploadid: ADPycdshoZPfe7S1mTOM1t6sWDIr3na_vNG5SBSDD9cHUHrAIqZO8olEpfEKO8oLqut4PLl9ymBdHe76me3WY-TlDRgUWUB_po24
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Wed, 15 Mar 2023 15:17:00 GMT
server: cloudflare
etag: W/"e21fa7b2cdc1facd1217aaae5de84662"
vary: Accept-Encoding
x-goog-generation: 1678893420383352
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=w+AX2A==, md5=4h+nss3B+s0SF6quXehGYg==
access-control-expose-headers: *
cache-control: public, max-age=1800
x-goog-stored-content-length: 109487
cf-ray: 7aa5501378c32c7a-FRA
expires: Sun, 19 Mar 2023 11:48:06 GMT

GET
H2 200 fab.js Show response
ecdn.analysis.fi/static/js/ 4 KB
2 KB 36ms
7ms Script
application/javascript 13.224.189.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-16.fra2.r.cloudfront.net
Software: Apache/2.4.54 (Debian) /
Resource Hash: d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 10:29:15 GMT
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 2931
x-cache: Hit from cloudfront
content-length: 1696
last-modified: Fri, 24 Feb 2023 13:19:37 GMT
server: Apache/2.4.54 (Debian)
etag: "1090-5f571fb226c40-gzip"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: YMy61RRg873-scSQZWPycFAfoun6BhsekDeOtO_PSCj_nxYL_2fXgg==

GET
H/1.1 200
OK fi_client.js Show response
ecdn.firstimpression.io/ 350 KB
92 KB 601ms
212ms Script
application/javascript 18.64.141.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ecdn.firstimpression.io/fi_client.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.64.141.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-64-141-8.mct50.r.cloudfront.net

Software

Apache/2.4.54 (Debian) / PHP/8.2.0

Resource Hash

6235737b5fda15b39bff1ac05e660cd2fca11e9638fbe952542d93bc6b6be19d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Sun, 19 Mar 2023 10:24:09 GMT
Content-Encoding: br
Via: 1.1 2d0b830a524ee826124d2332ddda1354.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MCT50-P1
Age: 3238
X-Powered-By: PHP/8.2.0
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 0
Last-Modified: Sun,19 Mar 2023 10:24:09 UTC
Server: Apache/2.4.54 (Debian)
ETag: W/"2ef88a71422a63f1eafa6c386e63885e"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
X-Amz-Cf-Id: 79UJgU_BW5fdYn-ER6yl7dJ8_1-JyBh5KisDpU57QJqPxVBkt9H8Kg==

GET
H2 200 ipb_print.css
www.bleepingcomputer.com/forums/public/style_css/css_7/ 3 KB
1 KB 22ms
21ms Stylesheet
text/css 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/css_7/ipb_print.css

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbd8236978dd3f165bc49566f78c460e3937e552df38787439c1ef2797c4c709

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 14 Dec 2022 03:24:28 GMT
server: cloudflare
age: 1362
cf-polished: origSize=3158
etag: W/"c56-5efc1463265b4-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=18000
cf-ray: 7aa550135aa63a96-FRA

GET
H2 200 user_navigation.png
www.bleepingcomputer.com/forums/public/style_images/master/ 189 B
324 B 20ms
19ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/user_navigation.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e6274abac1820c8bd99f826cf35a60aeaa56b962500486acc5665f98005031e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=282, status=vary_header_present
content-length: 189
cf-bgj: imgq:85,h2pri
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
etag: "11a-49d6c2153a000"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550136ab93a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 advanced_search.png
www.bleepingcomputer.com/forums/public/style_images/master/ 261 B
373 B 19ms
18ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/advanced_search.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14dcce7abfc690cecd57a737a8af6fd712c2b7fec668b772d9f014f6ded77ef8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=293, status=vary_header_present
content-length: 261
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "125-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550136abb3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 search_icon.png
www.bleepingcomputer.com/forums/public/style_images/master/ 202 B
424 B 23ms
22ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/search_icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=223, status=vary_header_present
content-length: 202
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "df-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550136ac63a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 icon_quicknav.png
www.bleepingcomputer.com/forums/public/style_images/master/ 489 B
608 B 55ms
53ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_quicknav.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1731db9016f326daff11d0045c86fd068ec9e72cc4c6ec56a7c856a3a3d28c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: status=not_needed
content-length: 489
cf-bgj: imgq:85,h2pri
last-modified: Fri, 01 Jul 2011 10:17:42 GMT
server: cloudflare
etag: "1e9-4a6ff53f0bd80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550136ac83a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 topic_button_closed.png
www.bleepingcomputer.com/forums/public/style_images/master/ 168 B
336 B 22ms
21ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/topic_button_closed.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e58ef84b3994aa5d6238df46b20e480c270cdd6094a41166583f7491665152a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1401658
cf-polished: origSize=251, status=vary_header_present
content-length: 168
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Apr 2011 17:38:04 GMT
server: cloudflare
etag: "fb-4a15d163d7700"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550136ac93a96-FRA
expires: Sun, 02 Apr 2023 05:57:08 GMT

GET
H2 200 maintitle.png
www.bleepingcomputer.com/forums/public/style_images/master/ 192 B
394 B 34ms
33ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/maintitle.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85a2c5bd701224851deca6029998517a35d091922217a90241fd0c7f244e8f11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=295, status=vary_header_present
content-length: 192
cf-bgj: imgq:85,h2pri
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
etag: "127-49d6c2153a000"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550136aca3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2

200

connatix.playspace.dc.js Show response
cds.connatix.com/p/245069/ Frame 4D81
Redirect Chain

https://cd.connatix.com/connatix.playspace.js
https://cds.connatix.com/p/245069/connatix.playspace.dc.js?tier=1

1 MB
268 KB

53ms
37ms

Script
application/javascript

104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/245069/connatix.playspace.dc.js?tier=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Server: 104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 408d928b60d267c2dd8406291006efc0da61302e80bee9f6f00913fbf919861a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
x-amz-version-id: eZUWMPvTuEuGjjfxP_4h5_WUbXYJzZ0k
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Mar 2023 16:05:46 GMT
server: cloudflare
etag: W/"898922ca5810a8d1488dc225a35ba55b"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 7aa55014df012be9-FRA
access-control-allow-headers: range
expires: Mon, 18 Mar 2024 11:18:06 GMT

Redirect headers

date: Sun, 19 Mar 2023 11:18:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
surrogate-control: no-cache, no-store, must-revalidate, max-age=0
vary: Accept-Encoding
location: https://cds.connatix.com/p/245069/connatix.playspace.dc.js?tier=1
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 7aa55013ad042be9-FRA
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/ 5 KB
2 KB 39ms
8ms Script
application/javascript 2600:9000:211e:7e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/choice.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:7e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a5ad4fb0d40625889969083053d32ab1191e66c11bb4aebfde2643954c0f5673

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:17:39 GMT
content-encoding: br
via: 1.1 8e83c42d247a31c5b365c08a0352d8f8.cloudfront.net (CloudFront)
last-modified: Wed, 10 Feb 2021 21:51:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 28
x-amz-server-side-encryption: AES256
etag: W/"2a272bfedaf02360b78846550b427698"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-amz-cf-id: bF2xf3WY-tS2xm4bG-8i39Zu64ovQctes174L0ZSUznxcza4QYUJdg==

