www.bitsight.com Open in urlscan Pro
2606:4700:10::6816:4bf2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bitsight.com/blog/badbox-botnet-back
Submission Tags: @nominet_threat_intel nt-timestamp reference_article_link confidence_low cluster_5715647 Search All
Submission: On December 20 via api (December 20th 2024, 3:11:36 pm UTC) from GB — Scanned from GB

Summary HTTP 134 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 49 IPs in 5 countries across 34 domains to perform 134 HTTP transactions. The main IP is 2606:4700:10::6816:4bf2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bitsight.com. The Cisco Umbrella rank of the primary domain is 797774.
TLS certificate: Issued by WE1 on November 26th 2024. Valid for: 3 months.

This is the only time www.bitsight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	2606:4700:10:... 2606:4700:10::6816:4bf2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:4139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.35.242 104.18.35.242	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:8::c16c:9908	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
7	2a02:26f0:350... 2a02:26f0:3500:8::c16c:9904	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8b11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	18.66.122.97 18.66.122.97	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.132 142.250.186.132	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:3::b818:4d39	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2a02:26f0:310... 2a02:26f0:3100::1735:284b	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
3	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1	74.121.140.211 74.121.140.211	30419 (PAEDAE-INC) (PAEDAE-INC)
1	18.245.46.44 18.245.46.44	16509 (AMAZON-02) (AMAZON-02)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
4	35.157.57.152 35.157.57.152	16509 (AMAZON-02) (AMAZON-02)
3	52.211.65.65 52.211.65.65	16509 (AMAZON-02) (AMAZON-02)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
2	2.16.168.121 2.16.168.121	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.102.85 18.66.102.85	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 7	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	34.248.79.160 34.248.79.160	16509 (AMAZON-02) (AMAZON-02)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:6d13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:272... 2600:9000:2724:3e00:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.217.16.200 172.217.16.200	15169 (GOOGLE) (GOOGLE)
2	34.49.241.189 34.49.241.189	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	34.107.254.252 34.107.254.252	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:1c9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:27e... 2600:9000:27e6:f800:2:7dc7:8f00:93a1	() ()
1	52.9.213.1 52.9.213.1	16509 (AMAZON-02) (AMAZON-02)
9	2606:4700::68... 2606:4700::6812:1d9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	34.224.19.201 34.224.19.201	14618 (AMAZON-AES) (AMAZON-AES)
2	142.250.184.238 142.250.184.238	15169 (GOOGLE) (GOOGLE)
3	34.215.81.112 34.215.81.112	16509 (AMAZON-02) (AMAZON-02)
1	65.9.66.31 65.9.66.31	16509 (AMAZON-02) (AMAZON-02)
134	49

30 2606:4700:10::6816:4bf2 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bitsight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2844 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:4139 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a26349430206.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.35.242 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn3.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:8::c16c:9908 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:3500:8::c16c:9904 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8b11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.122.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-97.fra60.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:3::b818:4d39 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3100::1735:284b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.121.140.211 (Reston, United States)

ASN30419 (PAEDAE-INC, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-44.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.57.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-57-152.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.211.65.65 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-65-65.eu-west-1.compute.amazonaws.com

go.affec.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.168.121 (Netherlands)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-16-168-121.deploy.static.akamaitechnologies.com

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-85.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.149 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.79.160 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-79-160.eu-west-1.compute.amazonaws.com

map.go.affec.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:6d13 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2724:3e00:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.49.241.189 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 189.241.49.34.bc.googleusercontent.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1c9b (United States)

ASN13335 (CLOUDFLARENET, US)

wsmcdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wsv3cdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:27e6:f800:2:7dc7:8f00:93a1 (United States)

ASN ()

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.9.213.1 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-9-213-1.us-west-1.compute.amazonaws.com

tracking.intentsify.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:1d9b (United States)

ASN13335 (CLOUDFLARENET, US)

wsv3cdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.224.19.201 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-19-201.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.215.81.112 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-81-112.us-west-2.compute.amazonaws.com

analytics.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-31.fra56.r.cloudfront.net

pic.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	bitsight.com www.bitsight.com — Cisco Umbrella Rank: 797774	485 KB
14	audioeye.com wsmcdn.audioeye.com — Cisco Umbrella Rank: 5297 wsv3cdn.audioeye.com — Cisco Umbrella Rank: 4073 analytics.audioeye.com — Cisco Umbrella Rank: 4630	284 KB
11	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 116645 trackingapi.trendemon.com — Cisco Umbrella Rank: 88085 pic.trendemon.com — Cisco Umbrella Rank: 235815	72 KB
8	typekit.net p.typekit.net — Cisco Umbrella Rank: 571 use.typekit.net — Cisco Umbrella Rank: 460	181 KB
7	adnxs.com 4 redirects secure.adnxs.com — Cisco Umbrella Rank: 495 ib.adnxs.com — Cisco Umbrella Rank: 281	7 KB
6	permutive.com cdn.permutive.com — Cisco Umbrella Rank: 3767 api.permutive.com — Cisco Umbrella Rank: 2768	81 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36 ssl.google-analytics.com — Cisco Umbrella Rank: 972	39 KB
5	affec.tv 2 redirects go.affec.tv — Cisco Umbrella Rank: 7524 map.go.affec.tv — Cisco Umbrella Rank: 7841	4 KB
5	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 1024 cdn3.optimizely.com — Cisco Umbrella Rank: 4684 a26349430206.cdn.optimizely.com logx.optimizely.com — Cisco Umbrella Rank: 1766	102 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	2 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2701	10 KB
4	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 3570	40 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	358 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 9821	26 KB
2	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	3 KB
2	company-target.com s.company-target.com — Cisco Umbrella Rank: 1549 api.company-target.com — Cisco Umbrella Rank: 4358	1 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 6210 tag-logger.demandbase.com — Cisco Umbrella Rank: 5387	20 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	22 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	gstatic.com fonts.gstatic.com	59 KB
1	intentsify.io tracking.intentsify.io — Cisco Umbrella Rank: 59048	213 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 377	149 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 854	98 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 14108	627 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514	2 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 3693	712 B
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	27 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	28 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2580	1 KB
1	fontawesome.com ka-p.fontawesome.com — Cisco Umbrella Rank: 3310	15 KB
134	34

	Domain	Requested by
30	www.bitsight.com	www.bitsight.com
10	wsv3cdn.audioeye.com	wsmcdn.audioeye.com wsv3cdn.audioeye.com
8	trackingapi.trendemon.com	assets.trendemon.com
7	use.typekit.net	www.bitsight.com
6	secure.adnxs.com	4 redirects www.bitsight.com
5	api.permutive.com	cdn.bizible.com
4	tags.srv.stackadapt.com	www.bitsight.com tags.srv.stackadapt.com cdn.bizible.com
4	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
4	consent.trustarc.com	www.googletagmanager.com consent.trustarc.com www.bitsight.com
4	www.googletagmanager.com	www.bitsight.com www.googletagmanager.com
3	analytics.audioeye.com	wsv3cdn.audioeye.com
3	px.ads.linkedin.com	1 redirects cdn.bizible.com
3	go.affec.tv	www.googletagmanager.com go.affec.tv
3	cdn.bizible.com	www.googletagmanager.com www.bitsight.com cdn.bizible.com
2	assets.trendemon.com	www.bitsight.com assets.trendemon.com
2	logx.optimizely.com	cdn.bizible.com
2	map.go.affec.tv	2 redirects
2	ssl.google-analytics.com	www.bitsight.com
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	fonts.googleapis.com	www.bitsight.com wsv3cdn.audioeye.com
2	fonts.gstatic.com	fonts.googleapis.com
1	pic.trendemon.com
1	tracking.intentsify.io	www.bitsight.com
1	forms.hubspot.com	cdn.bizible.com
1	wsmcdn.audioeye.com	www.bitsight.com
1	track.hubspot.com
1	ib.adnxs.com	cdn.bizible.com
1	tag-logger.demandbase.com	cdn.bizible.com
1	cdn.permutive.com	go.affec.tv
1	match.adsrvr.org	www.bitsight.com
1	px4.ads.linkedin.com	www.bitsight.com
1	api.company-target.com	cdn.bizible.com
1	id.rlcdn.com	www.bitsight.com
1	s.company-target.com	tag.demandbase.com
1	cdn.bizibly.com	www.bitsight.com
1	alb.reddit.com	www.bitsight.com
1	pixel-config.reddit.com	www.redditstatic.com
1	ws.zoominfo.com	www.bitsight.com
1	tag.demandbase.com	www.bitsight.com
1	pixel.mathtag.com	www.googletagmanager.com
1	www.google.com	www.googletagmanager.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	a26349430206.cdn.optimizely.com	cdn.optimizely.com
1	p.typekit.net	www.bitsight.com
1	cdn3.optimizely.com	cdn.optimizely.com
1	js.hs-scripts.com	www.bitsight.com
1	cdn.optimizely.com	www.bitsight.com
1	ka-p.fontawesome.com
134	51

This site contains links to these domains. Also see Links.

Domain
service.bitsighttech.com
bitsight.wd1.myworkdayjobs.com
www.facebook.com
twitter.com
www.linkedin.com
github.com
www.humansecurity.com
www.bsi.bund.de
macaddress.io
device.report
www.imei.info
alice.yandex.ru
www.reuters.com
www.virustotal.com
app.termscout.com
academy.bitsight.com
help.bitsighttech.com
submit-irm.trustarc.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
bitsight.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-01-27`	6 months	crt.sh
cdn.optimizely.com WE1	`2024-12-19` - `2025-03-19`	3 months	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
cdn3.optimizely.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-10` - `2026-01-10`	a year	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2024-03-16` - `2025-04-14`	a year	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
cdn.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-11` - `2026-01-11`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-27` - `2025-09-28`	a year	crt.sh
zoominfo.com E5	`2024-12-10` - `2025-03-10`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2024-08-09` - `2025-09-07`	a year	crt.sh
affec.tv Amazon RSA 2048 M02	`2024-06-10` - `2025-07-09`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
*.company-target.com R10	`2024-12-13` - `2025-03-13`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
permutive.com WE1	`2024-11-24` - `2025-02-23`	3 months	crt.sh
tag-logger.demandbase.com Amazon RSA 2048 M02	`2024-12-13` - `2026-01-11`	a year	crt.sh
logx.optimizely.com WR3	`2024-11-13` - `2025-02-11`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
api.permutive.com R11	`2024-12-18` - `2025-03-18`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
wsmcdn.audioeye.com WE1	`2024-12-06` - `2025-03-06`	3 months	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2024-06-18` - `2025-06-18`	a year	crt.sh
*.intentsify.io Amazon RSA 2048 M03	`2024-05-07` - `2025-06-06`	a year	crt.sh
wsv3cdn.audioeye.com WE1	`2024-11-10` - `2025-02-08`	3 months	crt.sh
report-prod.audioeye.com Amazon RSA 2048 M03	`2024-08-18` - `2025-09-17`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.bitsight.com/blog/badbox-botnet-back
Frame ID: 8F45CF5C6D1F08ABE0BC8D0A073D9128
Requests: 128 HTTP requests in this frame

Frame: https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html
Frame ID: 968E8AA12ED1C80E7BA8BF04B08392C0
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com
Frame ID: B21898FE536F945F10702D35B68CED61
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 84BC73CA9B01DFA3B4997DB31A6BEAE2
Requests: 1 HTTP requests in this frame

Frame: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/cookieStorage.html
Frame ID: FE3EFCCCD70C74690BB09FB3AA2FDF42
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BADBOX Botnet Is Back | Bitsight

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

Page Statistics

134
Requests

96 %
HTTPS

47 %
IPv6

34
Domains

51
Subdomains

49
IPs

5
Countries

1975 kB
Transfer

5377 kB
Size

78
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://service.bitsighttech.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://bitsight.wd1.myworkdayjobs.com/Bitsight
Title: Open Positions

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.bitsight.com/blog/badbox-botnet-back
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.bitsight.com/blog/badbox-botnet-back
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.bitsight.com/blog/badbox-botnet-back
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://github.com/DesktopECHO/T95-H616-Malware
Title: researcher Daniel Milisic became suspicious

Search URL Search Domain Scan URL

URL: https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf
Title: HUMAN’s Satori Threat Intelligence and Research Team’s

Search URL Search Domain Scan URL

URL: https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2024/241212_Badbox_Sinkholing.html
Title: operation that affected 30,000 devices

Search URL Search Domain Scan URL

URL: https://macaddress.io/mac-address-lookup/J2a1pdA72j
Title: here

Search URL Search Domain Scan URL

URL: https://device.report/bluetooth/187741
Title: here

Search URL Search Domain Scan URL

URL: https://www.imei.info/phonedatabase/hisense-t963/
Title: Instwall_T963 smartphone

Search URL Search Domain Scan URL

URL: https://alice.yandex.ru/support/ru/smart-tv-station/specs-tv-station-pro
Title: alice yandex

Search URL Search Domain Scan URL

URL: https://alice.yandex.ru/support/ru/smart-tv-station/purchase
Title: website

Search URL Search Domain Scan URL

URL: https://www.reuters.com/markets/deals/yandex-nv-finalises-54-bln-deal-sell-russian-businesses-2024-07-15/
Title: split

