securityaffairs.com Open in urlscan Pro
2606:4700:3031::6815:90b Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Submission: On November 29 via api (November 29th 2024, 9:36:40 am UTC) from IN — Scanned from GB

Summary HTTP 81 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 12 domains to perform 81 HTTP transactions. The main IP is 2606:4700:3031::6815:90b, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.com. The Cisco Umbrella rank of the primary domain is 571427.
TLS certificate: Issued by WE1 on October 7th 2024. Valid for: 3 months.

This is the only time securityaffairs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
47	2606:4700:303... 2606:4700:3031::6815:90b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
2	18.173.205.53 18.173.205.53	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:205... 2600:9000:2057:ee00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.59.126.205 52.59.126.205	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0b::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
81	18

47 2606:4700:3031::6815:90b (United States)

ASN13335 (CLOUDFLARENET, US)

securityaffairs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.205.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-53.fra56.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ee00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.126.205 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-126-205.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	securityaffairs.com securityaffairs.com — Cisco Umbrella Rank: 571427	2 MB
11	wp.com c0.wp.com — Cisco Umbrella Rank: 10660 i0.wp.com — Cisco Umbrella Rank: 4317 stats.wp.com — Cisco Umbrella Rank: 3804 pixel.wp.com — Cisco Umbrella Rank: 3757	262 KB
5	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	196 KB
4	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 5010 buttons-config.sharethis.com — Cisco Umbrella Rank: 5845 l.sharethis.com — Cisco Umbrella Rank: 5470	94 KB
3	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 389 ep2.adtrafficquality.google — Cisco Umbrella Rank: 403	20 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net — Cisco Umbrella Rank: 182	548 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	199 KB
1	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 4906	63 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3353
1	gstatic.com fonts.gstatic.com	47 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
0	google.com Failed region1.analytics.google.com Failed
81	12

	Domain	Requested by
47	securityaffairs.com	securityaffairs.com
7	c0.wp.com	securityaffairs.com
5	pagead2.googlesyndication.com	securityaffairs.com pagead2.googlesyndication.com
2	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google
2	i0.wp.com	securityaffairs.com
2	www.googletagmanager.com	securityaffairs.com
2	platform-api.sharethis.com	securityaffairs.com
1	ep1.adtrafficquality.google	pagead2.googlesyndication.com
1	www.google.co.uk	securityaffairs.com
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	pixel.wp.com	securityaffairs.com
1	fonts.gstatic.com	fonts.googleapis.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.com
1	fonts.googleapis.com	securityaffairs.com
0	region1.analytics.google.com Failed	www.googletagmanager.com
81	19

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
resecurity.com
www.virustotal.com
www.welivesecurity.com
i0.wp.com
infosec.exchange
www.linkedin.com
securityaffairs.co

Subject Issuer	Validity	Valid
securityaffairs.com WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
sharethis.com Amazon RSA 2048 M03	`2024-04-19` - `2025-05-17`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.co.uk WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
adtrafficquality.google WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Frame ID: 261863162DF1D5C5AB502FE230D4CC1C
Requests: 76 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-NPN4VEKBTY&gacid=149172716.1732872995&gtm=45je4bk0v9100359598za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=932811990
Frame ID: 78005715E14A0A6B6516029DD2545805
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20241120/r20190131/zrt_lookup_fy2021.html
Frame ID: 7DF7D5650D0222598D18519E6E1653A9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1732872995&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&pra=5&wgl=1&aihb=0&aiof=4&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aifgd=1&aipaq=1&itsi=-1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1732872995140&bpp=17&bdt=832&idt=531&shv=r20241120&mjsv=m202411140101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=4244327439416&frm=20&pv=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088670%2C31088729%2C95331832%2C95332925%2C95348326%2C95345966%2C95347755&oid=2&pvsid=1160417451747036&tmod=1635152326&uas=0&nvt=1&fsapi=1&fc=1920&brdim=450%2C450%2C450%2C450%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=588
Frame ID: D547CE7814A65832690426C824746E8C
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: EEF165ABA3C5CA739D57439DE055A3CE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bootkitty is the first UEFI Bootkit designed for Linux systems