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 41ms
6ms Image
image/x-icon 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 14:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Mar 2023 14:50:04 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 990 B
1 KB 36ms
8ms Image
image/svg+xml 88.221.169.78
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.169.78 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-169-78.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

expires: Tue, 18 Apr 2023 11:18:06 GMT
date: Sun, 19 Mar 2023 11:18:06 GMT
last-modified: Tue, 10 Jan 2023 16:40:08 GMT
server: AkamaiNetStorage
etag: "5ab8e16b5f46213840bcd403e349419c:1673369393.880194"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 990
access-control-request-headers: X-OB-STG,X-OB-PRD

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
78 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GD465VRQLD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e6501ce2cf37b71066573e756fccffab14d0134aee3728ce967b7194451a4d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79940
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 19 Mar 2023 11:18:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Mar 2023 10:23:33 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3273
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Sun, 19 Mar 2023 12:23:33 GMT

GET
H2 200 v2ouovkdskhGYvltUVr1FLiACAgrBc7Clxs3jmm-2LqJgA40EpJGzH6hFvA Show response
functionalfeather.com/ 60 KB
22 KB 70ms
26ms Script
text/javascript 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://functionalfeather.com/v2ouovkdskhGYvltUVr1FLiACAgrBc7Clxs3jmm-2LqJgA40EpJGzH6hFvA

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

3f25a29ea06dc1ddb843833e39939c2bb3ef74ebcea5fe2b5f226135facf5d8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Sun, 19 Mar 2023 11:18:06 GMT
x-datacenter: gce-europe-west1
etag: "3bf40d7afa6007daeeb0704841948d2449d3fb90a829451960d3d5bcbedc9fa0"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-7mmh
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 787370472
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 init Show response
d.pub.network/v2/ 70 KB
7 KB 157ms
129ms Fetch
application/json 34.160.110.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/v2/init?siteId=535&env=PROD
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.110.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.110.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 4e7e35b13ee9ee10cbc740d38f508aac75a59bee6a728919a9e4f4f29664a73a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 575 B
657 B 21ms
20ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe9d30276e3d66a71219ad2b0ed5a9663020a5c534557dd0f5c8ba71da4ebd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: status=not_needed
content-length: 575
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "23f-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550140bdf3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 39ms
12ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e71a0911a291acca49f86e4431126c327531763024ef943a814a4df27ea9cf9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Mar 2023 11:18:06 GMT
content-md5: riCkaRcyBoMPov66zWPPxg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 9zv3u3S5UfQWbnLFu/BrMnML79Jyr41q+h7uepIb4skxOLbBgJBXObOBhBj8S2GMntPRcjFGXZKs+JPmnXrUHw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
x-fb-content-md5: 2da1e1b61788eb7f0ff559fb4c427f7c
cross-origin-opener-policy: same-origin-allow-popups
etag: "a33a3d5230039512b2561c9d28d0266e"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sun, 19 Mar 2023 11:36:14 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 54 KB
21 KB 56ms
15ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c41179dbf1f74b08e7fc7a53b07b77e545cb077450debb17635c39ceebca411

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Mar 2023 11:18:06 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21025
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "c47fe3be899f7376"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 11:18:06 GMT

GET
H2 200 digg.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 357 B
522 B 29ms
22ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/digg.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f33585b10bb5487bd6c92f53018de62cb147ab48b829334b7f97437015aae557

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1408238
cf-polished: origSize=431, status=vary_header_present
content-length: 357
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "1af-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c013a96-FRA
expires: Sun, 02 Apr 2023 04:07:28 GMT

GET
H2 200 delicious.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 305 B
424 B 28ms
20ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/delicious.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9f912b0e7a50c12745f52ec2848dce5b779369999c6d35e6c297c713ce53d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=308, status=vary_header_present
content-length: 305
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "134-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c063a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 reddit.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 611 B
723 B 28ms
21ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/reddit.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9019adc6ec44d2cd4f38c97b8319b0ae8da8f03b3bd646d4f86707f23f8935a0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=614, status=vary_header_present
content-length: 611
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "266-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c093a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 stumble.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 458 B
652 B 31ms
24ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/stumble.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e2a136c594c939d55752e9abb70e6cc550b10bc3bc350c0d46d23d5947c20d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=519, status=vary_header_present
content-length: 458
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "207-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c0a3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 email.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 481 B
684 B 32ms
25ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/email.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

453d30f69cc2a6f3013254a0faed039d49cf9c5b004d5482fb5365e99702c149

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=530, status=vary_header_present
content-length: 481
cf-bgj: imgq:85,h2pri
last-modified: Thu, 04 Feb 2010 11:47:46 GMT
server: cloudflare
etag: "212-47ec4e74b3c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c0c3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 print.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 268 B
381 B 29ms
22ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/print.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6aeb9f7542993c71c548ac254766824ef86c68f0d6fa13f293bd016b9cfc9dc6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=409, status=vary_header_present
content-length: 268
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "199-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c0d3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 download.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 646 B
753 B 30ms
24ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/download.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386f87a6e6fcb89c6b046f988d18def949d1cc1f6a9fa4177858aa11da7a5bda

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: status=not_needed
content-length: 646
cf-bgj: imgq:85,h2pri
last-modified: Fri, 12 Feb 2010 14:33:56 GMT
server: cloudflare
etag: "286-47f6828485d00"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c0f3a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 prettify.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 14 KB
7 KB 32ms
26ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/prettify.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b937537ed7f13e70dc6a69b6e9b308237cd369e11fa2a2b97a24d97d8487673e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
age: 899
cf-polished: origSize=14551
etag: W/"38d7-4dddda0323b00-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550141c033a96-FRA

GET
H2 200 lang-sql.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 2 KB
1 KB 25ms
19ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/lang-sql.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

770cb6f8747e90dad261e049dfa5cf42e622dac61bcbc86ecb0a8c134228eb91

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
age: 1365
cf-polished: origSize=1802
etag: W/"70a-4dddda0323b00-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550141c043a96-FRA

GET
H2 200 top.png
www.bleepingcomputer.com/forums/public/style_images/master/ 145 B
280 B 28ms
23ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/top.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db311c11353d5628e6e28d260bca9b8935b23440964d7c6bc4914edcda08472a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403279
cf-polished: origSize=207, status=vary_header_present
content-length: 145
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Jun 2011 17:25:44 GMT
server: cloudflare
etag: "cf-4a54abe32b600"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c103a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 feed.png
www.bleepingcomputer.com/forums/public/style_images/master/ 680 B
768 B 27ms
22ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/feed.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9320021507b35e189d2190eea673cbc21f7d368f6ecbfb5dc89d773a28cd015d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: status=not_needed
content-length: 680
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "2a8-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550141c123a96-FRA
expires: Sun, 02 Apr 2023 05:30:07 GMT

GET
H2 200 index.php
www.bleepingcomputer.com/forums/ 43 B
147 B 273ms
268ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/index.php?s=20ae1ca1520d6041a8c34b3c89058f05&app=core&module=task

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: DYNAMIC
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: none
cf-ray: 7aa550141c153a96-FRA
content-length: 43
expires: Tue, 18 Apr 2023 11:18:06 GMT