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/search/entity%253Adomain%2520ssl_thumbprint%253A5b3aa659cb8dece5c9a14d605c68a432b773969c/domains
Title: 5b3aa659cb8dece5c9a14d605c68a432b773969c

Search URL Search Domain Scan URL

URL: https://app.termscout.com/certify/bitsight-certified-contract

Search URL Search Domain Scan URL

URL: https://academy.bitsight.com/learn/dashboard
Title: BitSight Academy

Search URL Search Domain Scan URL

URL: https://help.bitsighttech.com/hc/en-us
Title: BitSight Knowledge Base

Search URL Search Domain Scan URL

URL: https://submit-irm.trustarc.com/services/validation/313077aa-ba94-46d5-8cdb-1eec02a3553a
Title: Do Not Sell or Share My Personal Information

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BitSight
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/bitsight/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bitsight/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/BitSight
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCQK4819a_k18f2GGC3Fkv8g
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQI8yvcHTBh6QQAAAZPkn63MRXzs1l_M5DFH0PbwrhssRqgnVUpo6aAm1Hbp3STO

Request Chain 76

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Request Chain 78

https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D676589227fc697000137259b%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmap.go.affec.tv%252Fmap%252Fan%252F%2524UID%253Fch%253D676589227fc697000137259b%2526chc%253Daf%2526redirect_url%253D%2526gdpr%253D%2526gdpr_consent%253D%26gdpr%3D%26gdpr_consent%3D HTTP 302
https://map.go.affec.tv/map/an/7587462392468665255?ch=676589227fc697000137259b&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= HTTP 303
https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=

Request Chain 83

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

134 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request badbox-botnet-back Show response
www.bitsight.com/blog/ 137 KB
23 KB 589ms
496ms Document
text/html 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f777cbc2d4707de5e23148494a2ada5b7ec14feab3dd9105fb0c6d247275a107

Security Headers

Name	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 74334
cache-control: max-age=31536000, public
cf-cache-status: DYNAMIC
cf-ray: 8f5090abbfa8cd3c-LHR
content-encoding: br
content-language: en
content-security-policy: report-uri /report-csp-violation
content-type: text/html; charset=UTF-8
date: Fri, 20 Dec 2024 15:11:29 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 19 Dec 2024 18:28:07 GMT
link: <analytics.google.com>; rel="dns-prefetch", <js.driftt.com>; rel="dns-prefetch", <rackingapi.trendemon.com>; rel="dns-prefetch", <tags.srv.stackadapt.com>; rel="dns-prefetch", <cdn.optimizely.com>; rel="dns-prefetch", <js.hs-scripts.com>; rel="dns-prefetch", <logx.optimizely.com>; rel="dns-prefetch", <metrics.hotjar.io>; rel="dns-prefetch", <bootstrap.driftapi.com>; rel="dns-prefetch", <ka-p.fontawesome.com>; rel="dns-prefetch", <audioeye.com>; rel="dns-prefetch", <googletagmanager.com>; rel="dns-prefetch", <permutive.com>; rel="dns-prefetch", <hotjar.com>; rel="dns-prefetch", <analytics.google.com>; rel="preconnect", <js.driftt.com>; rel="preconnect", <rackingapi.trendemon.com>; rel="preconnect", <consent.trustarc.com>; rel="preconnect", <cdn.optimizely.com>; rel="preconnect", <js.hs-scripts.com>; rel="preconnect", <metrics.hotjar.io>; rel="preconnect", <logx.optimizely.com>; rel="preconnect", <bootstrap.driftapi.com>; rel="preconnect", <ka-p.fontawesome.com>; rel="preconnect", <tags.srv.stackadapt.com>; rel="preconnect", <audioeye.com>; rel="preconnect", <googletagmanager.com>; rel="preconnect", <permutive.com>; rel="preconnect", <hotjar.com>; rel="preconnect", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2>; rel="prefetch", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://kit.fontawesome.com/bc8e4d7021.js>; rel="prerender", <https://js-agent.newrelic.com/nr-rum-1.255.0.min.js>; rel="prerender"
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains
surrogate-key: tilu alec 15nq bh81 mfcg 135a t5be 1rv1 4iqj 2h09 k5im 7bmp epgs ffa2 tapm s1so lgqj d7d6 1971 6ehj gaf3 bdo0 vblc knej sheu khoj 4n5i cj78 vja0 ka5u 78t5 6dsl ldc7 snk9 tib3 rjqv tjhs n16q keo3 rl04 p93v vcdf e79l u1q5 gsd9 lira nl66 jro7 in6f h29v iu4c 3kis e6ki 2pbm 3t5u 96os 1cn6 8j3g o1kn grd9 o13v ck9d 7jh1 pdhm u7v7 vnpd b7mh 6ogk 22p7 6tvg 28nu 8ele ieco 3r6a q7vo kqe5 1vef 9obn qggh 8ust ppbt avon p78i afak krqr cdhs k8rv cios 4nfg ql68 3bhf l3np 5re3 bsc4 aucp ut71 kvo9 u6mj i1hh m4ma 704t l0o5 ebeg 601f kfqg eit7 ig0p 4fu4 vq51 oauf snab trke e1j3
vary: Cookie,Accept-Encoding
via: varnish
x-ah-environment: prod
x-cache: HIT
x-cache-hits: 1009
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-request-id: v-9d2bd822-be37-11ef-b878-cbd7ce99d32f
x-xss-protection: 1; mode=block

GET
H3 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v22/ 0
14 KB 117ms
55ms Other
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

age: 306784
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 17 Dec 2025 01:58:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 01:58:25 GMT
last-modified: Wed, 26 Jan 2022 19:14:07 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13976
x-xss-protection: 0
server: sffe

GET
H2 200 pro-fa-light-300-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 0
15 KB 160ms
64ms Other
font/woff2 2606:4700:4400::6812:2844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=31556926
cf-cache-status: HIT
etag: "660c2974-3c34"
age: 3168151
cf-ray: 8f5090af7d2171c2-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15412
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: font/woff2
last-modified: Tue, 02 Apr 2024 15:51:16 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server: cloudflare

GET
H2 200 26349430206.js Show response
cdn.optimizely.com/js/ 354 KB
101 KB 153ms
56ms Script
text/javascript 2606:4700::6812:4139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.optimizely.com/js/26349430206.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be0b33b43c261e1e448c13164e77f21da55e5196fa684bca9eeca7d97b006960

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
content-encoding: gzip
cf-cache-status: HIT
etag: "b81f367c68d3f4e6e1872b8039664184"
x-amz-version-id: CiU7fHsqwBqtYWFzDifwetCnwdRSERzJ
age: 213
access-control-allow-methods: GET, HEAD
date: Fri, 20 Dec 2024 15:11:29 GMT
x-amz-meta-revision: 10858
content-type: text/javascript; charset=utf-8
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Fri, 20 Dec 2024 14:45:23 GMT
x-amz-id-2: 1OX0o3Q1h9BLhredAMxl46eYVYC5lQ8W3gCar3RZjAAvpN8L/sFtXBpkmHTJFWiZGSJaixivOvc=
access-control-allow-headers: *
x-amz-replication-status: PENDING
cache-control: max-age=120
timing-allow-origin: *
x-amz-meta-pci_enabled: False
access-control-allow-credentials: false
x-amz-request-id: HTNDQPA9XR5QE310
cf-ray: 8f5090af8dafe900-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 102521
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 css_yq4r6XpoCy4G0KXQP_HJesFfGrk7F5wPPm4FJtqn7rg.css
www.bitsight.com/sites/default/files/css/ 4 KB
1 KB 58ms
58ms Stylesheet
text/css 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/css/css_yq4r6XpoCy4G0KXQP_HJesFfGrk7F5wPPm4FJtqn7rg.css?delta=0&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-647c139e-bd5a-11ef-b278-cbcac312d754
content-encoding: gzip
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Thu, 18 Dec 2025 16:09:00 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: text/css
vary: Accept-encoding
x-cache-hits: 29
last-modified: Wed, 18 Dec 2024 16:08:13 GMT
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090aeeabbcd3c-LHR
accept-ranges: bytes
content-length: 1331
server: cloudflare

GET
H2 200 css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css
www.bitsight.com/sites/default/files/css/ 101 KB
16 KB 56ms
56ms Stylesheet
text/css 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e085cbdf15eb91cd92f94db43f2c9b2f0ea945936450b153c82e9526baa806ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-9e77a19e-bd5a-11ef-a90f-a30f163a05ad
content-encoding: gzip
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Thu, 18 Dec 2025 16:10:37 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: text/css
vary: Accept-encoding
x-cache-hits: 24
last-modified: Wed, 18 Dec 2024 16:10:24 GMT
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090aeeabccd3c-LHR
accept-ranges: bytes
content-length: 15687
server: cloudflare

GET
H2 200 Products_EnterpriseSecurity.svg
www.bitsight.com/sites/default/files/2024/04/27/ 994 B
625 B 55ms
54ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_EnterpriseSecurity.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-2b0579dc-7fa9-11ef-8f1a-1bf2f532319e
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:07 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:46:48 GMT
x-cache-hits: 98512
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090aeeabdcd3c-LHR
server: cloudflare

GET
H2 200 Products_DigitalSupplyChainSecurity.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
501 B 74ms
74ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_DigitalSupplyChainSecurity.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-a69fc274-7fa8-11ef-877b-fbeec39b1bd6
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:55:10 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:48:47 GMT
x-cache-hits: 88192
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090aeeabecd3c-LHR
server: cloudflare

GET
H2 200 Products_RiskGovernanceReporting.svg
www.bitsight.com/sites/default/files/2024/04/27/ 712 B
443 B 57ms
56ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskGovernanceReporting.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-8c303d32-06fa-11ef-b42b-5fe8171e2b39
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:56:06 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:50:46 GMT
x-cache-hits: 3
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=1209600
x-ah-environment: prod
via: varnish
cf-ray: 8f5090af4b06cd3c-LHR
server: cloudflare

GET
H2 200 Products_RiskAnalysisData.svg
www.bitsight.com/sites/default/files/2024/04/27/ 630 B
396 B 54ms
54ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskAnalysisData.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-f345b368-7fa8-11ef-a4ad-ef0b67ed8a2b
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:07 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:52:21 GMT
x-cache-hits: 100095
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090af6b1bcd3c-LHR
server: cloudflare

GET
H2 200 Products_CyberUnderwritingRiskControl.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
776 B 60ms
60ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Products_CyberUnderwritingRiskControl.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-8cd85e0e-06fa-11ef-9a40-c7211ac61ad7
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:41 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:53:11 GMT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=1209600
x-ah-environment: prod
via: varnish
cf-ray: 8f5090afab58cd3c-LHR
server: cloudflare

GET
H2 200 Produ_ProfessionalServices.svg
www.bitsight.com/sites/default/files/2024/04/27/ 2 KB
1 KB 55ms
55ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Produ_ProfessionalServices.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-2c86ad6c-7fa9-11ef-91e0-27d3f366b1a9
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:37 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:53:52 GMT
x-cache-hits: 97265
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b03c1acd3c-LHR
server: cloudflare

GET
H2 200 Sidebar_LightBulb.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
699 B 56ms
54ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-9e9cbe8c-06fa-11ef-a662-17b03e11abdd
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:55:13 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:45:47 GMT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=1209600
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c4dcd3c-LHR
server: cloudflare

GET
H2 200 Solutions_UseCases.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
685 B 405ms
403ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_UseCases.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-c3a3ffb2-bb7a-11ef-b627-3ffeb8839113
content-encoding: br
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:55:41 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:56:37 GMT
x-cache-hits: 3575
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c4fcd3c-LHR
server: cloudflare

GET
H2 200 Solutions_Industries.svg
www.bitsight.com/sites/default/files/2024/04/27/ 864 B
504 B 61ms
59ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_Industries.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-8e9ca90c-06fa-11ef-b9e5-772998f816ed
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:55:13 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 17:59:41 GMT
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=1209600
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c51cd3c-LHR
server: cloudflare

GET
H2 200 DataInsights_OurData.svg
www.bitsight.com/sites/default/files/2024/04/27/ 725 B
551 B 57ms
56ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_OurData.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-a6cf3f54-7fa8-11ef-94e3-83b871583532
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:56:06 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:03:58 GMT
x-cache-hits: 79568
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c53cd3c-LHR
server: cloudflare

GET
H2 200 DataInsights_ThreatResearch.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
474 B 59ms
57ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_ThreatResearch.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-f354b958-7fa8-11ef-8c5e-67301c689dca
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:55:13 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:18:18 GMT
x-cache-hits: 71940
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c54cd3c-LHR
server: cloudflare

GET
H2 200 Sidebar_Bell.svg
www.bitsight.com/sites/default/files/2024/04/27/ 766 B
485 B 58ms
57ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-2e6c63e2-7fa9-11ef-908f-0b147fff18b1
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:37 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:03:01 GMT
x-cache-hits: 98190
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c55cd3c-LHR
server: cloudflare