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

twemoji(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

81
Requests

96 %
HTTPS

71 %
IPv6

12
Domains

19
Subdomains

18
IPs

3
Countries

2516 kB
Transfer

5570 kB
Size

6
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sec.affairs/

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs

Search URL Search Domain Scan URL

URL: https://resecurity.com/

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/f1f84819bdf395d42c36adb36ded0e7de338e2036e174716b5de71abc56f5d40
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
Title: advisory

Search URL Search Domain Scan URL

URL: https://i0.wp.com/securityaffairs.com/wp-content/uploads/2024/11/image-36.png?ssl=1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@securityaffairs
Title: Mastodon

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/
Title: SecurityAffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html
Title: linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Bootkitty+is+the+first+UEFI+Bootkit+designed+for+Linux+systems+-&url=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&counturl=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html
Title: twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

81 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request bootkitty-uefi-bootkit-linux.html Show response
securityaffairs.com/171479/malware/ 592 KB
95 KB 358ms
238ms Document
text/html 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3fba86b8d1c97a65dcb519aa2c0ec3c2312f6b27e85aeb8b8ae55ff9307f7a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 8ea19d34faa29e75-CDG
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Fri, 29 Nov 2024 09:36:34 GMT
link: <https://securityaffairs.com/wp-json/>; rel="https://api.w.org/" <https://securityaffairs.com/wp-json/wp/v2/posts/171479>; rel="alternate"; title="JSON"; type="application/json" <https://securityaffairs.com/?p=171479>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVt53%2B0f%2Fq8Su3acSICtfx5Za0erkRDTtmur1PHmYOsrhKXEBSLas0eOoEj5Z87Rahmjii87Ng90fUsoMlFeqn1oPSztKpkSprJdMXn45kg323j9jEFaUPsJ9mbdVBx2bX13E8YWMQuea%2B5Iw5sTL8GE"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=36277&min_rtt=32892&rtt_var=11490&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4178&recv_bytes=4463&delivery_rate=486&cwnd=12000&unsent_bytes=0&cid=0a2fa1e521860261&ts=246&x=1" cfExtPri cfHdrFlush;dur=0
x-pingback: https://securityaffairs.com/xmlrpc.php

GET
H2 200 style.css
c0.wp.com/c/6.7.1/wp-includes/css/dist/block-library/ 120 KB
16 KB 157ms
26ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/css/dist/block-library/style.css

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a58001d08829546d85c9429abc2fde58f32237d29be75d8671b8eee2b0395374

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Thu, 07 Nov 2024 16:05:23 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/ 11 KB
3 KB 157ms
26ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Tue, 29 Sep 2020 15:53:06 GMT

GET
H2 200 wp-mediaelement.css
c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/ 5 KB
2 KB 156ms
27ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/wp-mediaelement.css

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Fri, 07 Jun 2019 20:45:02 GMT

GET
H3 200 styles.css
securityaffairs.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
2 KB 64ms
59ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=6.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"672fe908-b4e"
age: 278963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6MKnNez2cdNf%2FTi0bp8uZa7%2BK4hi3bB8d7bmuqQBJfWqxQU12qhwQg0IvSRnwz9fdbMTEq2ujYq32AMwFTWpXPXGWIkjjy0qvxiGJ7rBSKf7FbEmGOBQyAXMs3AEcsdCgMopYKxEknr63QY18cV0%2FHY"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 04:07:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=338&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Sat, 09 Nov 2024 22:58:16 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc859e75-CDG
server: cloudflare