GET
H2 200 lightbox.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 9 KB
3 KB 29ms
25ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/lightbox.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9faebe5bdb9528f36d1ec5713865681bf10c7c0d1fa1b8224fc57982f45ed788

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sun, 15 Nov 2020 22:30:01 GMT
server: cloudflare
age: 898
cf-polished: origSize=10227
etag: W/"27f3-5b42ccd71fd03-gzip"
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7aa550141c053a96-FRA

GET
H2 200 3687X620620.skimlinks.js Show response
s.skimresources.com/js/ 42 KB
15 KB 92ms
21ms Script
application/octet-stream 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/3687X620620.skimlinks.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: ce7b1a6c719ed715da6b5676b1acf024fe02fc472e68368e32fe95b24bbba57e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 08:57:51 GMT
server: AmazonS3
x-amz-request-id: 8SSGK6V8X7HXK1YM
etag: "d99452f324ec29acc54a97eee1386ff6"
x-hw: 1679224686.cds234.lo4.hn,1679224686.cds088.lo4.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 15550
x-amz-id-2: JzSTRXQz5XIHXputuWUsPw/QJtGyxAmozlXWYJBEAMBYe9h4fbr5oSlvaR1M/Is6Nn7OqilbvPo=

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 59ms
39ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7aa550143b1dbc01-FRA

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 65ms
7ms Script
application/javascript 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e8cd4bf2f547eb60b69a54a5340d5feed5905e1e5ea0ef3d3aefe6a6c1523fe7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-encoding: gzip
etag: "qnbLQo87mD/KmvsyZTIxlQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sun, 26 Mar 2023 11:18:06 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/23/ 266 KB
72 KB 8ms
6ms Script
text/javascript 2600:9000:211e:7e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:7e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 20:21:10 GMT
content-encoding: gzip
via: 1.1 8e83c42d247a31c5b365c08a0352d8f8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 148114
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 18 Dec 2020 15:09:37 GMT
server: AmazonS3
etag: W/"1d55b13d85c9837da884d1e8594cc025"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
x-amz-meta-qc-ineu: True
vary: Accept-Encoding
x-amz-cf-id: S1s7ewGRz5lMPip3mgvFIU_T2DBXyIXX7sAAk2MgGpzhGfhqvhkyYw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
212 B 13ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=638263755&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F689755%2Fhighly-advanced-root-kit-or-virus%2F&ul=en-us&de=windows-1252&dt=Highly%20Advanced%20Root%20kit%20or%20virus.%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1039086323&gjid=1542923391&cid=704531033.1679224687&tid=UA-91740-1&_gid=1781387760.1679224687&_r=1&gtm=457e33f0&z=1649783902

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 11:18:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 307 KB
86 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=acb38b6a5a563cb7f043d9caf32b22c3

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0c7fd7d92602e7ce3cd3404710f283f69e1d853bd24c52171b7cea57bbefc049

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Mar 2023 11:18:06 GMT
content-md5: uIIMR44e3JI5mWhodMM9bg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88427
x-fb-rlafr: 0
x-fb-debug: fQpnwTPR8b8zwpERDl78AzqvoOqzUe4DXVPTFHth38T7Lf7WJLgtCGp0fgTh4kq3pCbBiKaV6uV5CV5HMqSCow==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 02cb89f9a5d657088432b2c677b959f4
cross-origin-opener-policy: same-origin-allow-popups
etag: "cf078242073bd822ff3ed94e4b2459ab"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Mon, 18 Mar 2024 09:17:55 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/ 150 KB
52 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cc97bae038e7c0e3d529a676369d9a0dbada1b0dfec5a32f0d444fb09015762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 21:47:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 307863
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52777
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 16:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 21:47:03 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
260 B 34ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-GD465VRQLD&gtm=45je33f0&_p=638263755&cid=704531033.1679224687&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1679224686&sct=1&seg=0&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F689755%2Fhighly-advanced-root-kit-or-virus%2F&dt=Highly%20Advanced%20Root%20kit%20or%20virus.%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GD465VRQLD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 11:18:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
r.skimresources.com/api/ 199 B
408 B 52ms
18ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.19.9.1 /

Resource Hash

8baecc00e9af766598aed45e43f18be60bfcc07440d238475d5f9fc4c2907eb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: openresty/1.19.9.1
via: 1.1 google
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 2FC6 0
134 B 40ms
17ms Image
text/plain 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6894021137351312
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.10 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
via: 1.1 google
server: Python/3.10 aiohttp/3.8.4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
276 B 67ms
14ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=4.611366482647378
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Sun, 19 Mar 2023 11:18:06 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 68ms
15ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=4.611366482647378
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Sun, 19 Mar 2023 11:18:06 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 google-atp-list.json Show response
quantcast.mgr.consensu.org/tcfv2/ 151 KB
36 KB 20ms
6ms XHR
application/json 2600:9000:211e:7e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:7e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:00:29 GMT
content-encoding: br
via: 1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 29858
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 19 Mar 2023 03:00:26 GMT
server: AmazonS3
etag: W/"1dbfd79d4ea7f69c0c42a2f6065532e7"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: gJ82RRjpEXETmeTUMTLzua-B9NqEfWgy-PgkHE7MEO3t_-mS44_u4Q==

GET
H2 200 rules-p-sktb670LZWvFX.js Show response
rules.quantcount.com/ 160 B
643 B 34ms
7ms Script
application/javascript 2600:9000:223c:3600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-sktb670LZWvFX.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:3600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 115a72ca4f52bab4c4aa5d3eb029d9a019cf875c6d28614609b237f5f7930c32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:07:38 GMT
via: 1.1 44b457512f742b4e48fc7f0c87d8ed92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 629
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Fri, 14 Oct 2022 00:56:35 GMT
server: AmazonS3
etag: "c0299120345dd407ae331dfa6faf0bec"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: WDG-1clx_4lYVxwQk_jZ75rCfAmze_aXxrdj34YRtDxxzZP0NBSppg==

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
483 B 31ms
6ms Image
image/gif 2600:9000:223f:e000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adunitid=zaaegs&adnum=234701
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:e000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 25 Jun 2022 14:52:58 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 23055908
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: UERMpksGCVp8KdYNbuWV7NRf1uuNhE4g-j8BKS0gofuTi4exc5-Z0A==

GET
H2 200 loading.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 2 KB
2 KB 20ms
19ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/loading.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=2767, status=vary_header_present
content-length: 1588
cf-bgj: imgq:85,h2pri
last-modified: Thu, 18 Dec 2008 14:27:04 GMT
server: cloudflare
etag: "acf-45e52fc88de00"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550159eca3a96-FRA
expires: Sun, 02 Apr 2023 05:30:08 GMT

GET
H2 200 closelabel.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 471 B
653 B 17ms
17ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/closelabel.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:06 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1403278
cf-polished: origSize=483, status=vary_header_present
content-length: 471
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "1e3-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa550159ecc3a96-FRA
expires: Sun, 02 Apr 2023 05:30:08 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/ 103 KB
36 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/cb=gapi.loaded_1?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21bc00124c577ea9d745c5b2df19ecaae077dcb0018a293760d8337fa40a3e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 04:25:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111164
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36709
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 16:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 04:25:22 GMT

GET
H2

200

/
developers.google.com/ Frame 5D60
Redirect Chain

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F68...
https://developers.google.com/
https://developers.google.com/?hl=de