GET
H2 200 Company_AboutUs.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
631 B 62ms
60ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Company_AboutUs.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-2e06863a-7fa9-11ef-b5e1-5f78105553e7
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:55:16 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:07:02 GMT
x-cache-hits: 97044
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c56cd3c-LHR
server: cloudflare

GET
H2 200 Company_ConnectWithUs.svg
www.bitsight.com/sites/default/files/2024/04/27/ 745 B
423 B 65ms
63ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Company_ConnectWithUs.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-74d36e98-7fa9-11ef-9c4a-cf3fcb713adf
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:41 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:09:14 GMT
x-cache-hits: 98847
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b06c57cd3c-LHR
server: cloudflare

GET
H2 200 Resources_Resources.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
709 B 60ms
59ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Resources.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-a6cdb79c-7fa8-11ef-83ef-8b8478498df7
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:07 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:12:47 GMT
x-cache-hits: 100068
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b07c58cd3c-LHR
server: cloudflare

GET
H2 200 Resources_Blog.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
590 B 107ms
106ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Blog.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-aaa649e8-bb7a-11ef-95ac-376b861476ff
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:07 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:14:49 GMT
x-cache-hits: 7145
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b08c6bcd3c-LHR
server: cloudflare

GET
H2 200 Sidebar_QuoteBubble.svg
www.bitsight.com/sites/default/files/2024/04/27/ 1 KB
739 B 105ms
104ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_QuoteBubble.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-570f12fe-1eba-11ef-b716-c79cf80b08f4
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:42 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Sat, 27 Apr 2024 18:16:50 GMT
x-cache-hits: 3759
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=1209600
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b08c6fcd3c-LHR
server: cloudflare

GET
H2 200 blog%20BADBOX%20Botnet%20is%20back%20hero%20v2.webp
www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/12/16/ 132 KB
132 KB 76ms
75ms Image
image/webp 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/12/16/blog%20BADBOX%20Botnet%20is%20back%20hero%20v2.webp?itok=ohsF_9sU

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1847853aca5a9214e135721b88e1a5aabab5214ab304ff92907dd2c873bec06

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-814dd2fc-bc86-11ef-9658-630424785040
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Wed, 17 Dec 2025 14:51:38 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/webp
last-modified: Mon, 16 Dec 2024 19:54:14 GMT
x-cache-hits: 399
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b08c71cd3c-LHR
accept-ranges: bytes
content-length: 135368
server: cloudflare

GET
H2 200 Favorable_TermScout.svg
www.bitsight.com/sites/default/files/2024/10/10/ 16 KB
5 KB 105ms
104ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/10/10/Favorable_TermScout.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-56c54b70-874b-11ef-9c85-df1a7d2d3fb7
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:57:30 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Oct 2024 21:05:11 GMT
x-cache-hits: 65026
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b08c73cd3c-LHR
server: cloudflare

GET
H2 200 js_2kCWiyHPPhr7MFMXKlRpDYMrCQyAuoU5sCsKCK0CYVw.js Show response
www.bitsight.com/sites/default/files/js/ 92 KB
32 KB 58ms
58ms Script
text/javascript 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/js/js_2kCWiyHPPhr7MFMXKlRpDYMrCQyAuoU5sCsKCK0CYVw.js?scope=footer&delta=0&language=en&theme=bitsight_theme&include=eJxljVEOwyAMQy9UypFQgKxkJQmCoPb4k9ZJ1bYvy36yXWYcTc2XS9ekGYN1SDvJtuBplWT3uc8Gdf3YJZIN2ooFK8johyaC6hhl3igps4p_Tm7hm1ylA-NDO__GDCTvJRerpv8rMnQFIWN_Aee7STo

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-6b770974-bd5a-11ef-bc71-b78b2125006f
content-encoding: gzip
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Thu, 18 Dec 2025 16:09:01 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: text/javascript
vary: Accept-encoding
x-cache-hits: 8
last-modified: Wed, 18 Dec 2024 16:08:13 GMT
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090afbb79cd3c-LHR
accept-ranges: bytes
content-length: 32455
server: cloudflare

GET
H2 200 277648.js Show response
js.hs-scripts.com/ 1 KB
1 KB 264ms
174ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/277648.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f69cda363fec0733f83bfc806e58d0b7114981868951f1cbfc3714ea43b202bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: EXPIRED
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 15:12:59 GMT
date: Fri, 20 Dec 2024 15:11:29 GMT
x-hubspot-correlation-id: 15fa2433-6b64-4d7e-bc92-7287aa586f2a
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Fri, 20 Dec 2024 15:11:29 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8f5090b0f837f656-LHR
accept-ranges: bytes
access-control-allow-origin: https://www.bitsight.com
content-length: 602
server: cloudflare

GET
H2 200 js_7U_xcCpazaSHDkwCkb52eEqpEQDyjuyM4XBWa1l8ETI.js Show response
www.bitsight.com/sites/default/files/js/ 57 KB
15 KB 55ms
55ms Script
text/javascript 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/js/js_7U_xcCpazaSHDkwCkb52eEqpEQDyjuyM4XBWa1l8ETI.js?scope=footer&delta=2&language=en&theme=bitsight_theme&include=eJxljVEOwyAMQy9UypFQgKxkJQmCoPb4k9ZJ1bYvy36yXWYcTc2XS9ekGYN1SDvJtuBplWT3uc8Gdf3YJZIN2ooFK8johyaC6hhl3igps4p_Tm7hm1ylA-NDO__GDCTvJRerpv8rMnQFIWN_Aee7STo

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

884d759a45e7419a537a688964366d561f9831aaa6a4e2bb56bfdc46471449e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-bf520918-bd5a-11ef-ba7a-b72444e5dcd9
content-encoding: gzip
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Thu, 18 Dec 2025 16:11:32 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: text/javascript
vary: Accept-encoding
x-cache-hits: 23
last-modified: Wed, 18 Dec 2024 16:10:38 GMT
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b00beecd3c-LHR
accept-ranges: bytes
content-length: 14832
server: cloudflare

GET
H2 200 geo4.js Show response
cdn3.optimizely.com/js/ 297 B
307 B 191ms
90ms Script
application/javascript 104.18.35.242
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.optimizely.com/js/geo4.js
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/26349430206.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.35.242 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5612f523e2cf8e17f579455c648045ba299c99abc1576c27810dc049453c9546

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cf-ray: 8f5090b10b98cd63-LHR
content-encoding: br
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 451 KB
136 KB 194ms
80ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f9720e4bbdcbcd9880feecb2ce1903924d4f48e42135b1698f2fb076b02bf41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 20 Dec 2024 15:11:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 138695
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
1 KB 181ms
68ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+Mono:wght@100..900&display=swap

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c1e3494ff517f09d546f2058147b83fbf0afd3b394b3f2597c2be7498609b40c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 15:11:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 20 Dec 2024 15:09:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 246ms
54ms Stylesheet
text/css 2a02:26f0:3500:8::c16c:9908
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=dws7syq&ht=tk&f=39488.39489.39490.39491.39492.39493.39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509&a=212160357&app=typekit&e=css
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9908 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw

Response headers

cache-control: public, max-age=604800
etag: "674c5a4a-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: text/css
last-modified: Sun, 01 Dec 2024 12:44:58 GMT
server: nginx

GET
H2 200 a26349430206.html
a26349430206.cdn.optimizely.com/client_storage/ Frame 968E 0
0 185ms
91ms Document
text/html 2606:4700::6812:4139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/26349430206.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.bitsight.com/blog/badbox-botnet-back
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 12
cache-control: max-age=120
cf-cache-status: HIT
cf-ray: 8f5090b1391abeb6-LHR
content-encoding: gzip
content-length: 775
content-type: text/html; charset=utf-8
date: Fri, 20 Dec 2024 15:11:29 GMT
etag: "459f1b645e94ab74612f003165822f88"
last-modified: Fri, 20 Dec 2024 14:45:18 GMT
server: cloudflare
server-timing: cfCacheStatus;desc="HIT"
vary: Accept-Encoding
x-amz-id-2: CnUE0pr5coiXmgcVhw2yh1UG5OW4ISSZ+Er3UzSeZCfWTMyrllN/xFmzovqENaVIduV8UEBwbQA=
x-amz-meta-pci_enabled: False
x-amz-replication-status: COMPLETED
x-amz-request-id: MRVMW9G3DPJP32VX
x-amz-server-side-encryption: AES256
x-amz-version-id: JUnE2bUnqtRDcZtTk6Rpz_6KHarPMkDm

GET
H2 200 point-of-precision.svg
www.bitsight.com/themes/custom/bitsight_theme/src/assets/ 327 B
404 B 57ms
56ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/themes/custom/bitsight_theme/src/assets/point-of-precision.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw

Response headers

x-request-id: v-a893dd5a-bb7a-11ef-a664-6f3c7b157c8c
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:38 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Wed, 20 Nov 2024 16:22:42 GMT
x-cache-hits: 6765
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b20e30cd3c-LHR
server: cloudflare

GET
H2 200 l
use.typekit.net/af/0230dd/00000000000000007735bb33/30/ 26 KB
26 KB 292ms
106ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0230dd/00000000000000007735bb33/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "5bb33ae2a954c4b3b528681f85ecbf7624532fad"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 26356
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/153042/00000000000000007735bb62/30/ 24 KB
24 KB 353ms
168ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "b0d46bd3fb22c6c06785f44e1a131be6878e0485"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24460
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/305037/00000000000000007735bb39/30/ 27 KB
27 KB 297ms
112ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/305037/00000000000000007735bb39/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "4af6f044e86b0a30d1aa7c5babe16808274dd9a8"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 27780
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/ 23 KB
23 KB 297ms
112ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "11d02edbb0e1552504cdb4512876b33f0c02dcaf"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23256
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/384d9b/00000000000000007735bb6a/30/ 25 KB
25 KB 291ms
106ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "23427917d6d72688888854d7151dc7962d8d8301"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 25828
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/aed66e/00000000000000007735bb35/30/ 27 KB
27 KB 247ms
62ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/aed66e/00000000000000007735bb35/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "9e3369ea7ed88f1e4a8a12a637f7348f31af57ce"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 27892
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/160664/00000000000000007735bb32/30/ 28 KB
28 KB 238ms
53ms Font
application/font-woff2 2a02:26f0:3500:8::c16c:9904
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/160664/00000000000000007735bb32/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/sites/default/files/css/css_UF4BQA9lGEVfeTaQkfWne23tx8qjqX1gtH8D2vASTJ0.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkFFywyAMRC9kwkwulBFYttUK5EGiDj19HKf9iMkf6IlddrWpYfIBFIfIoNrezglVYUYdohT0WUoCpl8cApnSvNjNFkzoZ5YAPODdmPK3H0tdgS9_1_OySiRglzDXDpGhm0QMyxltGKbd_jz-qml9STE0qXYbSaP8YGleMkbhIeFI4CfiXfQSYTWSfFZZEEbK83lsewK3NaWtdexl5673_6qyjF0vh_fnl_1qro5JOxCqWf_jBJSP3C6wxL7jZ5GhQP4U64DPyFgeLkLIDw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:8::c16c:9904 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "a0a5b94f1d2bb67123bf96637186b77b73341264"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 28612
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 Pedro_fale-v2.jpg
www.bitsight.com/sites/default/files/styles/avatar/public/2024/12/16/ 1 KB
2 KB 61ms
59ms Image
image/jpeg 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/styles/avatar/public/2024/12/16/Pedro_fale-v2.jpg?itok=J7AjEWCL

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e62a999b83dc784cb25311bcddac205db447962e4489be827f4377b6cb346c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-6bb67566-bc86-11ef-82b2-8b65a7de350d
cf-bgj: h2pri
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Wed, 17 Dec 2025 14:51:39 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/jpeg
last-modified: Mon, 16 Dec 2024 19:54:25 GMT
x-cache-hits: 321
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b21e50cd3c-LHR
accept-ranges: bytes
content-length: 1462
server: cloudflare

GET
H2 200 BADBOX%20criminal%20scheme.png
www.bitsight.com/sites/default/files/2024/12/16/ 50 KB
51 KB 57ms
56ms Image
image/png 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/12/16/BADBOX%20criminal%20scheme.png

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5733dbd73c891414dad830492c2d29b37428d3e634a91fd055230083eea72c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-c5e776b2-bbea-11ef-878b-cf1013804020
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 20:17:28 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/png
last-modified: Mon, 16 Dec 2024 20:17:07 GMT
x-cache-hits: 16
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b21e52cd3c-LHR
accept-ranges: bytes
content-length: 51540
server: cloudflare

GET
H2 200 activity%20flow%20behind%20the%20process%20of%20BADBOX%20deployment.png
www.bitsight.com/sites/default/files/styles/cta/public/2024/12/16/ 86 KB
86 KB 63ms
61ms Image
image/png 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/styles/cta/public/2024/12/16/activity%20flow%20behind%20the%20process%20of%20BADBOX%20deployment.png?itok=-EEGE9Ol