GET
H3 200 cookie-law-info-public.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 3 KB
2 KB 64ms
59ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.2.7
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"671956d2-c22"
age: 125729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOVAFMvuIOVQ9KxbfI64S3L2I8qNKqUO5IsHXVKOEFzJG4Mr6uIpZOGN6FZeBuKmfogg7BPozO2UZ0OqXdpWInBT0dAlzsG3g9EoqD6oOTo8GqaRaBlHLTxY8h0bYfIcdu1TMN%2BoMbIgNCRPNbMZcwt1"}],"group":"cf-nel","max_age":604800}
expires: Wed, 04 Dec 2024 22:41:05 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=339&x=1", cfExtPri, cfHdrFlush;dur=9
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 23 Oct 2024 20:04:34 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc869e75-CDG
server: cloudflare

GET
H3 200 cookie-law-info-gdpr.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 22 KB
5 KB 65ms
60ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.2.7
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-bgj: minify
etag: W/"671956d2-6a71"
age: 134385
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8JJDOrCS3yjqpwy0OFRqG19PH03%2Bl1QI6f2MzrVCuPf3jj3L3j0TQb16cPZ31BTXReUSga1Q8EHC2lv%2FnA6AT0dKgrSSY57XcE%2B7SeVDw0EjVWKO3yMvpIK7yXgbvJ8%2BI91o1LN2Bfl%2B%2F8B4ei4HwDAf"}],"group":"cf-nel","max_age":604800}
expires: Wed, 04 Dec 2024 20:16:49 GMT
cf-polished: origSize=27249
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=339&x=1", cfExtPri, cfHdrFlush;dur=9
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 23 Oct 2024 20:04:34 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc879e75-CDG
server: cloudflare

GET
H3 200 mu-style.css
securityaffairs.com/wp-content/plugins/sharethis-share-buttons/css/ 26 B
754 B 69ms
64ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=1723412290
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f85e538e44687fc0feaa2f66a67831ec9f9b03446f115dec74b996da4a0a4a52

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "66b92f42-1a"
age: 192599
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5eZXjoJQCWu3rAXrJkfGUIxB96C71sq4eyGaCeJpToFBB8V%2BFxg0wHLKuTxUNtxlV3hdex%2FndB6WDwiEWUfp93yWbyaQfCTJQ%2BZIOlfIeBWUfow6mI%2BtHvgmzD3qseo4W3hHQogk7esry4h1g777TCeI"}],"group":"cf-nel","max_age":604800}
expires: Wed, 04 Dec 2024 04:06:35 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=339&x=1", cfExtPri, cfHdrFlush;dur=9
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Sun, 11 Aug 2024 21:38:10 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc899e75-CDG
accept-ranges: bytes
content-length: 26
server: cloudflare

GET
H3 200 form-basic.css
securityaffairs.com/wp-content/plugins/mailchimp-for-wp/assets/css/ 2 KB
1 KB 70ms
65ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.9.19
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90bed464813fbd721e4991e83fe323e763f91294f98018462c2698d16e60ae5f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"6733afcb-654"
age: 222342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rG%2B19bcB6xBab%2BG77YuhaKUnkIx5GE51nRDODTmVeP%2B788IcfcuXCurr6uhQUDEgqJqWEihQaMF67oflmLouIqRw5DkDqV2TkG0Msj%2BMDqYP5uHa1ldqvsBpzZjx3JPfqaGoWBosGqfXHTRLwhj%2Bm80R"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 19:50:52 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=344&x=1", cfExtPri, cfHdrFlush;dur=4
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Tue, 12 Nov 2024 19:43:07 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc8c9e75-CDG
server: cloudflare

GET
H3 200 bootstrap.min.css
securityaffairs.com/wp-content/themes/security_affairs/css/ 152 KB
27 KB 72ms
66ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/bootstrap.min.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8df4-260c5"
age: 265880
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0voOZbQIgoEgYLlBeK0RuSFOc%2B70%2F%2BUUeSvYu%2B0pfvMFM2uGfOGnROrvlAN8Il7Vuji6yiJDnE7ZW%2ByAUF8TJd49qhGb%2BpgXimi8foYO%2BCGS%2Baa%2FjS7kFAmZyHfdbPpaqB37nhNq6Rm53Wfsyc93IQm5"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 07:45:14 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=339&x=1", cfExtPri, cfHdrFlush;dur=9
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 15 Feb 2023 07:47:00 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc8d9e75-CDG
server: cloudflare