0
0

440ms
439ms

Document
text/html

2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://developers.google.com/?hl=de

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-RZhB7EccrgdKmdJqQU0RQYe3B6TJO1' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 27308
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-RZhB7EccrgdKmdJqQU0RQYe3B6TJO1' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
content-type: text/html; charset=utf-8
date: Sun, 19 Mar 2023 11:18:07 GMT
expires: 0
last-modified: Sat, 18 Mar 2023 20:57:41 GMT
pragma: no-cache
server: Google Frontend
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
x-cloud-trace-context: 52654f7f0260cb2791f4ce130e8d949c
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 163
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-ynYchPfd2dtAB4wGJkpta/eQ9smkTn' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
content-type: text/html; charset=utf-8
date: Sun, 19 Mar 2023 11:18:07 GMT
expires: 0
location: /?hl=de
pragma: no-cache
server: Google Frontend
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
x-cloud-trace-context: e6805c0896bbee151884c9887182dd99
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 10 KB
3 KB 32ms
7ms XHR
application/json 2600:9000:225e:1c00:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1c00:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 709217a175f0d9b049be1cc3c9980b3e2b2e0417b0d939bc26224a18aad6de97

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:00:37 GMT
x-amz-version-id: rrDKdPiC6DTUsB4O5Q5BpNF7km7hHe63
content-encoding: br
via: 1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 29851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 15 Mar 2023 19:52:29 GMT
server: AmazonS3
etag: W/"4958fc924e291de6e8d94c7f49ababfa"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: 8QgVwOVE_hZWp4MAkiAsTBBXBHHmqMyg_o62DV1kVXznuxbginEKxA==

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
88 B 23ms
21ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 11:18:07 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.4
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
372 B 18ms
18ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 11:18:07 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.4
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
warning: 299 - "Deprecated API"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 55ms
32ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=942111685863795&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F689755%2Fhighly-advanced-root-kit-or-virus%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Sun, 19 Mar 2023 11:18:07 GMT
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: Vx0ox2ODxSEjNEDO1xI0zrK9u7C5IYjQQQi18mixUgvfERLCKzltz/Y7m9+Ky02qpPDEqPMziiBD5949XQCjlg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 connatix.playspace.css
cds.connatix.com/p/245069/ 114 KB
17 KB 24ms
24ms Stylesheet
text/css 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/245069/connatix.playspace.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98b5c89940e91458aa4bd1a015b3c0427776a87c21425cda1b3cca922dea07c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
x-amz-version-id: b6Oxnqay1n3BoISD9fEHUIHz95oRM5TM
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Mar 2023 16:05:46 GMT
server: cloudflare
etag: W/"4b106ce1432d0c45bdc634c57b072a20"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 7aa5501648fe2be9-FRA
access-control-allow-headers: range
expires: Mon, 18 Mar 2024 11:18:07 GMT

GET
H2 200 vendor-list.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 404 KB
49 KB 7ms
6ms XHR
application/json 2600:9000:211e:7e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:7e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3a3cfd3b65d5fc907da6d29cd998b6ce2b52ea8f37c6e362eb3238b205b71a7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:00:37 GMT
content-encoding: br
via: 1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 29851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 19 Mar 2023 03:00:33 GMT
server: AmazonS3
etag: W/"9d896c65823eca2e199f6d0f76d1a7cc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: DgoXrAv3ArKbe3jELgw9ieTzyPlzCS9xqi1dlO_SGyp6r0IG4jZ6Kw==

POST
H3 200 api Show response
ls.skimresources.com/ 2 B
22 B 26ms
17ms XHR
application/json 34.120.117.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ls.skimresources.com/api

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.117.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

212.117.120.34.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.4 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: application/json

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 11:18:07 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.4
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 206 api
ls.skimresources.com/ Frame 0
0 50ms
15ms Preflight
text/plain 34.120.117.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.skimresources.com/api
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.117.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 212.117.120.34.bc.googleusercontent.com
Software: Python/3.10 aiohttp/3.8.4 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain charset=UTF-8
date: Sun, 19 Mar 2023 11:18:07 GMT
server: Python/3.10 aiohttp/3.8.4
via: 1.1 google

GET
H2 200 cmp2ui-en.js Show response
quantcast.mgr.consensu.org/tcfv2/23/ 469 KB
134 KB 6ms
6ms Script
text/javascript 2600:9000:211e:7e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:7e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 08:13:20 GMT
content-encoding: gzip
via: 1.1 8e83c42d247a31c5b365c08a0352d8f8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 11088
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 18 Dec 2020 15:09:43 GMT
server: AmazonS3
etag: W/"b999c652510fc4edd897a1d667aaee33"
access-control-max-age: 604800
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: HiAzIo1S0W9y58DS_eChsi1R66xRKtIccKBwTI_2DQTSTp4UMTIyhw==

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame C8EB 565 B
808 B 89ms
54ms Document
text/html 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.Kkp5jCVP1mE.O%2Fd%3D1%2Frs%3DAHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/cb=gapi.loaded_1?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0d0a4cf83bb3ae9426f41f3391ccf2f919014dd5150d240a231dd9a842394825

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /o/cspreport script-src 'report-sample' 'nonce-D6kk_SaiTuwO_p3gY3Vy6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /o/cspreport script-src 'report-sample' 'nonce-D6kk_SaiTuwO_p3gY3Vy6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-type: text/html; charset=utf-8
date: Sun, 19 Mar 2023 11:18:07 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 story Show response
capi.connatix.com/core/ Frame 4D81 2 KB
2 KB 180ms
154ms XHR
application/x-protobuf 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/story?v=245069
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b16026dae699f1d0203f23fd9f3372eb1fe6131fe250bcfe57908999e00b11e

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 7aa55016fa172be9-FRA
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
audit-tcfv2.quantcast.mgr.consensu.org/ 2 B
101 B 32ms
7ms XHR
text/plain 3.66.33.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22sktb670LZWvFX%22%2C%22domain%22%3A%22www.bleepingcomputer.com%22%2C%22publisher%22%3A%22BleepingComputer%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.23%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22QejiQDikjMDrMVyfjnFdmQ%22%2C%22clientTimestamp%22%3A1679224687212%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ynu4zlk5li4qq7f3ryk5%22%7D
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.66.33.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-33-201.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 19 Mar 2023 11:18:07 GMT
content-length: 2
content-type: text/plain; charset=utf-8

GET
H2 200 bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 7 KB
7 KB 15ms
15ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 458f04ea2f7e457c7636557b11afb90bd332d541875036e9d17e1ae2d524c03f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 833655
cf-polished: origFmt=png, origSize=15281
content-disposition: inline; filename="bleeping-computerlogo-lg.webp"
content-length: 6984
cf-bgj: imgq:85,h2pri
last-modified: Wed, 07 Jan 2015 22:52:15 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOnw0MH1kERva4gJF4j8eRJStJ12qq3QV5tIuiEDHck1AtBZhPNIfDax7mh9DOQzIxhuJFq4VGZfCnd%2FL%2Fa782ZuQtSqJjnw%2FAtaCKVdSEOLDelhELEXA5c4qfBofwJv2SZ7xQk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7aa5501759cc91e4-FRA
expires: Sat, 08 Apr 2023 19:43:52 GMT

POST
H2 204 cspreport
accounts.google.com/o/ Frame C8EB 0
250 B 19ms
18ms Other
text/html 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/cspreport