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17f7f27a16648f6bb13af45474de061c07214d641737d118c409bcb2960d958c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-8899f93c-bc86-11ef-8a78-4bf308325c17
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Wed, 17 Dec 2025 14:51:47 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/png
last-modified: Mon, 16 Dec 2024 20:19:03 GMT
x-cache-hits: 348
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b22e54cd3c-LHR
accept-ranges: bytes
content-length: 88229
server: cloudflare

GET
H2 200 KEV-research-white-paper-ad.svg
www.bitsight.com/sites/default/files/2024/09/20/ 167 KB
111 KB 70ms
69ms Image
image/svg+xml 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitsight.com/sites/default/files/2024/09/20/KEV-research-white-paper-ad.svg

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-e405ce10-bb7b-11ef-8ea0-476c583fe013
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 07:05:15 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Sep 2024 19:03:54 GMT
x-cache-hits: 7
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b22e56cd3c-LHR
server: cloudflare

GET
H2 200 277648.js Show response
js.hs-analytics.net/analytics/1734707400000/ 87 KB
28 KB 333ms
235ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1734707400000/277648.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-amz-server-side-encryption: AES256
x-request-id: dfa58c7e-c4ca-41e1-a486-710299bf838e
content-encoding: gzip
cf-cache-status: MISS
etag: W/"1a816f50c8ec3bdb09dc86b88930a279"
x-amz-version-id: null
expires: Fri, 20 Dec 2024 15:16:29 GMT
x-evy-trace-listener: listener_https
date: Fri, 20 Dec 2024 15:11:29 GMT
x-hubspot-correlation-id: dfa58c7e-c4ca-41e1-a486-710299bf838e
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:38:12 GMT
vary: origin, Accept-Encoding
x-amz-id-2: hfuWRlj+05SFqN0eoauDC5f+oon0hw82hQ7BLmcJUBNbqYRYdsd3/eX4hT15KXYhn0hm4vgXP0E=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-thqkc
x-envoy-upstream-service-time: 59
access-control-allow-credentials: false
x-amz-request-id: 3JVME12SG2EVC0CG
cf-ray: 8f5090b2cd97befd-LHR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/277648/ 72 KB
27 KB 160ms
66ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/277648/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 3a19b3f7-d48b-488f-9825-cf42f213b70a
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"0d348277da23f2965a1392e91a7fa6aa"
x-amz-version-id: 9rYQwXAh7p3RpE9mplC_EqLSRKBCDaOM
age: 11
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Fri, 20 Dec 2024 15:16:03 GMT
x-evy-trace-listener: listener_https
date: Fri, 20 Dec 2024 15:11:29 GMT
x-hubspot-correlation-id: 3a19b3f7-d48b-488f-9825-cf42f213b70a
content-type: text/javascript; charset=UTF-8
last-modified: Fri, 23 Aug 2024 14:30:47 GMT
vary: origin, Accept-Encoding
x-amz-id-2: qS2rU+0pFmhL5kGHFWyD9Awg8GJXUgNhoIZG/zehEw6uGH1j4jbcUkIr6Kp1A6gmEZvK8wca5CA=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-wgwsj
x-envoy-upstream-service-time: 23
access-control-allow-credentials: true
x-amz-request-id: ZAJPJESK9NEG2HW3
cf-ray: 8f5090b2c9dc657b-LHR
access-control-allow-origin: https://www.bitsight.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 149ms
56ms Script
application/javascript 2606:4700::6812:8b11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/277648.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: 3b2bb04d-35aa-4f9d-9882-28cd1499f613
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: PqQn.3x38ZWRmSYb9J2u1wYA9Etnh36Z
etag: W/"e9829c28fae41e369bd948323746cc37"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 82021
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: DS9667BNp3Ktt5KWDF0TC1tYp4F875doUf6Ga7ZmiFWNbhKHHSxD6g==
x-hubspot-correlation-id: 3b2bb04d-35aa-4f9d-9882-28cd1499f613
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 15:49:15 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-4wq5t
x-envoy-upstream-service-time: 18
x-hs-target-asset: lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Fri, 20 Dec 2024 15:11:29 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js&cfRay=8f12a23a38ec5bc1-AMS
via: 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
cf-ray: 8f5090b2cb8c7767-LHR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 notice Show response
consent.trustarc.com/ 34 KB
11 KB 179ms
60ms Script
text/javascript 18.66.122.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.97 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-97.fra60.r.cloudfront.net

Software

Resource Hash

94bbfd0ebc9f59e045b2c921dfc66709429efb1dba5901a7cc7abf113bd3ee4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3600
content-encoding: gzip
age: 122
via: 1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: llFDikP_iVquNWo2y6KVv5JLa_bMDwZ6p04Z4ogtoXuXH63aLidnPw==
date: Fri, 20 Dec 2024 15:09:27 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA60-P2

POST
H3 200 collect
www.google.com/ccm/ 0
0 172ms
63ms Ping
text/plain 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&scrsrc=www.googletagmanager.com&frm=0&rnd=270272254.1734707490&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&auid=291628280.1734707490&navt=n&npa=1&gtm=45He4cc1v76025611za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734707489715&tfd=1238&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

GET
H/1.1 200
OK bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 211ms
60ms Script
application/x-javascript 2a02:26f0:3500:3::b818:4d39
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d39 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

af7b4fdf7f3f4d00e82d0152dffa86dee48bdf67414adbb0ce680e17980a33d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

Strict-Transport-Security: max-age=31536000; includeSub
Cache-Control: max-age=86400
Content-Encoding: gzip
ETag: "b9973305d52db1:0"
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 25393
Date: Fri, 20 Dec 2024 15:11:29 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 19 Dec 2024 21:30:12 GMT
Vary: Accept-Encoding

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 19 KB
8 KB 231ms
75ms Script
application/javascript 2a02:26f0:3100::1735:284b
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:284b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

vary: Accept-Encoding
cache-control: max-age=55781
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 7404
date: Fri, 20 Dec 2024 15:11:29 GMT
last-modified: Wed, 18 Dec 2024 09:08:52 GMT
content-type: application/javascript;charset=utf-8
x-edgeconnect-midmile-rtt: 0, 0
x-edgeconnect-origin-mex-latency: 470, 470
x-amz-server-side-encryption: AES256

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 166ms
52ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: gzip
age: 5268
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 15:43:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 13:43:41 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 262 KB
93 KB 85ms
84ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0ca2e3d3d1356c956593abe44a9bf7c7276f375969f2999494091167cd286c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Fri, 20 Dec 2024 15:11:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94801
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 169ms
54ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Fri, 20 Dec 2024 15:11:29 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
712 B 371ms
128ms Script
text/javascript 74.121.140.211
PAEDAE-INC

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_pp=1&mt_adid=222552

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.140.211 Reston, United States, ASN30419 (PAEDAE-INC, US),

Reverse DNS

Software

MT3 1688 76e1918 master iad iad-pixel-x14 config_version:"3890" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

Strict-Transport-Security: 31536000
Cache-Control: no-cache
Content-Encoding: gzip
Connection: close
Cross-Origin-Resource-Policy: cross-origin
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: all
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Fri, 20 Dec 2024 15:11:30 GMT
X-XSS-Protection: 0
Content-Type: text/javascript
Server: MT3 1688 76e1918 master iad iad-pixel-x14 config_version:"3890"

GET
H2 200 7127e84810857c8d.min.js Show response
tag.demandbase.com/ 76 KB
20 KB 189ms
63ms Script
application/javascript 18.245.46.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/7127e84810857c8d.min.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.46.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-46-44.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: gzip
x-amz-version-id: v05QvrvxRI0VOl7C8T2uZsSJ_x4PrkcB
etag: W/"dc57eab4525914a6ed3317a7f6046ff8"
age: 121
x-cache: Hit from cloudfront
x-amz-cf-id: 2QETgaJPg9nYfkeXob6GNEaVEUZEGKR4WzTuz5AcQOF1jlNeutaRRw==
date: Fri, 20 Dec 2024 15:09:29 GMT
content-type: application/javascript; charset=utf-8
vary: accept-encoding
last-modified: Fri, 15 Nov 2024 20:20:16 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=3600
via: 1.1 c5b802393a68d17f06973bb92695544a.cloudfront.net (CloudFront)
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: FRA56-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 nB5wHQT3fvQHVI5gp4PL Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 267ms
218ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/nB5wHQT3fvQHVI5gp4PL

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

1996841505e5dfa4304f1bf05ccd0d49b242f497cee2635c0712bc77bb274ba2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8f5090b3cc73bd80-LHR
access-control-allow-origin: *
x-powered-by: Express
server: cloudflare

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 179ms
54ms Script
text/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: gzip
age: 3999
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 16:04:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 14:04:51 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 17168
server: Golfe2

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 22 KB
8 KB 276ms
148ms Script
text/javascript 35.157.57.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-57-152.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d41c98a3855d028ba42a00b96d3f2069d4735676de31e5f7186cdf84df71431c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-allow-origin: *
cache-control: max-age=5
content-encoding: gzip
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/javascript

GET
H2 200 64fa38cc287519aad2798b3c Show response
go.affec.tv/j/ 663 B
799 B 181ms
60ms Script
application/javascript 52.211.65.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c?
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-65-65.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding: gzip
expires: Wed, 04 Apr 1990 00:00:00 GMT
content-length: 431
p3p: CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame B218 0
0 165ms
53ms Document
text/html 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 80122
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 19 Dec 2024 16:56:07 GMT
expires: Fri, 19 Dec 2025 16:56:07 GMT
last-modified: Thu, 12 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 v1.7-38 Show response
consent.trustarc.com/asset/notice.js/v/ 95 KB
28 KB 169ms
61ms Script
text/javascript 18.66.122.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-38

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.97 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-97.fra60.r.cloudfront.net

Software

Resource Hash

bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: *
content-encoding: gzip
age: 1437
x-cache: Hit from cloudfront
x-amz-cf-id: fc3TeM2kRXvVtLLKG2pMPGX0icyupj1smPu5x2UQD2gx9_wU6HBOLw==
date: Fri, 20 Dec 2024 14:47:33 GMT
content-type: text/javascript
last-modified: Thu, 5 Dec 2024 02:35:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
pragma: public
via: 1.1 9905602b8526d2635024f3edbf1df702.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 28264
x-amz-cf-pop: FRA60-P2

GET
H2 200 log
consent.trustarc.com/ 43 B
430 B 84ms
84ms Image
image/gif 18.66.122.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=bitsighttech.com&country=de&state=&behavior=implied&session=f3fd241a-08eb-4960-98a4-8ae454567949&userType=NEW&c=2fab&referer=https://www.bitsight.com&language=en

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.97 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-97.fra60.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
via: 1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: uTZsNn2CFgmLI0Si4IVT5qN9kWTZwv2zbRJ-t6n4oIOOqkVsC1FXsw==
date: Fri, 20 Dec 2024 15:11:29 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P2
vary: Origin

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_dy92zhkbx/ 3 B
124 B 183ms
67ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_dy92zhkbx/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json

GET
H2 200 t2_dy92zhkbx_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 178ms
70ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_dy92zhkbx_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 270ms
153ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1734707489897&id=t2_dy92zhkbx&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=96c92bba-4f2d-4962-94ed-b3a2b7540fb6&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: image/gif
server: Varnish

GET
H3 200 ipv
cdn.bizible.com/ 43 B
64 B 132ms
57ms Image
image/gif 2.16.168.121
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=f80fc3ccced44d98ccb6ddd9c0d9af00&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&_biz_t=1734707489935&_biz_i=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&_biz_n=0&rnd=544028&cdn_o=a&_biz_z=1734707489936

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

QUIC, , AES_256_GCM

Server

2.16.168.121 , Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-16-168-121.deploy.static.akamaitechnologies.com

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
quic-version: 0x00000001
expires: Fri, 20 Dec 2024 15:11:30 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: Image/GIF

GET
H/1.1 200
OK u
cdn.bizibly.com/ 43 B
627 B 209ms
78ms Image
image/gif 2a02:26f0:3500:3::b818:4d39
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=f80fc3ccced44d98ccb6ddd9c0d9af00&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&_biz_t=1734707489937&_biz_i=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&rnd=595093&cdn_o=a&_biz_z=1734707489937

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d39 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

Strict-Transport-Security: max-age=31536000; includeSub
Cache-Control: no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Expires: Fri, 20 Dec 2024 15:11:30 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 43
Date: Fri, 20 Dec 2024 15:11:30 GMT
Content-Type: Image/GIF

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
422 B 65ms
64ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=265998123&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&ul=en-gb&de=UTF-8&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1433055668&gjid=1578867465&cid=374556144.1734707490&tid=UA-36272386-4&_gid=215348226.1734707490&_r=1&_slc=1&gtm=45He4cc1n81MZ2J8ZGv76025611za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&npa=1&z=1284610862

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:29 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 77ms
74ms Script
application/javascript 2a02:26f0:3100::1735:284b
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:284b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=59346
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Fri, 20 Dec 2024 15:11:30 GMT
last-modified: Mon, 02 Dec 2024 10:13:56 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 sync
s.company-target.com/s/ Frame 84BC 0
0 259ms
142ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.company-target.com/s/sync?exc=lr

Requested by

Host: tag.demandbase.com
URL: https://tag.demandbase.com/7127e84810857c8d.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

22.71.96.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bitsight.com/blog/badbox-botnet-back
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Fri, 20 Dec 2024 15:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 181ms
62ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 20 Dec 2024 15:11:30 GMT

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 479 B
1 KB 218ms
98ms XHR
application/json 18.66.102.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&page_title=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-85.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

36f3c49a61a7ad65e1bc675794b5fb793eedbc952f63b454c1f9e10284be1322

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CENTRAL
access-control-allow-methods: GET, POST, OPTIONS
request-id: e8d25c9d-a767-4f7d-84fe-dba9f53fc8aa
expires: Thu, 19 Dec 2024 15:11:30 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: 81F6KuJq8Gg9HTRYosjuYZ2mt27bh9hCtXQrGV7FZXkNbRRdF1q70g==
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitsight.com
x-amz-cf-pop: FRA56-P2
server: nginx

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
815 B 362ms
239ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000629b50fbf6b9948e230755d8256bf
x-msedge-ref: Ref A: EFAC63D546E54D818FAB6EDFFDEDBE73 Ref B: DUS30EDGE0310 Ref C: 2024-12-20T15:11:30Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYptQ+/a5lI4jB1XYJWvw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQI8yvcHTBh6QQAAAZPkn63MRXzs1l_M5DFH0PbwrhssRqgnVU...