GET
H3 200 plugins.css
securityaffairs.com/wp-content/themes/security_affairs/css/ 30 KB
8 KB 82ms
76ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/plugins.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8df5-7918"
age: 270376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZYLG3i%2BcfIjLVuDTv5FvwMLH8BSHqf%2BEeQKJqye%2FE%2BbUDJYsDyNAys023ue6%2FkFF%2BCy3huNf28RWUfEhqeBcEgLgyPlj%2Fg4UUSmo56xi8FOG9sMMQcJJI7huWe6sU80%2B7z9qWzFZHUPYje%2F7fAD519%2B"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 06:30:18 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=339&x=1", cfExtPri, cfHdrFlush;dur=9
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 15 Feb 2023 07:47:01 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc8e9e75-CDG
server: cloudflare

GET
H3 200 animation.css
securityaffairs.com/wp-content/themes/security_affairs/css/ 44 KB
5 KB 83ms
78ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/animation.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eaade0e5f063f06ba9ec0303b6e2cf134e7e7ddedce6b51813880fe52bbb5de2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-bgj: minify
etag: W/"63ec8df4-b1cc"
age: 269680
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9Q1uGp5y1gF%2BkajCcNHJhAYmb%2BM5LOOt2dG6XHPeRikVBhmKiu0o5S8BkVbGKkcXq0IOwfxcGfZ3ld%2B%2B%2B0kWiNR1DiAWrJzqKRpxYyOZbFqghIS21ZX9OdYScgWeS9o%2F7tEmF2wpA68dyQuwyAn6nRx"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 06:41:54 GMT
cf-polished: origSize=45516
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=340&x=1", cfExtPri, cfHdrFlush;dur=8
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 15 Feb 2023 07:47:00 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc8f9e75-CDG
server: cloudflare

GET
H3 200 select2.min.css
securityaffairs.com/wp-content/themes/security_affairs/css/ 16 KB
3 KB 81ms
78ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/select2.min.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8df5-3f88"
age: 194906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fthR5fWKlh35j0%2BDtnkd6DokiHnhatqYATB8l1P56%2FcbZQ8aZZYtFQ05Ndt%2Bgfk1azKRtiLbiaXbWSr5BTmSYO173hxLEL%2FKw%2BiwvZoZGqLQ%2FjdjCoePDMzdajb6DsmZpDdfEP3h0fwQMcdJNCMxpWoK"}],"group":"cf-nel","max_age":604800}
expires: Wed, 04 Dec 2024 03:28:08 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=42397&min_rtt=32892&rtt_var=2727&sent=101&recv=47&lost=0&retrans=0&sent_bytes=100478&recv_bytes=11221&delivery_rate=679212&cwnd=50400&unsent_bytes=0&cid=0a2fa1e521860261&ts=363&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 15 Feb 2023 07:47:01 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc909e75-CDG
server: cloudflare

GET
H3 200 bootstrap-datetimepicker.min.css
securityaffairs.com/wp-content/themes/security_affairs/css/ 5 KB
2 KB 82ms
78ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/bootstrap-datetimepicker.min.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 165d6cf0440273d98a7ff9e3a3c996af430f251f139ce41bd21d2b995291a0ff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8df5-13c2"
age: 544615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QND82ESL%2Bkq52NDidYFSSVebtaSlPsGU28kgUZJxM%2B47K35FUaUvdqcOZK%2BPo5dtHPp%2BaRZRAvuI4Z5NH5NziN287DhXsGcp8bZvtY4Tl8CVbhq%2FFrMkJcCjo5ODox9WMAoiAaWHtYA7kWs0u0ZTlHj"}],"group":"cf-nel","max_age":604800}
expires: Sat, 30 Nov 2024 02:19:39 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=341&x=1", cfExtPri, cfHdrFlush;dur=7
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 15 Feb 2023 07:47:01 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc929e75-CDG
server: cloudflare