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-J_N6Q5yZAcoIUMCg23UThg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.Kkp5jCVP1mE.O%2Fd%3D1%2Frs%3DAHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw%2Fm%3D__features__
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-J_N6Q5yZAcoIUMCg23UThg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 611095756-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame C8EB 10 KB
5 KB 43ms
7ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/611095756-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.Kkp5jCVP1mE.O%2Fd%3D1%2Frs%3DAHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f173bffef77f251b9bea649b2ac1ce118c9b1daf0fc812bf22cba42a3a7bc293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 01:24:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4526
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 20:10:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
vary: Accept-Encoding
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 01:24:03 GMT

GET
H3 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame C8EB 17 KB
7 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98206a8bf18bed3b29230c781b1b7c4a3794ad881e3a0c0923a0fd8e5ae6914a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Mar 2023 11:18:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6902
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "41b44f2adbd065c2"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 11:18:07 GMT

POST
H3 200 v2owwOa-2sONP6AGUt2uWpHfCVJiDq7f1kvUm49ysr_xSTz6_Limx3LMszcq-stRC8hgM9J5EU24 Show response
functionalfeather.com/ 206 B
233 B 49ms
28ms Fetch
application/json 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://functionalfeather.com/v2owwOa-2sONP6AGUt2uWpHfCVJiDq7f1kvUm49ysr_xSTz6_Limx3LMszcq-stRC8hgM9J5EU24

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

55cb0fb8749be7912a709d7dc47971ea08028281dace736f6fdddf3f6980b4b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Sun, 19 Mar 2023 11:18:07 GMT
via: 1.1 google
x-buildnumber: 787370472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
x-hostname: fen-hoothoot-europe-west1-spot-7mmh
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Sun, 19 Mar 2023 11:18:06 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/ Frame C8EB 57 KB
20 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Kkp5jCVP1mE.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_7Y6tSvjE22-7l-mORgYNGctXqXw/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e2286d46e63be3f55a8a71ad0c532ae5cf9b0a540cdbfca319773a9f6ee7542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:32:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20750
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 16:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 17:32:46 GMT

POST
H3 200 v2nhrj4sRilMsKiihnKlCRzXvQdsw7_6G6-aHjMOk1Djttxg36sMwSB9DiphAdx25KBGvqRJTo8Y Show response
functionalfeather.com/ 3 B
27 B 18ms
18ms Fetch
application/json 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://functionalfeather.com/v2nhrj4sRilMsKiihnKlCRzXvQdsw7_6G6-aHjMOk1Djttxg36sMwSB9DiphAdx25KBGvqRJTo8Y

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Sun, 19 Mar 2023 11:18:07 GMT
via: 1.1 google
x-buildnumber: 787370472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
x-hostname: fen-hoothoot-europe-west1-spot-7mmh
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 insights.bin Show response
ins.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/6460b4ce-827d-4c01-8096-0489813a0244/ Frame 4D81 612 B
709 B 153ms
9ms XHR
application/octet-stream 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/6460b4ce-827d-4c01-8096-0489813a0244/insights.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ac777b39f23224873b0b7b0b16dec0161afabcee228f567d37351fdc1e63d435

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: gzip
last-modified: Sun, 19 Mar 2023 07:18:24 GMT
age: 13971
etag: "31177ffd83c02ca1d5dbf9a669d6d25e"
x-amz-server-side-encryption: AES256
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-max-age: 86400
access-control-allow-origin: *
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 362

GET
H2 200 insights.bin Show response
ins.connatix.com/d86589e6f4af3995388d9a0880960c55/ Frame 4D81 324 B
304 B 254ms
111ms XHR
application/octet-stream 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/d86589e6f4af3995388d9a0880960c55/insights.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0e0c4591a93044f8ae418b6d5ff8a1593c2b38a662a228e215faa98fde9f40c3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 16:25:16 GMT
age: 2102967
etag: "a684ce6ccdf2167f4ba5a8f84ae91621"
x-amz-server-side-encryption: AES256
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-max-age: 86400
access-control-allow-origin: *
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 211

GET
H/1.1 200
OK spc_fi.php Show response
cdn.firstimpression.io/delivery/ 39 KB
8 KB 78ms
51ms XHR
application/json 18.66.122.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.firstimpression.io/delivery/spc_fi.php?id=5971&url=%2Fforums%2Ft%2F689755%2Fhighly-advanced-root-kit-or-virus%2F&charset=windows-1252&ch=11&ref=www.bleepingcomputer.com&viewerId=null&referer=&_firid=32731365
Requested by: Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-74.fra60.r.cloudfront.net
Software: Apache/2.4.38 (Debian) /
Resource Hash: 7d2d9e93a0d7b36e7ab8c1789f7ca83c8c331cc9c7ac4608a7a867cf45aa7e7a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Sun, 19 Mar 2023 11:18:07 GMT
Content-Encoding: gzip
Via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
X-Cache: Miss from cloudfront
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: keep-alive
Content-Length: 7774
Pragma: no-cache
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
Content-Type: application/json; charset=windows-1252
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
X-Amz-Cf-Id: VH2sJ7l5Nc3Ut-o0Gmfw_mN58JCknt1YIgLoqWjOtf45SbWb3CfNNQ==
Expires: 0

GET
H/1.1 200
OK / Show response
tag.escalated.io/ 77 KB
30 KB 133ms
32ms Script
text/javascript 54.78.253.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.escalated.io/?i=KxxajmhPPCsT&d=www.bleepingcomputer.com&type=display&cust=5971&sid=direct&c=&cust2=direct

Requested by

Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.78.253.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-78-253-158.eu-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

148cfabbf47e9cb387501f62f0d17179d95997eeb3fe4e4d150ab423162703e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Sun, 19 Mar 2023 11:18:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 10 Mar 2023 16:55:26 GMT
Server: Apache
ETag: "134a3-5f68ea0bbbb80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 30406
X-XSS-Protection: 1; mode=block

POST sr
capi.connatix.com/tr/ Frame 4D81 0
0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 79ms
17ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4b507096f8201c08f51e78f7e5c2366b095be888bcdbd8560e40915086f0452

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27446
x-xss-protection: 0
server: sffe
etag: "1515 / 282 of 1000 / last-modified: 1679090814"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 19 Mar 2023 11:18:07 GMT

GET
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 4D81 361 KB
0 56ms
18ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123281
x-xss-protection: 0
expires: Sun, 19 Mar 2023 11:18:07 GMT

GET
H2 200 6460b4ce-827d-4c01-8096-0489813a0244.bin Show response
vid.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ Frame 4D81 2 KB
3 KB 50ms
15ms XHR
application/octet-stream 104.18.23.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/6460b4ce-827d-4c01-8096-0489813a0244.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.23.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3b9b6f760849b81b9a7a2745bd0ddf189cdbd5c16bab1b5c7c621ee63269f6e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2443
last-modified: Sun, 19 Mar 2023 07:18:01 GMT
server: cloudflare
etag: "d226527110da5a3b23cc9077aa629c78"
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: *
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501a1db435fa-FRA
access-control-allow-headers: range
expires: Mon, 18 Mar 2024 11:18:07 GMT