0
265 B

319ms
204ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQI8yvcHTBh6QQAAAZPkn63MRXzs1l_M5DFH0PbwrhssRqgnVUpo6aAm1Hbp3STO
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 67A5835DA0C343D8AC1E30C84FE31053 Ref B: FRAEDGE2006 Ref C: 2024-12-20T15:11:30Z
x-li-fabric: prod-lva1
x-li-uuid: AAYptQ/Dr/Iy6Wp1qLDhGw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734707490051&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQI8yvcHTBh6QQAAAZPkn63MRXzs1l_M5DFH0PbwrhssRqgnVUpo6aAm1Hbp3STO
x-msedge-ref: Ref A: 0D717A1D5FEE46E2A312BD8273BD56C1 Ref B: FRAEDGE1820 Ref C: 2024-12-20T15:11:30Z
x-li-fabric: prod-lva1
x-li-uuid: AAYptQ++x3NATM+0bsAFdw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 20 Dec 2024 15:11:29 GMT

GET
H3 200 xdc.js Show response
cdn.bizible.com/ 111 B
235 B 165ms
165ms Script
text/javascript 2.16.168.121
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=f80fc3ccced44d98ccb6ddd9c0d9af00&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.12.19

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_256_GCM

Server

2.16.168.121 , Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-16-168-121.deploy.static.akamaitechnologies.com

Software

Resource Hash

0148ec890f865cbbc3dfa7417882b7a150260015e945831a1c061c4e59117fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: private, must-revalidate, max-age=21600
content-encoding: gzip
etag: 8D3B5B99
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 214
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2

200

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

0
1 KB

60ms
60ms

Script
application/javascript

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 82.199.130.42; 82.199.130.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: a7458223-a4c4-41be-b58d-f563729221bf
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 20 Dec 2024 15:11:30 GMT
x-xss-protection: 0
content-type: application/javascript; charset=utf-8
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 82.199.130.42; 82.199.130.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: dfabfb25-d3ad-4fc4-b082-f6d894a087f9
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 20 Dec 2024 15:11:30 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
go.affec.tv/per/ 846 B
916 B 54ms
51ms Script
application/javascript 52.211.65.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8
Requested by: Host: go.affec.tv
URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-65-65.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding: gzip
expires: Wed, 04 Apr 1990 00:00:00 GMT
content-length: 549
p3p: CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2

200

generic
match.adsrvr.org/track/cmf/
Redirect Chain

https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D676589227fc697000137259b%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent=
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmap.go.affec.tv%252Fmap%252Fan%252F%2524UID%253Fch%253D676589227fc697000137259b%2526chc%253Daf%2526redirect_url%253D%2526gdpr%253D%25...
https://map.go.affec.tv/map/an/7587462392468665255?ch=676589227fc697000137259b&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=

70 B
149 B

173ms
55ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-length: 70
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: image/gif
server: Kestrel

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=
content-length: 134
content-encoding: gzip
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding

GET
H2 200 64fa38cd287519aad2798b3d Show response
go.affec.tv/j/ 523 B
726 B 55ms
53ms Script
application/javascript 52.211.65.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/j/64fa38cd287519aad2798b3d?
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-65-65.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
content-encoding: gzip
expires: Wed, 04 Apr 1990 00:00:00 GMT
content-length: 359
p3p: CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC"
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 bannermsg
consent.trustarc.com/ 43 B
429 B 82ms
82ms Image
image/gif 18.66.122.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/bannermsg?action=views&domain=bitsighttech.com&behavior=implied&country=de&language=en&rand=0.17698678959546288&session=f3fd241a-08eb-4960-98a4-8ae454567949&userType=NEW&referer=https://www.bitsight.com

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.97 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-97.fra60.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
via: 1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: KHx1ElYFpqmgF6kIISgA4cHvapQSQFGgdqgojl1zC7w9K6t9plyirA==
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P2
vary: Origin

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
410 B 62ms
61ms Image
image/gif 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=937908105&utmhn=www.bitsight.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-gb&utmje=0&utmfl=-&utmdt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&utmhid=265998123&utmr=-&utmp=%2Fblog%2Fbadbox-botnet-back&utmht=1734707490092&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D15825701.374556144.1734707490.1734707490.1734707490.1%3B%2B__utmz%3D15825701.1734707490.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1605910916&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAABAAAE~

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],}
x-content-type-options: nosniff
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:30 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
server: Golfe2

GET
H2 200 6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Show response
cdn.permutive.com/ 279 KB
80 KB 159ms
69ms Script
application/javascript 2606:4700::6811:6d13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js
Requested by: Host: go.affec.tv
URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6d13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=OD+e0A==, md5=Pmn62h2zlhYTKmf1Str1pA==
x-goog-meta-oid: 6a844cb1-30bc-4723-8446-2cd9d1f839b8
etag: "3e69fada1db39616132a67f54adaf5a4"
cf-cache-status: HIT
age: 0
x-goog-stored-content-encoding: gzip
expires: Fri, 20 Dec 2024 15:26:30 GMT
x-goog-stored-content-length: 81473
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 17:01:24 GMT
vary: Accept-Encoding
x-guploader-uploadid: ABPtcPqeSA8Hpcb-PrgvEpdLsObBqpGSNgYufd6BzeNnrooFlXJsV9IRwnJ6XYwSnduey3kSC35uG8lvIw
cache-control: public, max-age=900
timing-allow-origin: *
x-goog-storage-class: REGIONAL
cf-ray: 8f5090b60e768867-LHR
accept-ranges: bytes
x-goog-generation: 1695402084169978
content-length: 81473
server: cloudflare

GET
H2

200

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D
https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

0
1 KB

58ms
58ms

Script
application/javascript

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

Requested by

Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 82.199.130.42; 82.199.130.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 69091b7e-02f6-4f99-a319-12f43fe2d753
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 20 Dec 2024 15:11:30 GMT
x-xss-protection: 0
content-type: application/javascript; charset=utf-8
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 82.199.130.42; 82.199.130.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 5595dac5-1c25-4c09-8132-7f29272a077c
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 20 Dec 2024 15:11:30 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 146ms
145ms Stylesheet
text/css 35.157.57.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-57-152.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c66e7e2c79276222906940f05326720f5c1e6b9b533726a7ee1b4de91c2a0cdb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 254ms
145ms Fetch
image/jpeg 35.157.57.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-57-152.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: image/jpeg

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
443 B 279ms
154ms XHR
text/html 2600:9000:2724:3e00:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=81F6KuJq8Gg9HTRYosjuYZ2mt27bh9hCtXQrGV7FZXkNbRRdF1q70g==&api-version=v3
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2724:3e00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
etag: "d41d8cd98f00b204e9800998ecf8427e"
age: 24443
alt-svc: h3=":443"; ma=86400
x-cache: Error from cloudfront
x-amz-cf-id: qbqa9fgOPt9f-fEBfvfkFTeMVO3-YUkeh_limmhjOuezNVHX-RGuPg==
date: Fri, 20 Dec 2024 08:24:11 GMT
content-type: text/html
vary: accept-encoding
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
via: 1.1 f41688bac877227b82b3347b2428d266.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-amz-cf-pop: FRA56-P12
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 400 KB
129 KB 82ms
82ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

1d83fa05e618703093a2fc5087dccd7ed2976adb4ef2dfe37d9e7114c4dfb463

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Fri, 20 Dec 2024 15:11:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 132385
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 events Show response
logx.optimizely.com/v1/ 0
386 B 272ms
156ms XHR
text/plain 34.49.241.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.241.49.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: cccff9d1-6e1d-45a5-a747-f8adceccce8e
access-control-expose-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/plain
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict

GET 541e9264-f4c9-4d07-a678-28e9e70d4ab7
https://www.bitsight.com/ Frame 0
0

GET 127f1630-35fd-4255-a481-b8c81949fd7d
https://www.bitsight.com/ Frame 0
0

GET
H2 200 getuidj Show response
ib.adnxs.com/ 29 B
1 KB 62ms
55ms XHR
application/json 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

15a3e200ac064486a287d657a4bccc045f8c7b9d6d6eae6ccc52c81d2d657881

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 82.199.130.42; 82.199.130.42; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
an-x-request-uuid: 047d4ca5-f6ce-419a-9e21-59b712bec920
content-length: 29
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 20 Dec 2024 15:11:30 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 214 B
333 B 177ms
62ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 24726ebee96fa2cf88f2a110a3bd47d703414cc8dd3a9f6038cd1fc6dcbc8796

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json
vary: Origin
server: Permutive

POST
H2 200 identify Show response
api.permutive.com/v2.0/ 50 B
256 B 170ms
62ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: f6cc96e035af58853ade70ee0c8c03d7b0a1f913c1f6efc1ec28e50553bfcf25

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json
vary: Origin
server: Permutive

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
311 B 147ms
147ms XHR
text/plain 35.157.57.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=oeyzgkQ7R8piwGBmS0lgBg&is_js=true&landing_url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&t=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&tip=joZGYtgn8Y8GFh6H0nn0KKd7x-6kpyHYYl7awGoPh_s&host=https%3A%2F%2Fwww.bitsight.com&sa_conv_data_css_value=%270-bf289d59-6944-52e1-460f-b7bd9b1a8f3c%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9bf289d59694452e1460fb7bd9b1a8f3c52c7822a&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIBdgZVAxCG6iuFOG5wQYmS6a66KJHQAs4YiEDyFzjmCtENYBGAQgopKWuwYwAToExbdv9kIEYldWSg.Z3V%252F7itdFR31aF%252BP6niIGlzUxgTk0YEImK%252BQmOZNwvs&sa-user-id-v2=s%253AvyidWWlEUuFGD7e9mxqPPFLHgio.VhTTAvq3DWShqHEwAT1zAKdChib2h6DbZ8kxMfY%252FuU8&sa-user-id=s%253A0-bf289d59-6944-52e1-460f-b7bd9b1a8f3c.hctXG3Y1t3QdG%252Fqq3V2mHdxqLn%252Bov3XDe9ezgWy1Q2U
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-57-152.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://www.bitsight.com
content-length: 116
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: *

POST
H2 200 audiences Show response
api.permutive.com/audience-matching/v1/id/ab31a4d5-7af6-4b46-b768-3ad30d70a71a/ 12 B
66 B 127ms
125ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/audience-matching/v1/id/ab31a4d5-7af6-4b46-b768-3ad30d70a71a/audiences?k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/json

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 156ms
155ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bitsight.com/blog/badbox-botnet-back
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9BF183C907EB42F280BCBBA09057F298 Ref B: FRAEDGE1820 Ref C: 2024-12-20T15:11:30Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYptQ/Gy8QgtugsZ22jlg==
x-li-proto: http/2
access-control-allow-origin: https://www.bitsight.com
x-cache: CONFIG_NOCACHE
date: Fri, 20 Dec 2024 15:11:30 GMT
vary: Origin

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 249ms
159ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3511443875&v=1.1&a=277648&rcu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&pu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&t=BADBOX+Botnet+Is+Back+%7C+Bitsight&cts=1734707490699&vi=b7c1ad9d981f97671c52999531266977&nc=true&u=208292109.b7c1ad9d981f97671c52999531266977.1734707490697.1734707490697.1734707490697.1&b=208292109.1.1734707490697&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-robots-tag: none
x-request-id: 5821a3fa-0672-4fbd-aa75-86fca560b64f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whLBAo5HDg70Cv5Gs7uBh9PUaXkhvzXViwjAxEwBD2dpSmfkgcUbXl%2Bqu6nzCGJpBsQHviHa6qaSmCStTs9%2FOxR08FXC2jgM57oK76l3UIHpJsaBNhbzdJ59Lq%2FNHSo1p%2BtLlpPxMHrijdjRmhod"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Fri, 20 Dec 2024 15:11:30 GMT
x-hubspot-correlation-id: 5821a3fa-0672-4fbd-aa75-86fca560b64f
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-7l5j6
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8f5090b999c993f5-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 aem.js Show response
wsmcdn.audioeye.com/ 1 KB
685 B 168ms
57ms Script
application/javascript 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsmcdn.audioeye.com/aem.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21ce02759d64e769ea019147538ea0e16ed158b5227892e712d0aa170094bdd2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=120
content-encoding: br
cf-cache-status: HIT
etag: W/"09bce93342ee26a0f93a6636adad9b46"
age: 93
cf-ray: 8f5090b9bce0cda2-LHR
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: application/javascript
vary: Accept-Encoding
surrogate-keys
server: cloudflare