GET
H3 200 style.css
securityaffairs.com/wp-content/themes/security_affairs/css/ 62 KB
12 KB 82ms
78ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac4e3a420e262172c5caf62f5cac1fcbe508825666766a7b7f310355c2174379

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"64dd2a7c-f8c7"
age: 267403
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdJ38BvBiSK1qCirL5%2FXBVl4o0R2ASFwxS%2BeJlxur2m%2FbXUEb4WkS0yfk1%2Bm012dyrbUSMOnYCerrKYUSFD9XHKBSV3VYIbWVTQZJs6cgSZ47993fH1t%2FHOFHVNFgXeqwhDWTapfVOdpMDiTiYGhsQXl"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 07:19:51 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=342&x=1", cfExtPri, cfHdrFlush;dur=6
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 16 Aug 2023 19:58:52 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc959e75-CDG
server: cloudflare

GET
H3 200 slick.css
securityaffairs.com/wp-content/themes/security_affairs/slick/ 5 KB
2 KB 94ms
91ms Stylesheet
text/css 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/slick/slick.css?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16920fa8e266e8b1f52753ac51a13b430a1fd1d814ad7a0ba8d7102752d7a59d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8db3-133a"
age: 106914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8YNH2xyavUAG65vFnfNh%2F%2FcWDJilNnfRJOPE%2B7rkD6o50VpgwC%2BwgiTKe2UMd%2Fj27TshfIlKnwa7bK15Fyo1oXKNDSTYCRfDGCOtrq5dpqYP1H21V%2FQg4xYswTJdaoAinFyM64FcjyYHsNoVOctguFkj"}],"group":"cf-nel","max_age":604800}
expires: Thu, 05 Dec 2024 03:54:40 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=42397&min_rtt=32892&rtt_var=2727&sent=101&recv=47&lost=0&retrans=0&sent_bytes=100478&recv_bytes=11221&delivery_rate=679212&cwnd=50400&unsent_bytes=0&cid=0a2fa1e521860261&ts=353&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css
last-modified: Wed, 15 Feb 2023 07:45:55 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc969e75-CDG
server: cloudflare

GET
H2 200 jquery.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ 279 KB
84 KB 153ms
27ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/jquery.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1e7f83052e1e3442c4397ced9555033cd1d3f08444d85960683bcf91c8433cdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Mon, 28 Aug 2023 17:14:23 GMT

GET
H2 200 jquery-migrate.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ 31 KB
11 KB 153ms
27ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/jquery-migrate.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

09f417c2e643b736c19e96b99e166681af1002e9b192b84e4e85b0794e764f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 09 Jun 2023 05:49:24 GMT

GET
H3 200 cookie-law-info-public.js Show response
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/ 33 KB
9 KB 99ms
96ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.2.7
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6d0d78d73c8618c4c22287fb022469bfc689b5eb6f58523b49c0ecf4c306e2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"671956d2-8589"
age: 14490
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPCk9N9BTMN%2F2N2UzgRDeq1QkTNGVzwrRF%2FZKupMOzSItSvTM%2Feh8fivAEqFlyMjeUKtc%2BKLn40rDj6SufgxssvkNtpVsqnP5z9UwqGHNZwDZIDnnhEmqTBXuP%2BXCd%2B0z8reWpVF6toWycJGV5YbdoSr"}],"group":"cf-nel","max_age":604800}
expires: Fri, 06 Dec 2024 05:35:04 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=344&x=1", cfExtPri, cfHdrFlush;dur=4
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 23 Oct 2024 20:04:34 GMT
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc979e75-CDG
server: cloudflare

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 206 KB
46 KB 223ms
58ms Script
text/javascript 18.173.205.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js?ver=2.3.2

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.205.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-205-53.fra56.r.cloudfront.net