POST ao
capi.connatix.com/tr/ Frame 4D81 0
0

GET 12703
tv.springserve.com/rt/ Frame 4D81 0
0

POST ps
capi.connatix.com/tr/ Frame 4D81 0
0

POST mq
capi.connatix.com/tr/ Frame 4D81 0
0

GET
H2 200 1.png
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/067e5169-ece3-4ce8-87ad-c7961b8bb396/ 7 KB
7 KB 48ms
24ms Image
image/webp 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/067e5169-ece3-4ce8-87ad-c7961b8bb396/1.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

458f04ea2f7e457c7636557b11afb90bd332d541875036e9d17e1ae2d524c03f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6984
cf-resized: internal=ok/h q=0 n=5+0 c=0+15 v=2023.2.6 l=6984
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cftthirmGuUVgekr8Tahb1k2IIsZ7-Tzt04sSdBa-5DQ:hFXyLna+DTJNsEAHl9VofT9XA3gUCQ1YPkvAuddeFoA"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/webp
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501acffc2be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H2 200 65897104-1f77-4b67-8cc9-17af6026e9ee.jpg
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ 53 KB
54 KB 53ms
29ms Image
image/jpeg 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/65897104-1f77-4b67-8cc9-17af6026e9ee.jpg?crop=700:466,smart&width=700&height=466&format=jpeg&quality=60&fit=crop

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ff431fd88fd7fda1cd1ed077d555a029ceb7d9443ab95a74c17c4c02c4656d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 54698
cf-resized: internal=ok/h q=0 n=12+0 c=15+88 v=2023.3.3 l=54698
last-modified: Sun, 19 Mar 2023 07:17:56 GMT
cf-bgj: imgq:60,h2pri
server: cloudflare
etag: "cfLvVeu9zD1hfx6PL2IeZejk35q4wOxpm95UzbF4CiDQ:34e091c43f6d060979e02468c625f4ff"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501ac8002be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H2 200 65897104-1f77-4b67-8cc9-17af6026e9ee.jpg
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ 46 KB
46 KB 50ms
31ms Image
image/jpeg 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/65897104-1f77-4b67-8cc9-17af6026e9ee.jpg?crop=700:394,smart&width=700&height=394&format=jpeg&quality=60&fit=crop

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4004c19871ed2cefc8c180f5394a4b977c9d9b64ca8cccf9c9e6594093b67e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 47182
cf-resized: internal=ok/h q=0 n=17+0 c=24+121 v=2023.3.3 l=47182
last-modified: Sun, 19 Mar 2023 07:17:56 GMT
cf-bgj: imgq:60,h2pri
server: cloudflare
etag: "cfLvVeu9zD1hfx6PL2IeZejk35UsL9TGi38_00DteADQ:34e091c43f6d060979e02468c625f4ff"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501acffe2be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H2 200 73d80edd-a5f2-4aa1-adc6-6c18a258315a.jpg
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ 35 KB
35 KB 43ms
27ms Image
image/jpeg 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/73d80edd-a5f2-4aa1-adc6-6c18a258315a.jpg?crop=700:394,smart&width=700&height=394&format=jpeg&quality=60&fit=crop

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

497267c488dfa0a08b20cb463648e7586172a90f93616b3a2d6056547b9fc0bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35690
cf-resized: internal=ok/h q=0 n=13+0 c=21+55 v=2023.3.3 l=35690
last-modified: Sun, 19 Mar 2023 07:18:00 GMT
cf-bgj: imgq:60,h2pri
server: cloudflare
etag: "cfyRmkUBoIaOnrRf11mVpmttX6UsL9TGi38_00DteADQ:dd9c56e2710491db83932756c8025923"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501acffb2be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H2 200 93744176-3b35-4da3-a6be-fa926f75e949.jpg
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ 18 KB
18 KB 39ms
23ms Image
image/jpeg 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/93744176-3b35-4da3-a6be-fa926f75e949.jpg?crop=700:394,smart&width=700&height=394&format=jpeg&quality=60&fit=crop

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fb7a5f0b8808d6a4d86a4ed0742beb7c58ce438e8194bf28ad87eecbdf805d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18049
cf-resized: internal=ok/h q=0 n=14+0 c=12+48 v=2023.3.3 l=18049
last-modified: Sun, 19 Mar 2023 07:17:55 GMT
cf-bgj: imgq:60,h2pri
server: cloudflare
etag: "cfqTFlVd0nu4-xl3g5V0alF6NBUsL9TGi38_00DteADQ:d36aca72354ee1014ef5f9fb382b6324"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501abff82be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H2 200 37f0039f-15d9-4eed-bd75-09f9f4a256d1.jpg
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ 15 KB
15 KB 40ms
25ms Image
image/jpeg 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/37f0039f-15d9-4eed-bd75-09f9f4a256d1.jpg?crop=700:394,smart&width=700&height=394&format=jpeg&quality=60&fit=crop

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea6fd63b54ed9701873c41c93430b2bfef8d2aa0f1a9bbb576f503cfb346dde9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14954
cf-resized: internal=ok/h q=0 n=14+0 c=16+36 v=2023.3.3 l=14954
last-modified: Sun, 19 Mar 2023 07:17:56 GMT
cf-bgj: imgq:60,h2pri
server: cloudflare
etag: "cfm02VpSQsUBJZtcZxi_6yrxYrUsL9TGi38_00DteADQ:ec9a48fac5a657c9fdb99f12be9215e7"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501acffa2be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H2 200 6476e344-9487-4b98-9192-509c220c8d62.jpg
img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ 30 KB
30 KB 40ms
28ms Image
image/jpeg 104.18.22.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/6476e344-9487-4b98-9192-509c220c8d62.jpg?crop=700:394,smart&width=700&height=394&format=jpeg&quality=60&fit=crop

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/689755/highly-advanced-root-kit-or-virus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.22.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

314b39ada1e2d0d6064f54c8b4f5d40863b1fba151d272b4714a498fa7488fe6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30444
cf-resized: internal=ok/h q=0 n=13+0 c=20+47 v=2023.3.3 l=30444
last-modified: Sun, 19 Mar 2023 07:17:56 GMT
cf-bgj: imgq:60,h2pri
server: cloudflare
etag: "cf2wT1p8I-ei8e6evFwJcvWS41UsL9TGi38_00DteADQ:4a65057e0051dc0b58e4047d57d8647f"
vary: Accept, Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
accept-ranges: bytes
cf-ray: 7aa5501acfff2be9-FRA
access-control-allow-headers: range
xpid: 067e5169-ece3-4ce8-87ad-c7961b8bb396

GET
H3 200 prebid7.17.0-6.js Show response
cds.connatix.com/p/plugins/ 513 KB
152 KB 32ms
30ms Script
application/javascript 104.18.23.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid7.17.0-6.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.23.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37849c48f8290006e74d3fc212cbcfca24c21ca24a80b54ff44809174be83c7c

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: br
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Feb 2023 15:24:11 GMT
server: cloudflare
etag: W/"65d6aab2a72ea26ce1d7704fb112547a"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 7aa5501abb6868fb-FRA
access-control-allow-headers: range
expires: Mon, 18 Mar 2024 17:18:07 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pubads_impl_2023031301.js Show response
securepubads.g.doubleclick.net/gpt/ 397 KB
134 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023031301.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb7d39384f8a58e23c5e8c78b974aabb9cd28238d451301a12b43c321783fe6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 10:38:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2383
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136873
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 08:34:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 18 Mar 2024 10:38:24 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 501 B
264 B 58ms
41ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.bleepingcomputer.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03be9ac49e626a2bb47d45a5e2af1b1e496b0b94055bb636802dd97c289f979e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 11:18:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Sun, 19 Mar 2023 11:18:07 GMT