GET
H2 200 favicon.ico
www.bitsight.com/sites/default/files/ 4 KB
698 B 57ms
57ms Other
image/vnd.microsoft.icon 2606:4700:10::6816:4bf2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitsight.com/sites/default/files/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4bf2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: v-63bd8a40-500a-11ef-8fe5-4bafd4e77667
content-encoding: br
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 06:59:09 GMT
x-cache: HIT
date: Fri, 20 Dec 2024 15:11:30 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 20 Apr 2023 01:16:14 GMT
x-cache-hits: 20093
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
x-ah-environment: prod
via: varnish
cf-ray: 8f5090b90e61cd3c-LHR
server: cloudflare

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 279ms
180ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=277648&utk=b7c1ad9d981f97671c52999531266977&__hstc=208292109.b7c1ad9d981f97671c52999531266977.1734707490697.1734707490697.1734707490697.1&__hssc=208292109.1.1734707490697&currentUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de52eab8fcfd29143963579dca3feff336d184e5b16ae6bfbc3caadae7f1e52c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 8718f9cc-fe25-443b-bb35-f72e476d4c28
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rLegbQ6jMrVurlLRoutpCi%2BaBoz7vvhfhjPDgKiKi2q8zXqiIaLNr1vh7mtfYQhCm6W1BpkyUFT6jgfHQHkigub6FDVdMQkZJi%2FKYZazkDYfySkCWMjvSvtJvdxBE2hiD%2Fwc54KXcoO4Qxe%2B6LSK"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Fri, 20 Dec 2024 15:11:30 GMT
x-hubspot-correlation-id: 8718f9cc-fe25-443b-bb35-f72e476d4c28
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lnptw
x-envoy-upstream-service-time: 27
access-control-allow-credentials: false
cf-ray: 8f5090b9b8a8650f-LHR
access-control-allow-origin: https://www.bitsight.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 301 KB
60 KB 183ms
63ms Script
application/javascript 2600:9000:27e6:f800:2:7dc7:8f00:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:27e6:f800:2:7dc7:8f00:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

vary: accept-encoding
content-encoding: gzip
etag: "b7e260e47980a9ada3906def2be7dcda"
age: 37383
via: 1.1 44c11b9e7f9c69a8ff1ceeb4b7d9e50c.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 61292
x-amz-cf-id: yhbV1XPYNpx8OE7oOVP-psnxIT1BwJS-moHliQmRlSKLsPi1fvbwOw==
date: Fri, 20 Dec 2024 04:48:32 GMT
content-type: application/javascript
last-modified: Mon, 18 Nov 2024 12:10:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P11
x-amz-server-side-encryption: AES256

GET
H2 204 https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back Show response
tracking.intentsify.io/page-tracking/intentsify-bitsight/ 0
213 B 634ms
206ms Script
text/plain 52.9.213.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.intentsify.io/page-tracking/intentsify-bitsight/https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back
Requested by: Host: www.bitsight.com
URL: https://www.bitsight.com/blog/badbox-botnet-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.9.213.1 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-9-213-1.us-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

expires: -1
cache-control: private, no-cache, no-store, must-revalidate
date: Fri, 20 Dec 2024 15:11:31 GMT
pragma: no-cache
x-powered-by: Express

GET
H2 200 bootstrap.js Show response
wsv3cdn.audioeye.com/ 61 KB
21 KB 150ms
59ms Script
application/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=c86474f97
Requested by: Host: wsmcdn.audioeye.com
URL: https://wsmcdn.audioeye.com/aem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 419c622926913b850c5b2beb1da3df46000160b4440b966e0e67e40117e21014

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=3600, s-maxage=21600
content-encoding: br
cf-cache-status: HIT
etag: W/"a983eaa04f209229dc9415900ec018ef"
age: 19373
cf-ray: 8f5090baad2bbf0d-LHR
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: application/javascript
vary: Accept-Encoding
surrogate-keys: 95c39350d8f4b765016b0e58199c2f8b
server: cloudflare

GET
H2 200 2423 Show response
trackingapi.trendemon.com/api/settings/ 614 B
805 B 401ms
118ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/settings/2423?callback=jsonp721881&vid=

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

5f1f1cd172c3454b28dc1cba188010c947e821a72708d9a9206ec0fb4d43fc56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 614
date: Fri, 20 Dec 2024 15:11:31 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 61ms
61ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4cc1v882142918za200zb76025611&_p=1734707489324&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dNTIxZG&cid=1980680795.1734707491&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1734707490&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&en=Demandbase_Event&_fv=1&_nsi=1&_ss=1&_ee=1&ep.demandbase_company_name=(Non-Company%20Visitor)&ep.demandbase_audience=Wireless&ep.demandbase_audience_segment=Hotspot&ep.demandbase_city=(Non-Company%20Visitor)&ep.demandbase_country_name=(Non-Company%20Visitor)&ep.demandbase_company_id=(Non-Company%20Visitor)&ep.demandbase_employee_range=(Non-Company%20Visitor)&ep.demandbase_industry=(Non-Company%20Visitor)&ep.demandbase_web_site=(Non-Company%20Visitor)&ep.demandbase_revenue_range=(Non-Company%20Visitor)&ep.demandbase_state=(Non-Company%20Visitor)&ep.demandbase_sub_industry=(Non-Company%20Visitor)&tfd=2517
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 loader.js Show response
wsv3cdn.audioeye.com/v2/scripts/ 31 KB
10 KB 150ms
62ms Script
text/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=c86474f97
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=c86474f97
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9cee03d3021dc81654ce21b53bdd550e28c34eca156ed132d5cd7234e2cd320

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
surrogate-key: prod 95c39350d8f4b765016b0e58199c2f8b c86474f97
cf-cache-status: HIT
age: 4109
content-encoding: br
cf-ray: 8f5090bbac75642d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
server: cloudflare
last-modified: Fri, 20 Dec 2024 13:18:24 GMT

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
129 B 155ms
154ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 07d86e7f0256599c5f94bea721373ea86db76d53b8b51de43284612fa817aa49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: application/json
vary: Origin
server: Permutive

GET
H2 200 startup.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 391 KB
118 KB 67ms
67ms Script
text/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=c86474f97
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44339852d3638346c691143ce83c8a920132d365e4965f5cd5406f15aeaf5dc8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"cecae4e0ff2011bea208787f42ad3e09"
age: 27
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bc1e94bf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/javascript
last-modified: Fri, 13 Dec 2024 22:23:21 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 tangoEngine.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 54 KB
20 KB 55ms
55ms Script
text/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5303f73ee46cc9e63f025425eecbf1ef107b63596e1c2fbff43ee6f630915fd4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"77be324ff083a2475d5e9459640d03b9"
age: 4467
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bcdf58bf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/javascript
last-modified: Fri, 13 Dec 2024 22:23:21 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

POST
H2 204 events Show response
logx.optimizely.com/v1/ 0
72 B 157ms
156ms XHR
text/plain 34.49.241.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.241.49.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-request-id: 22bfa502-d2c5-41dc-82e2-9a6b1559202f
access-control-expose-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
via: 1.1 google
access-control-allow-origin: https://www.bitsight.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/plain
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 55ms
55ms Script
application/javascript 2600:9000:27e6:f800:2:7dc7:8f00:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:27e6:f800:2:7dc7:8f00:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

x-amz-cf-pop: FRA60-P11
content-encoding: br
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
age: 47947
via: 1.1 44c11b9e7f9c69a8ff1ceeb4b7d9e50c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: oFiw7Zh_2-l39u7uI728Hd01ynx2Q1ox7HWC3Kljy5J-N93qxFGmtg==
date: Fri, 20 Dec 2024 01:52:25 GMT
content-type: application/javascript
vary: accept-encoding
server: AmazonS3
last-modified: Mon, 18 Nov 2024 12:10:15 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 cookieStorage.html
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ Frame FE3E 0
0 138ms
53ms Document
text/html 2606:4700::6812:1c9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/cookieStorage.html
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.bitsight.com/blog/badbox-botnet-back
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
age: 4472
cf-cache-status: HIT
cf-ray: 8f5090bdebc1ef56-LHR
content-encoding: br
content-type: text/html
date: Fri, 20 Dec 2024 15:11:31 GMT
last-modified: Fri, 13 Dec 2024 22:23:20 GMT
server: cloudflare
vary: Accept-Encoding

POST
H2 200 send
analytics.audioeye.com/air/v0/ 0
61 B 646ms
212ms Ping
text/plain 34.215.81.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.audioeye.com/air/v0/send
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

date: Fri, 20 Dec 2024 15:11:31 GMT
access-control-allow-origin: *
content-length: 0

GET
H2 200 launcher.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 11 KB
4 KB 69ms
69ms Script
text/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/launcher.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ca7b24eed0f4a2b07471901a20b6e8825c6aa4242574a647563a8cdec38b08c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"b51dc529f7b414ac2aa1db366eda0ff2"
age: 4464
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bd5fe5bf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/javascript
last-modified: Fri, 13 Dec 2024 22:23:20 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 compliance.css
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 2 KB
717 B 56ms
55ms Stylesheet
text/css 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/compliance.css
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"21190dc484113930ea0a8022dabce414"
age: 4465
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bd5fe6bf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/css
last-modified: Fri, 13 Dec 2024 22:23:20 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 compliance.bundle.js Show response
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 56 KB
20 KB 57ms
57ms Script
text/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/compliance.bundle.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd58514bd6a84dc726da96beb4e7a87b310bcbfeeb509117b4f3963d78eb4cb2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"9672531013673cbcd35c813ada022f44"
age: 27
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bd5fe7bf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/javascript
last-modified: Fri, 13 Dec 2024 22:23:20 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 95 B
560 B 121ms
120ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/Identity/me?accountId=2423&DomainCookie=17347074913758698&fingerPrint=e8c2eaa4f5ff191d7f0c353a0c69d4c1&callback=jsonp996257&vid=

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

535dde39c78ab84aec2e2cdd5aa02e439ec3cc0fe02fa911bf22343d12cdc683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 95
date: Fri, 20 Dec 2024 15:11:31 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 fullCSS.bundle.css
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 57 KB
12 KB 60ms
60ms Stylesheet
text/css 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/launcher.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c7719e1df0498984ff2c45f950b216687d87747feb8f5496c41e69ad13f0738

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"beb8032c6badf6ae39e2eff29f7872c3"
age: 26
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bde87bbf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/css
last-modified: Fri, 13 Dec 2024 22:23:20 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 audioeye-scanner.js Show response
wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.5/ 335 KB
78 KB 65ms
65ms Script
text/javascript 2606:4700::6812:1d9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.5/audioeye-scanner.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68ff4707a08cd2b00384783f26e3ce2559fc65adc1fa5e0c348484092831709d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

access-control-expose-headers: Content-Length,Content-Range
content-encoding: br
cf-cache-status: HIT
etag: W/"7ca8f1e83694fce29e87363ffdccac01"
age: 585
access-control-allow-methods: GET, POST, OPTIONS
cf-ray: 8f5090bde887bf0d-LHR
access-control-allow-origin: *
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/javascript
last-modified: Thu, 12 Dec 2024 14:54:37 GMT
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
547 B 63ms
63ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap

Requested by

Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 20 Dec 2024 15:11:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 20 Dec 2024 14:53:46 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
34 B 90ms
89ms XHR
text/plain 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=94d55f4b-7357-46e7-b587-ffb343195048
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
date: Fri, 20 Dec 2024 15:11:31 GMT
server: Permutive

GET
H2 200 marketingautomation Show response
trackingapi.trendemon.com/api/ 93 B
282 B 120ms
119ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2423&ClientUrl=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvYmFkYm94LWJvdG5ldC1iYWNr&CookieId=17347074913758698&MaCookie=YjdjMWFkOWQ5ODFmOTc2NzFjNTI5OTk1MzEyNjY5Nzc%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp4558&vid=2423:17347073701906782

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

9dd975d4d8aad3a84121b53038a94221084137fc0c1d0cc03767fd77e66eca3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 93
date: Fri, 20 Dec 2024 15:11:31 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 ace-campaign Show response
trackingapi.trendemon.com/api/experience/ 17 B
168 B 258ms
258ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/ace-campaign?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&Referral=&callback=jsonp871333&vid=2423:17347073701906782

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

82df64b8a769a06c7ee77a7a688d8194f1bdf3859290ff4dfd243d492dca5a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17
date: Fri, 20 Dec 2024 15:11:31 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer

Response headers

Content-Type: font/truetype

GET
H3 200 Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2
fonts.gstatic.com/s/schibstedgrotesk/v3/ 46 KB
46 KB 63ms
62ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.bitsight.com
Referer: https://fonts.googleapis.com/

Response headers

age: 170126
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 18 Dec 2025 15:56:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 18 Dec 2024 15:56:05 GMT
last-modified: Tue, 02 May 2023 14:49:56 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46764
x-xss-protection: 0
server: sffe

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
286 B 425ms
424ms Image
image/gif 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trackingapi.trendemon.com/api/events/pageview?accountId=2423&url=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvYmFkYm94LWJvdG5ldC1iYWNr&cookie=17347074913758698&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2423:17347073701906782&r=1734707491864

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
age: 1691358
expires: Mon, 01 Jan 1990 00:00:00 GMT
content-length: 43
date: Fri, 20 Dec 2024 15:11:32 GMT
content-type: image/gif
server: Kestrel

GET
H2 200 personal-stream Show response
trackingapi.trendemon.com/api/experience/ 17 B
168 B 120ms
120ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/personal-stream?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&MarketingAutomationCookie=b7c1ad9d981f97671c52999531266977&ExcludedStreamsJson=%5B%5D&callback=jsonp679866&vid=2423:17347073701906782

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

585b867a043266cf9c4cfab79a986af3927f0bc247b2ed029e29337f5b5a0993

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17
date: Fri, 20 Dec 2024 15:11:32 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 personal Show response
trackingapi.trendemon.com/api/experience/ 15 B
166 B 125ms
124ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/personal?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&MarketingAutomationCookie=b7c1ad9d981f97671c52999531266977&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp933554&vid=2423:17347073701906782

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

f24a055287708580feb2e60a588b4c7aba3645e64380c6841eedb4c51a4873e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 15
date: Fri, 20 Dec 2024 15:11:32 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 personal-embedded Show response
trackingapi.trendemon.com/api/experience/ 2 KB
3 KB 127ms
126ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&MarketingAutomationCookie=b7c1ad9d981f97671c52999531266977&Ids=%5B%5D&Groups=%5B%5D&StreamId=&callback=jsonp562783&vid=2423:17347073701906782

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

ddeb911015456c544c716dbdbf0f21eabea796df5aa148015c077a5f0f0db1da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2490
date: Fri, 20 Dec 2024 15:11:32 GMT
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H/1.1 200
OK closex.png
pic.trendemon.com/images/ 386 B
848 B 175ms
55ms Image
image/png 65.9.66.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/images/closex.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-31.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

ETag: "7da2ae17c3b671047838f7b78687a56f"
Age: 28163
Connection: keep-alive
Via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 386
X-Amz-Cf-Id: dt3Jk2yPjXR_2a89d5eDdS9-IVMRI_QNg4E8zRukun1sCBFwG_0jkw==
Date: Fri, 20 Dec 2024 07:22:10 GMT
Content-Type: image/png
Last-Modified: Tue, 16 Apr 2019 23:23:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1

OPTIONS
H2 200 report
analytics.audioeye.com/v2/ Frame 0
0 635ms
211ms Preflight 34.215.81.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.audioeye.com/v2/report
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.bitsight.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-origin: *
access-control-max-age: 86400
content-length: 0
date: Fri, 20 Dec 2024 15:11:34 GMT

POST
H2 200 report
analytics.audioeye.com/v2/ 0
0 429ms
425ms Fetch 34.215.81.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.audioeye.com/v2/report
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

date: Fri, 20 Dec 2024 15:11:34 GMT
access-control-allow-origin: *
content-length: 0

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 61ms
60ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4cc1v882142918za200zb76025611&_p=1734707489324&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dNTIxZG&cid=1980680795.1734707491&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=2&sid=1734707490&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&en=Demandbase_Event&_ee=1&ep.1=(Non-Company%20Visitor)&ep.2=(Non-Company%20Visitor)&ep.3=(Non-Company%20Visitor)&ep.4=(Non-Company%20Visitor)&ep.5=(Non-Company%20Visitor)&ep.6=(Non-Company%20Visitor)&ep.7=Wireless&ep.8=Hotspot&ep.9=(Non-Company%20Visitor)&ep.10=London&ep.11=ENG&ep.12=United%20Kingdom&_et=1&tfd=7519
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.bitsight.com/blog/badbox-botnet-back

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitsight.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Dec 2024 15:11:36 GMT
content-type: text/plain
server: Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.bitsight.com
URL: blob:https://www.bitsight.com/541e9264-f4c9-4d07-a678-28e9e70d4ab7

Domain: www.bitsight.com
URL: blob:https://www.bitsight.com/127f1630-35fd-4255-a481-b8c81949fd7d