Software

Resource Hash

98d32b00fca86fc6994df33302e051a6ad03461a43ff5797d5b10ace4cf4772f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=600, public
content-encoding: gzip
etag: W/"336d0-g/6wprihOkYe7HpMswOVDodT6lU"
age: 370
via: 1.1 e23d0cd26e88be416569e15d7299b25c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: mtoUKR-1naTcAi_d8HaSpnxTyD-6nwfsRwhc1mHy-oDS19UequwaeA==
edge-control: cache-maxage=60m,downstream-ttl=60m
date: Fri, 29 Nov 2024 09:30:24 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P12
x-frame-options: SAMEORIGIN

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 206 KB
46 KB 250ms
86ms Script
text/javascript 18.173.205.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.205.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-205-53.fra56.r.cloudfront.net

Software

Resource Hash

98d32b00fca86fc6994df33302e051a6ad03461a43ff5797d5b10ace4cf4772f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=600, public
content-encoding: gzip
etag: W/"336d0-g/6wprihOkYe7HpMswOVDodT6lU"
age: 588
via: 1.1 e23d0cd26e88be416569e15d7299b25c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: JipuvszpAx8csj783GeaPWn20IFJVU23eWHLvCY2LpLwtkl_-2UJQw==
edge-control: cache-maxage=60m,downstream-ttl=60m
date: Fri, 29 Nov 2024 09:27:21 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P12
x-frame-options: SAMEORIGIN

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 259 KB
92 KB 211ms
67ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

60c3f99e42f05145cf3e5222db42be38b32717f857d45afebc8a7b1feb283c93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 29 Nov 2024 09:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94236
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
52 KB 200ms
58ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44c16ad39aac233483223fa35b221ee0fe5b2a481a69d5cd650bd9bbb11a9327

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityaffairs.com
Referer: https://securityaffairs.com/

Response headers

content-encoding: br
etag: 8892890568673039924
x-content-type-options: nosniff
expires: Fri, 29 Nov 2024 09:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53352
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 317 KB
106 KB 206ms
62ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2289a15d63d3f58033641266b6ac126377142b679132997efd08600e5d9234c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 29 Nov 2024 09:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 108335
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 menu-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/ 467 B
1 KB 118ms
116ms Image
image/svg+xml 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/menu-icon.svg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79ef2c493105913ae8a012433b49e73fec9f4e3dfaf70723bcf66c3e3e0e09e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"63ec8dd3-1d3"
age: 21324250
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SL9QU%2FsH2HJbFEfnE46kSW7OQVwyCMFvNP2xuncviDJT6bEd4m6DbLl1A6x1HiI%2Fd4vohcAOMUkXUNWQ96j1eqKEqwrkEHurksLfMo8qfCcMP2ZtqHm8wVIcKLrWrpz2no9250dbOOzkGLYVY2JywRA8"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=40352&min_rtt=32892&rtt_var=8303&sent=69&recv=39&lost=0&retrans=0&sent_bytes=65736&recv_bytes=10877&delivery_rate=345520&cwnd=33600&unsent_bytes=0&cid=0a2fa1e521860261&ts=344&x=1", cfExtPri, cfHdrFlush;dur=4
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/svg+xml
last-modified: Wed, 15 Feb 2023 07:46:27 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc999e75-CDG
server: cloudflare

GET
H3 200 logo.png
securityaffairs.com/wp-content/uploads/2023/08/ 5 KB
5 KB 117ms
115ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2023/08/logo.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51e18fa3a179268df5763ae93f237dfa9ab4733b4e2791fe3cfeecca702a8832

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "64eb5e9d-128f"
age: 21329575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xs%2FGZAhiD4fD1jKb6b78KGibxPM3eLQ4lHiAzqoG9QKWkvwir2yGIs64jjJOCWhrSiPuD%2B%2BZftSGNtIa1zUKieKH0QsF0K7qZ%2FzC26Q828AS%2Fy90rgHUcKoJCVvdsNKk2E7vttVfIDzaLQDrg8dIhDCk"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=42397&min_rtt=32892&rtt_var=2727&sent=101&recv=47&lost=0&retrans=0&sent_bytes=100478&recv_bytes=11221&delivery_rate=679212&cwnd=50400&unsent_bytes=0&cid=0a2fa1e521860261&ts=356&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Sun, 27 Aug 2023 14:33:01 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d36cc9a9e75-CDG
accept-ranges: bytes
content-length: 4751
server: cloudflare