POST
H/1.1 200
OK post Show response
tag.escalated.io/ 31 B
464 B 132ms
43ms Fetch
application/json 54.78.253.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.escalated.io/post

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.78.253.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-78-253-158.eu-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

f20898d44cc7c3dc5c5f0434dcccd069661ed0ef2edc248adb896747bc6aa5bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 19 Mar 2023 11:18:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store
Connection: close
Access-Control-Allow-Headers: content-type
Content-Length: 51
X-XSS-Protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: capi.connatix.com
URL: https://capi.connatix.com/tr/sr?v=245069&tier=2

Domain: capi.connatix.com
URL: https://capi.connatix.com/tr/ao?v=245069&tier=2

Domain: tv.springserve.com
URL: https://tv.springserve.com/rt/12703?w=700&h=394&cb=b856c1c9-7ed9-4bee-ba0e-73f900893221&url=www.bleepingcomputer.com%2Fforums%2Ft%2F689755%2Fhighly-advanced-root-kit-or-virus%2F&us_privacy=&schain=1.0,1!connatix.com,102734,1,,,,

Domain: capi.connatix.com
URL: https://capi.connatix.com/tr/ps?v=245069&tier=2

Domain: capi.connatix.com
URL: https://capi.connatix.com/tr/mq?v=245069&tier=2

Verdicts & Comments Add Verdict or Comment

157 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bleepingcomputer.com/	1969-12-31 23:59:59	Name: session_id Value: 20ae1ca1520d6041a8c34b3c89058f05
www.bleepingcomputer.com/	1969-12-31 23:59:59	Name: fs.bot.check Value: true
.bleepingcomputer.com/	1970-01-20 10:28:31	Name: _gid Value: GA1.2.1781387760.1679224687
.bleepingcomputer.com/	1970-01-20 10:27:04	Name: _gat_gtag_UA_91740_1 Value: 1
.pub.network/	1970-01-20 20:03:04	Name: _fsuid Value: 7bf65b36-137a-472c-ae3d-68175acdbb13
.bleepingcomputer.com/	1970-01-20 20:03:04	Name: _ga_GD465VRQLD Value: GS1.1.1679224686.1.0.1679224686.0.0.0
.bleepingcomputer.com/	1970-01-20 20:03:04	Name: _ga Value: GA1.1.704531033.1679224687
.bleepingcomputer.com/	1970-01-20 19:55:52	Name: _awl Value: 2.1679224687.5-f3362431dc25b50a36a16d77fe1712f7-6763652d6575726f70652d7765737431-0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://developers.google.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
javascript	warning	URL: https://cd.connatix.com/connatix.playspace.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid7.17.0-6.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cd.connatix.com/connatix.playspace.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid7.17.0-6.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
accounts.google.com
ad.doubleclick.net
apis.google.com
audit-tcfv2.quantcast.mgr.consensu.org
capi.connatix.com
cd.connatix.com
cdn.firstimpression.io
cds.connatix.com
connect.facebook.net
d.pub.network
developers.google.com
ecdn.analysis.fi
ecdn.firstimpression.io
functionalfeather.com
imasdk.googleapis.com
img.connatix.com
ins.connatix.com
ls.skimresources.com
p.skimresources.com
quantcast.mgr.consensu.org
r.skimresources.com
region1.google-analytics.com
rules.quantcount.com
s.skimresources.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssl-proxy-updated.herokuapp.com
ssl.gstatic.com
static.adsafeprotected.com
static.cloudflareinsights.com
t.skimresources.com
tag.escalated.io
test.quantcast.mgr.consensu.org
tv.springserve.com
vid.connatix.com
widgets.outbrain.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
capi.connatix.com
tv.springserve.com
104.18.22.41
104.18.23.41
104.20.60.209
104.26.13.6
13.224.189.16
142.250.185.230
151.101.66.137
151.139.128.10
18.64.141.8
18.66.122.74
2001:4860:4802:34::36
2600:1901:0:7416::1
2600:9000:211e:7e00:9:46dc:4700:93a1
2600:9000:223c:3600:6:44e3:f8c0:93a1
2600:9000:223f:e000:8:48e:53c0:93a1
2600:9000:225e:1c00:3:a4cd:8380:93a1
2606:4700::6810:3865
2606:4700::6812:14ce
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:800::200e
2a00:1450:4001:802::200d
2a00:1450:4001:803::2008
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::200a
2a00:1450:4001:810::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2002
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.66.33.201
34.120.117.212
34.160.110.8
35.190.59.101
35.190.91.160
35.201.67.47
54.235.77.118
54.78.253.158
88.221.169.78
03be9ac49e626a2bb47d45a5e2af1b1e496b0b94055bb636802dd97c289f979e
0b4004c19871ed2cefc8c180f5394a4b977c9d9b64ca8cccf9c9e6594093b67e
0c7fd7d92602e7ce3cd3404710f283f69e1d853bd24c52171b7cea57bbefc049
0d0a4cf83bb3ae9426f41f3391ccf2f919014dd5150d240a231dd9a842394825
0e0c4591a93044f8ae418b6d5ff8a1593c2b38a662a228e215faa98fde9f40c3
0e2a136c594c939d55752e9abb70e6cc550b10bc3bc350c0d46d23d5947c20d1
0ebe6c2f9e0ba857a6a251603ee815915306191edbf34e2bb1108952e9f19e25
0f1e90548e911e24dedcb2ca0ffee6847a49a8648e9c615bcd0582bb7c7993fd
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
115a72ca4f52bab4c4aa5d3eb029d9a019cf875c6d28614609b237f5f7930c32
148cfabbf47e9cb387501f62f0d17179d95997eeb3fe4e4d150ab423162703e3
14dcce7abfc690cecd57a737a8af6fd712c2b7fec668b772d9f014f6ded77ef8
19e7c5b2f103b9ed6dbd1ed864515815f1b67350d4bbff9c9e1284e81531ef0b
1e2286d46e63be3f55a8a71ad0c532ae5cf9b0a540cdbfca319773a9f6ee7542
1e6501ce2cf37b71066573e756fccffab14d0134aee3728ce967b7194451a4d0
21bc00124c577ea9d745c5b2df19ecaae077dcb0018a293760d8337fa40a3e46
28d4e8c1043164607dcdeb358e2a08c9565fe286ceeeabea79e67f8c680187e7
2a10fb2699752353ba3f55bdb022589d690843ebbbf9f3b80789f2a57010475e
2cc97bae038e7c0e3d529a676369d9a0dbada1b0dfec5a32f0d444fb09015762