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

78 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tracking.intentsify.io/page-tracking/intentsify-bitsight	1970-01-21 11:27:47	Name: userId Value: 27c281f6-8c73-41de-8891-a626805a13f0
map.go.affec.tv/map/an	1969-12-31 23:59:59	Name: oo Value: 1
.bitsight.com/	1970-01-21 06:10:59	Name: optimizelyEndUserId Value: oeu1734707489311r0.5697425329269052
.hs-scripts.com/	1970-01-21 01:51:49	Name: __cf_bm Value: iQ0Upob4zUBg13KeMdNwkYxtjWtxIUZYjln6F_oM04M-1734707489-1.0.1.1-Wwd46ZRjZCMNaVXbk6nnWYX7jlqt_lsgkawEDOBkDoRF5Y4g.0QwTmVb_O4HScNonT_3wPjoLabIfioyc2f6Kw
.bitsight.com/	1970-01-21 04:01:23	Name: _gcl_au Value: 1.1.291628280.1734707490
.hs-banner.com/	1970-01-21 01:51:49	Name: __cf_bm Value: Hp1Pr.Z5tvk76GEJAxq362GWiK4ZzbfBm.2PAgVUa0I-1734707489-1.0.1.1-2zcsWhg1RnbNWIBHaX93RQoge_u_bHmdMLC61p2LIu5biiqdSj.2h9HYkaic2U7iJpLvJTC4Rdpr2nsbzFso6g
.bitsight.com/	1970-01-21 01:51:49	Name: TAsessionID Value: f3fd241a-08eb-4960-98a4-8ae454567949\|NEW
.bitsight.com/	1969-12-31 23:59:59	Name: notice_behavior Value: implied,eu
.bitsight.com/	1970-01-21 04:01:23	Name: _rdt_uuid Value: 1734707489896.96c92bba-4f2d-4962-94ed-b3a2b7540fb6
.bitsight.com/	1970-01-21 10:37:23	Name: _biz_uid Value: f80fc3ccced44d98ccb6ddd9c0d9af00
.bitsight.com/	1970-01-21 10:37:23	Name: _biz_nA Value: 1
.bitsight.com/	1970-01-21 11:27:47	Name: _ga Value: GA1.2.374556144.1734707490
.bitsight.com/	1970-01-21 01:53:13	Name: _gid Value: GA1.2.215348226.1734707490
.hs-analytics.net/	1970-01-21 01:51:49	Name: __cf_bm Value: .PBSuaIlkyBi2HQzhm37Ig_r8zMYRDMtCNSZrPbwdp4-1734707489-1.0.1.1-BeJYhYIv3KHA27O8K4cnI5mFa0nEQ.RCYsPzN5JAEEVYjnGS4P4COu9o_vPPKvCSd0WtAOUcXQ2Y5VNdNLI8YQ
.bitsight.com/	1970-01-21 01:51:47	Name: _gat_UA-36272386-4 Value: 1
.bizible.com/	1970-01-21 10:37:23	Name: _BUID Value: f80fc3ccced44d98ccb6ddd9c0d9af00
.bitsight.com/	1970-01-21 10:37:23	Name: _biz_pendingA Value: %5B%5D
.go.affec.tv/	1970-01-21 10:37:23	Name: ck Value: 676589221b903200018997a4
.ws.zoominfo.com/	1970-01-21 10:37:23	Name: visitorId Value: a22c532711ada920e4632f03b18e6a6d59862c1a94a1f65fa518a753f1cfd16d
.zoominfo.com/	1970-01-21 01:51:49	Name: __cf_bm Value: HIshgBHFJlouEPp4AAJpYdMM0tPDPsMyXWFjUpNYKw8-1734707490-1.0.1.1-o8VZIljS_q6ys8J.K19PqVEbpqiqzYDt1SVQCgJqJlSRTC1pwXuiQC1qoFSzCq4pIe.YW.dZTkQ1b.fp80FXOQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 7MtwVD.N7eGaNFAgcA99MZc8fg2vKHT7ubz3RHge9W4-1734707490051-0.0.1.1-604800000
.bitsight.com/	1970-01-21 11:27:47	Name: __utma Value: 15825701.374556144.1734707490.1734707490.1734707490.1
.bitsight.com/	1969-12-31 23:59:59	Name: __utmc Value: 15825701
.bitsight.com/	1970-01-21 06:14:35	Name: __utmz Value: 15825701.1734707490.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.bitsight.com/	1970-01-21 01:51:48	Name: __utmt_sfga Value: 1
.bitsight.com/	1970-01-21 01:51:49	Name: __utmb Value: 15825701.1.10.1734707490
tags.srv.stackadapt.com/	1970-01-21 10:37:23	Name: sa-user-id Value: s%3A0-bf289d59-6944-52e1-460f-b7bd9b1a8f3c.hctXG3Y1t3QdG%2Fqq3V2mHdxqLn%2Bov3XDe9ezgWy1Q2U
.srv.stackadapt.com/	1970-01-21 10:37:23	Name: sa-user-id Value: s%3A0-bf289d59-6944-52e1-460f-b7bd9b1a8f3c.hctXG3Y1t3QdG%2Fqq3V2mHdxqLn%2Bov3XDe9ezgWy1Q2U
tags.srv.stackadapt.com/	1970-01-21 10:37:23	Name: sa-user-id-v2 Value: s%3AvyidWWlEUuFGD7e9mxqPPFLHgio.VhTTAvq3DWShqHEwAT1zAKdChib2h6DbZ8kxMfY%2FuU8
.srv.stackadapt.com/	1970-01-21 10:37:23	Name: sa-user-id-v2 Value: s%3AvyidWWlEUuFGD7e9mxqPPFLHgio.VhTTAvq3DWShqHEwAT1zAKdChib2h6DbZ8kxMfY%2FuU8
tags.srv.stackadapt.com/	1970-01-21 10:37:23	Name: sa-user-id-v3 Value: s%3AAQAKIBdgZVAxCG6iuFOG5wQYmS6a66KJHQAs4YiEDyFzjmCtENYBGAQgopKWuwYwAToExbdv9kIEYldWSg.Z3V%2F7itdFR31aF%2BP6niIGlzUxgTk0YEImK%2BQmOZNwvs
.srv.stackadapt.com/	1970-01-21 10:37:23	Name: sa-user-id-v3 Value: s%3AAQAKIBdgZVAxCG6iuFOG5wQYmS6a66KJHQAs4YiEDyFzjmCtENYBGAQgopKWuwYwAToExbdv9kIEYldWSg.Z3V%2F7itdFR31aF%2BP6niIGlzUxgTk0YEImK%2BQmOZNwvs
www.bitsight.com/	1970-01-21 10:37:23	Name: sa-user-id Value: s%253A0-bf289d59-6944-52e1-460f-b7bd9b1a8f3c.hctXG3Y1t3QdG%252Fqq3V2mHdxqLn%252Bov3XDe9ezgWy1Q2U
www.bitsight.com/	1970-01-21 10:37:23	Name: sa-user-id-v2 Value: s%253AvyidWWlEUuFGD7e9mxqPPFLHgio.VhTTAvq3DWShqHEwAT1zAKdChib2h6DbZ8kxMfY%252FuU8
www.bitsight.com/	1970-01-21 10:37:23	Name: sa-user-id-v3 Value: s%253AAQAKIBdgZVAxCG6iuFOG5wQYmS6a66KJHQAs4YiEDyFzjmCtENYBGAQgopKWuwYwAToExbdv9kIEYldWSg.Z3V%252F7itdFR31aF%252BP6niIGlzUxgTk0YEImK%252BQmOZNwvs
.company-target.com/	1970-01-21 11:27:47	Name: tuuid Value: 6b338d02-7b7f-49a9-b760-5b2f8ddee4e2
.company-target.com/	1970-01-21 11:27:47	Name: tuuid_lu Value: 1734707490\|ix:0\|mctv:0\|rp:0
.bitsight.com/	1970-01-21 10:37:23	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.go.affec.tv/	1970-01-21 10:37:23	Name: oo Value: 1
.adnxs.com/	1970-01-21 11:27:47	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 04:01:23	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>4fiV04!]tbP6j2F-XstGt!@DbH$n$G`
.bitsight.com/	1970-01-21 06:10:59	Name: optimizelySession Value: 1734707490322
.bitsight.com/	1970-01-21 06:13:48	Name: permutive-id Value: ab31a4d5-7af6-4b46-b768-3ad30d70a71a
.linkedin.com/	1970-01-21 10:37:23	Name: bcookie Value: "v=2&94e31855-078a-4f2a-8c4f-099a82cddc03"
.linkedin.com/	1970-01-21 06:10:59	Name: li_gc Value: MTswOzE3MzQ3MDc0OTA7MjswMjEtTtVruCKZ68sSu45EGDY4S0IYIUORqHIA5T/n3cMBHQ==
.linkedin.com/	1970-01-21 01:53:13	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=3072:u=1:x=1:i=1734707490:t=1734793890:v=2:sig=AQHRZzokAt9k-T1DzIlQxpzsUYxSP3m_"
.casalemedia.com/	1970-01-21 10:37:23	Name: CMID Value: Z2WJIrmqPGcAAF6kCGoWWwAA
.casalemedia.com/	1970-01-21 04:01:23	Name: CMPS Value: 1172
.casalemedia.com/	1970-01-21 04:01:23	Name: CMPRO Value: 1172
.adnxs.com/	1970-01-21 04:01:23	Name: XANDR_PANID Value: aO1Tju9iiKM-IbP8u2yKueoTsh3591cxfcbU5CH-6eGTlOBcqsDBUkqDuyJS-J9lsuVrEqr8BJOTha62CRbvGtXKl1lnnWSivnd-hD7nR5g.
.adnxs.com/	1970-01-21 04:01:23	Name: uuid2 Value: 8380875078140940551
.go.affec.tv/	1970-01-21 10:37:23	Name: pt Value: eyJhbiI6eyJkdCI6MTczNDcwNzQ5MCwiaWQiOiI3NTg3NDYyMzkyNDY4NjY1MjU1IiwibHMiOjE3MzQ3MDc0OTB9LCJ2IjowfQ==\|1734707490\|039c02d5a354ce4acb2575e26a8e7c3e9e230b50
.tremorhub.com/	1970-01-21 10:37:44	Name: tvid Value: 7d31208b42014a1bb08a475c0c51bffb
.tremorhub.com/	1970-01-21 11:27:47	Name: tv_UIDM Value: 6b338d02-7b7f-49a9-b760-5b2f8ddee4e2
.bitsight.com/	1970-01-21 06:10:59	Name: __hstc Value: 208292109.b7c1ad9d981f97671c52999531266977.1734707490697.1734707490697.1734707490697.1
.bitsight.com/	1970-01-21 06:10:59	Name: hubspotutk Value: b7c1ad9d981f97671c52999531266977
.bitsight.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.bitsight.com/	1970-01-21 01:51:49	Name: __hssc Value: 208292109.1.1734707490697
.hubspot.com/	1970-01-21 01:51:49	Name: __cf_bm Value: TI2KFsxdE7aZF3b5spz.n3xCAJNhFcKNLM8m8iFCRB0-1734707490-1.0.1.1-eQOVBThM5BiXBtAJbYGKA4UZm6bMbyElYYKDLQR01YiECSE8ua53WcfYiFjea.re9rfQuEts7Q6rv.YaIorZ2g
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 5oCaGdkCfEs2FlYGELlgGrhegqGbrshWNeNN7MKGfS8-1734707490929-0.0.1.1-604800000
.bitsight.com/	1970-01-21 10:37:23	Name: trd_cid Value: 17347074913758698
www.bitsight.com/	1970-01-21 10:37:23	Name: _aeaid Value: 304c4ed2-a8a7-4114-8106-0b2759d3feea
www.bitsight.com/	1970-01-21 11:27:47	Name: aelastsite Value: TtjLDjDwfaF1TTjoIhP9A0VMHHviwGrxnfPhNkhmzFrJiiv3l6ZPAzyzm6X3TIin
www.bitsight.com/	1970-01-21 11:27:47	Name: aelreadersettings Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
www.bitsight.com/	1969-12-31 23:59:59	Name: aeatstartmessage Value: true
trackingapi.trendemon.com/	1970-01-21 11:27:47	Name: trd_gavid_2423 Value: 17347073701906782
trackingapi.trendemon.com/	1970-01-21 11:27:47	Name: trd_gvid Value: 17347073701906782
trackingapi.trendemon.com/	1970-01-21 11:27:47	Name: trd_vid_2423 Value: 2423%3A17347073701906782
.bitsight.com/	1970-01-21 10:37:23	Name: trd_vid_l Value: 2423%3A17347073701906782
.bitsight.com/	1970-01-21 10:37:23	Name: trd_vuid_l Value: -6826427292236831191
.bitsight.com/	1970-01-21 01:53:13	Name: source Value: (direct)
.bitsight.com/	1970-01-21 01:53:13	Name: medium Value: (none)
.bitsight.com/	1970-01-21 01:53:13	Name: content Value: undefined
.bitsight.com/	1970-01-21 01:53:13	Name: keyword Value: undefined
.bitsight.com/	1970-01-21 01:53:13	Name: campaign Value:
.bitsight.com/	1970-01-21 01:53:13	Name: landing_page Value: /blog/badbox-botnet-back
.bitsight.com/	1970-01-21 01:53:13	Name: conversion_page Value: /blog/badbox-botnet-back
.bitsight.com/	1970-01-21 01:52:30	Name: trd_ma_cookie Value: YjdjMWFkOWQ5ODFmOTc2NzFjNTI5OTk1MzEyNjY5Nzc%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a26349430206.cdn.optimizely.com
alb.reddit.com
analytics.audioeye.com
api.company-target.com
api.permutive.com
assets.trendemon.com
cdn.bizible.com
cdn.bizibly.com
cdn.optimizely.com
cdn.permutive.com
cdn3.optimizely.com
consent.trustarc.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
go.affec.tv
ib.adnxs.com
id.rlcdn.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
ka-p.fontawesome.com
logx.optimizely.com
map.go.affec.tv
match.adsrvr.org
p.typekit.net
pic.trendemon.com
pixel-config.reddit.com
pixel.mathtag.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.company-target.com
secure.adnxs.com
snap.licdn.com
ssl.google-analytics.com
tag-logger.demandbase.com
tag.demandbase.com
tags.srv.stackadapt.com
track.hubspot.com
tracking.intentsify.io
trackingapi.trendemon.com
use.typekit.net
ws.zoominfo.com
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
www.bitsight.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.redditstatic.com
www.bitsight.com
104.16.117.43
104.18.35.242
13.107.42.14
142.250.184.195
142.250.184.238
142.250.186.132
15.197.193.217
151.101.1.140
172.217.16.200
18.245.46.44
18.66.102.85
18.66.122.97
2.16.168.121
2600:9000:2724:3e00:1d:8d6d:3b40:93a1
2600:9000:27e6:f800:2:7dc7:8f00:93a1
2606:4700:10::6816:4bf2
2606:4700:4400::6812:2844
2606:4700:4400::ac40:9310
2606:4700::6810:7574
2606:4700::6810:8bd1
2606:4700::6811:6d13
2606:4700::6811:afc9
2606:4700::6812:1c9b
2606:4700::6812:1d9b
2606:4700::6812:4139
2606:4700::6812:8b11
2620:1ec:21::14
2a00:1450:4001:800::200e
2a00:1450:4001:803::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2008
2a02:26f0:3100::1735:284b
2a02:26f0:3500:3::b818:4d39
2a02:26f0:3500:8::c16c:9904
2a02:26f0:3500:8::c16c:9908
2a04:4e42:600::396
34.107.254.252
34.215.81.112
34.224.19.201
34.248.79.160
34.49.241.189
34.96.71.22
35.157.57.152
35.244.174.68
37.252.171.149
52.211.65.65
52.9.213.1
65.9.66.31
74.121.140.211
0148ec890f865cbbc3dfa7417882b7a150260015e945831a1c061c4e59117fcf
05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568
07d86e7f0256599c5f94bea721373ea86db76d53b8b51de43284612fa817aa49
0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3
0ca2e3d3d1356c956593abe44a9bf7c7276f375969f2999494091167cd286c86
0ca7b24eed0f4a2b07471901a20b6e8825c6aa4242574a647563a8cdec38b08c
0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15a3e200ac064486a287d657a4bccc045f8c7b9d6d6eae6ccc52c81d2d657881
177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970
17f7f27a16648f6bb13af45474de061c07214d641737d118c409bcb2960d958c
1996841505e5dfa4304f1bf05ccd0d49b242f497cee2635c0712bc77bb274ba2
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d83fa05e618703093a2fc5087dccd7ed2976adb4ef2dfe37d9e7114c4dfb463
21ce02759d64e769ea019147538ea0e16ed158b5227892e712d0aa170094bdd2
24726ebee96fa2cf88f2a110a3bd47d703414cc8dd3a9f6038cd1fc6dcbc8796
2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78
2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822
2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc
2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494
357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8
36f3c49a61a7ad65e1bc675794b5fb793eedbc952f63b454c1f9e10284be1322
39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c
3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8
3c7719e1df0498984ff2c45f950b216687d87747feb8f5496c41e69ad13f0738
401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c
419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474
419c622926913b850c5b2beb1da3df46000160b4440b966e0e67e40117e21014
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44339852d3638346c691143ce83c8a920132d365e4965f5cd5406f15aeaf5dc8
47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820
48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4
4e62a999b83dc784cb25311bcddac205db447962e4489be827f4377b6cb346c2
5303f73ee46cc9e63f025425eecbf1ef107b63596e1c2fbff43ee6f630915fd4
535dde39c78ab84aec2e2cdd5aa02e439ec3cc0fe02fa911bf22343d12cdc683
53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017
5612f523e2cf8e17f579455c648045ba299c99abc1576c27810dc049453c9546
585b867a043266cf9c4cfab79a986af3927f0bc247b2ed029e29337f5b5a0993
597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259
5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee
5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7
5f1f1cd172c3454b28dc1cba188010c947e821a72708d9a9206ec0fb4d43fc56
62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8
64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1
68ff4707a08cd2b00384783f26e3ce2559fc65adc1fa5e0c348484092831709d
6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0
6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593
6f9720e4bbdcbcd9880feecb2ce1903924d4f48e42135b1698f2fb076b02bf41
77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336
788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70
78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47
7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851
7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2
7e5733dbd73c891414dad830492c2d29b37428d3e634a91fd055230083eea72c
81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0
82df64b8a769a06c7ee77a7a688d8194f1bdf3859290ff4dfd243d492dca5a37
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
884d759a45e7419a537a688964366d561f9831aaa6a4e2bb56bfdc46471449e3
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a
94bbfd0ebc9f59e045b2c921dfc66709429efb1dba5901a7cc7abf113bd3ee4a
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5
9dd975d4d8aad3a84121b53038a94221084137fc0c1d0cc03767fd77e66eca3f
a1847853aca5a9214e135721b88e1a5aabab5214ab304ff92907dd2c873bec06
a9cee03d3021dc81654ce21b53bdd550e28c34eca156ed132d5cd7234e2cd320
af7b4fdf7f3f4d00e82d0152dffa86dee48bdf67414adbb0ce680e17980a33d5
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a
bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04
bd58514bd6a84dc726da96beb4e7a87b310bcbfeeb509117b4f3963d78eb4cb2
be0b33b43c261e1e448c13164e77f21da55e5196fa684bca9eeca7d97b006960
c1e3494ff517f09d546f2058147b83fbf0afd3b394b3f2597c2be7498609b40c
c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5
c66e7e2c79276222906940f05326720f5c1e6b9b533726a7ee1b4de91c2a0cdb
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35
d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c
d41c98a3855d028ba42a00b96d3f2069d4735676de31e5f7186cdf84df71431c
d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3
dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ddeb911015456c544c716dbdbf0f21eabea796df5aa148015c077a5f0f0db1da
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de52eab8fcfd29143963579dca3feff336d184e5b16ae6bfbc3caadae7f1e52c
e085cbdf15eb91cd92f94db43f2c9b2f0ea945936450b153c82e9526baa806ae
e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b627b2aa5520423d9eef65612847ff0316ea78285f6ca54c461cabf4077f91
ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24a055287708580feb2e60a588b4c7aba3645e64380c6841eedb4c51a4873e8
f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42
f69cda363fec0733f83bfc806e58d0b7114981868951f1cbfc3714ea43b202bb
f6cc96e035af58853ade70ee0c8c03d7b0a1f913c1f6efc1ec28e50553bfcf25
f777cbc2d4707de5e23148494a2ada5b7ec14feab3dd9105fb0c6d247275a107
f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182
faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c
fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc
fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a

www.bitsight.com Open in urlscan Pro 2606:4700:10::6816:4bf2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

134 Requests

96 %HTTPS

47 %IPv6

34 Domains

51 Subdomains

49 IPs

5 Countries

1975 kBTransfer

5377 kBSize

78 Cookies

24 Outgoing links

Redirected requests

134 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bitsight.com Open in urlscan Pro
2606:4700:10::6816:4bf2 Public Scan

Screenshot
Live screenshot

Full Image

134
Requests

96 %
HTTPS

47 %
IPv6

34
Domains

51
Subdomains

49
IPs

5
Countries

1975 kB
Transfer

5377 kB
Size

78
Cookies

134 HTTP transactions
1 data transactions