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
314b39ada1e2d0d6064f54c8b4f5d40863b1fba151d272b4714a498fa7488fe6
31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b
37849c48f8290006e74d3fc212cbcfca24c21ca24a80b54ff44809174be83c7c
386f87a6e6fcb89c6b046f988d18def949d1cc1f6a9fa4177858aa11da7a5bda
3a3cfd3b65d5fc907da6d29cd998b6ce2b52ea8f37c6e362eb3238b205b71a7b
3e3b8f6c06d2d74cc294ee6439e67b08890587be0081249a158469ace2eaeaaf
3e6274abac1820c8bd99f826cf35a60aeaa56b962500486acc5665f98005031e
3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0
3f25a29ea06dc1ddb843833e39939c2bb3ef74ebcea5fe2b5f226135facf5d8c
408d928b60d267c2dd8406291006efc0da61302e80bee9f6f00913fbf919861a
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453d30f69cc2a6f3013254a0faed039d49cf9c5b004d5482fb5365e99702c149
458f04ea2f7e457c7636557b11afb90bd332d541875036e9d17e1ae2d524c03f
497267c488dfa0a08b20cb463648e7586172a90f93616b3a2d6056547b9fc0bc
4b16026dae699f1d0203f23fd9f3372eb1fe6131fe250bcfe57908999e00b11e
4b9f912b0e7a50c12745f52ec2848dce5b779369999c6d35e6c297c713ce53d3
4e7e35b13ee9ee10cbc740d38f508aac75a59bee6a728919a9e4f4f29664a73a
51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21
55cb0fb8749be7912a709d7dc47971ea08028281dace736f6fdddf3f6980b4b1
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
59e6b6895ab9c1fab302d73906ec3259ac826ffc4a3ae743412bf8a096a33054
5c41179dbf1f74b08e7fc7a53b07b77e545cb077450debb17635c39ceebca411
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e
6235737b5fda15b39bff1ac05e660cd2fca11e9638fbe952542d93bc6b6be19d
63e2dfceaeeb7e8b933fa7fe96048fac66ad3fab6ab270b8e4a28ce02c1b73ab
6aeb9f7542993c71c548ac254766824ef86c68f0d6fa13f293bd016b9cfc9dc6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fb7a5f0b8808d6a4d86a4ed0742beb7c58ce438e8194bf28ad87eecbdf805d8
709217a175f0d9b049be1cc3c9980b3e2b2e0417b0d939bc26224a18aad6de97
770cb6f8747e90dad261e049dfa5cf42e622dac61bcbc86ecb0a8c134228eb91
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b
7d2d9e93a0d7b36e7ab8c1789f7ca83c8c331cc9c7ac4608a7a867cf45aa7e7a
7e58ef84b3994aa5d6238df46b20e480c270cdd6094a41166583f7491665152a
7ff431fd88fd7fda1cd1ed077d555a029ceb7d9443ab95a74c17c4c02c4656d1
85a2c5bd701224851deca6029998517a35d091922217a90241fd0c7f244e8f11
8baecc00e9af766598aed45e43f18be60bfcc07440d238475d5f9fc4c2907eb8
8f7ad438c88cd0653af6066d4c148e00824961112a865f9611e258b9f3cc0981
9019adc6ec44d2cd4f38c97b8319b0ae8da8f03b3bd646d4f86707f23f8935a0
9320021507b35e189d2190eea673cbc21f7d368f6ecbfb5dc89d773a28cd015d
9750f8a2275f1d5089b27482da3b029eac455a01d2f4b42d68dbd9ce8dde626b
98206a8bf18bed3b29230c781b1b7c4a3794ad881e3a0c0923a0fd8e5ae6914a
98b5c89940e91458aa4bd1a015b3c0427776a87c21425cda1b3cca922dea07c7
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
9e5a1148e6ba00dec0218671857bc04820e1a4628a6de00a659ece715a6ed2f6
9faebe5bdb9528f36d1ec5713865681bf10c7c0d1fa1b8224fc57982f45ed788
a28119ca11bc23f972f8e463761547044174823430b09a0f1fbfed91acbeb35d
a51f645170637f10f3eba218020318af3fff3ad8e7087db87ef607896f19a940
a5ad4fb0d40625889969083053d32ab1191e66c11bb4aebfde2643954c0f5673
abe9d30276e3d66a71219ad2b0ed5a9663020a5c534557dd0f5c8ba71da4ebd4
ac777b39f23224873b0b7b0b16dec0161afabcee228f567d37351fdc1e63d435
b937537ed7f13e70dc6a69b6e9b308237cd369e11fa2a2b97a24d97d8487673e
bb7d39384f8a58e23c5e8c78b974aabb9cd28238d451301a12b43c321783fe6c
bf50c94253085740a5cce42e9c14f7b897cfc384303b38a5d9d7a0ab8ea5160f
bfd753d445592a633d4e3b8f74fe6e4ca85ab95a1f0b2fc00f11afeaaeed8194
c2a0ed3ea5aebdf80781e96b0e677656f9db72ea592b679299953852fef84b02
c3b9b6f760849b81b9a7a2745bd0ddf189cdbd5c16bab1b5c7c621ee63269f6e
c7451690fed2a104bf6ff86e5ab0b3a7d8393d26a859a4bad6ba81b1d7aa339d
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbd8236978dd3f165bc49566f78c460e3937e552df38787439c1ef2797c4c709
ce7b1a6c719ed715da6b5676b1acf024fe02fc472e68368e32fe95b24bbba57e
d1731db9016f326daff11d0045c86fd068ec9e72cc4c6ec56a7c856a3a3d28c7
d1832b7da0292ab076dfe046f8b1c2d5fcfd1bfb5628b7e21a3754a20308aa57
d1c32bf45adff327691e2c6e609790aa727e85dc3392ffbf412a347d298dcb7d
d4b507096f8201c08f51e78f7e5c2366b095be888bcdbd8560e40915086f0452
d813e6becda7ebe8b6bf1a54e7b83aa2a2551dc41bf4f07877834984a293958e
d88cb5d257b60d6a83577ae57ca7d69545f3dfb1ac545201b3b6cd1b0fc35557
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
db311c11353d5628e6e28d260bca9b8935b23440964d7c6bc4914edcda08472a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd8073cfec57e28b26e9b76dfc068aafdd7ece59b8effc27d2201fc467f774ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71a0911a291acca49f86e4431126c327531763024ef943a814a4df27ea9cf9e
e8cd4bf2f547eb60b69a54a5340d5feed5905e1e5ea0ef3d3aefe6a6c1523fe7
ea6fd63b54ed9701873c41c93430b2bfef8d2aa0f1a9bbb576f503cfb346dde9
efc6361ebe5a559578c83bf197d5407b7f6bf44f74d35c4ee8eb22c810fb34a7
f173bffef77f251b9bea649b2ac1ce118c9b1daf0fc812bf22cba42a3a7bc293
f20898d44cc7c3dc5c5f0434dcccd069661ed0ef2edc248adb896747bc6aa5bb
f33585b10bb5487bd6c92f53018de62cb147ab48b829334b7f97437015aae557
f34544ddb27241b3eccb8e06d7447230005e8718b463a30d9dd83d1e8bada1a1
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

www.bleepingcomputer.com Open in urlscan Pro 104.20.60.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

119 Requests

95 %HTTPS

50 %IPv6

25 Domains

42 Subdomains

39 IPs

4 Countries

1945 kBTransfer

6685 kBSize

8 Cookies

0 Outgoing links

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

95 %
HTTPS

50 %
IPv6

25
Domains

42
Subdomains

39
IPs

4
Countries

1945 kB
Transfer

6685 kB
Size

8
Cookies

119 HTTP transactions
1 data transactions