GET bff4a8c1-35eb-4c8b-a022-c3b2e018fbe4
https://securityaffairs.com/ Frame 0
0

GET
H2 200 css2
fonts.googleapis.com/ 35 KB
2 KB 191ms
61ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

61c7a5d0c2a80afafe4c818c8e8747dab5c0853bb39a19aa2ffb1879e8e5e099

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 29 Nov 2024 09:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 29 Nov 2024 08:15:26 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 resecurity_banner_header_mobile.png
securityaffairs.com/wp-content/themes/security_affairs/images/ 153 KB
154 KB 50ms
49ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/resecurity_banner_header_mobile.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24c96170c8307f6a1f4eff1fd0d355a91ebd6d208b809298dd2a75b238371390

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "66469485-2636c"
age: 250531
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aa9MwCSK89TVxF8XEFl1PaOITVZtZAtMofMhpDrPFsa42LaYfeZBS%2FfYlxtOh%2BgwtBLih9LivJKV4WpEujiSUVAyLc1mEWWUaI2s8nlWWNY1NrW0XdZC9kR641wsxD5CMFBA05l9%2F4uJIZ3HJulR3vdD"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=35987&min_rtt=32613&rtt_var=1867&sent=190&recv=84&lost=0&retrans=0&sent_bytes=194362&recv_bytes=13625&delivery_rate=1753676&cwnd=85500&unsent_bytes=0&cid=0a2fa1e521860261&ts=475&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Thu, 16 May 2024 23:19:33 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d379d6f9e75-CDG
accept-ranges: bytes
content-length: 156524
server: cloudflare

GET
H3 200 user-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/ 987 B
1 KB 47ms
47ms Image
image/svg+xml 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/user-icon.svg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e0352c858984ddb68c11c0b8265ea2ae72ab8d29b4471f888d4cbd95fe881ef

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"63ec8dd5-3db"
age: 2687321
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYCXL6sOY84yLbHY3CsHJYJUyNOWwi09QWOjhD6101jB7k4Yxz88Fh%2FQWGlV6a%2FjlX9NKr8dBe6G1TR4WyovhZEf59X84cUsktcO1i%2BqdjMXSpCfvNqgtLjNHbj85atJ9H1%2BkTTy0zy7SWPxRgvZuWRC"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=35987&min_rtt=32613&rtt_var=1867&sent=188&recv=84&lost=0&retrans=0&sent_bytes=193016&recv_bytes=13625&delivery_rate=1753676&cwnd=85500&unsent_bytes=0&cid=0a2fa1e521860261&ts=473&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/svg+xml
last-modified: Wed, 15 Feb 2023 07:46:29 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d379d739e75-CDG
server: cloudflare

GET
H3 200 clock-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/ 947 B
1 KB 61ms
55ms Image
image/svg+xml 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/clock-icon.svg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61b5d4f52ec96a0aef85f731e618cb627749775534ae86976446f42350757392

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"63ec8dd5-3b3"
age: 314081
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKSLfhguSrEgN30sypowKnbbbvlYMK8ioT%2B5%2BTWQfwgX8T9pA7mz8KLDKfPNp%2B2NBxk9H8nM9RrkLvz8SCzMy0vS1Qc2cbtT%2FWr%2F3nrhn9ZXYIM%2BXHdBi5Muo41EQoiZtTyl8JY9zujfCVW5rPC7CMtb"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=698&x=1", cfExtPri, cfHdrFlush;dur=2
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/svg+xml
last-modified: Wed, 15 Feb 2023 07:46:29 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff229e75-CDG
server: cloudflare

GET
H2 200 image-36.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2024/11/ 67 KB
68 KB 37ms
29ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2024/11/image-36.png?fit=1751%2C3000&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

f1927f7b2412897eb8ea718e168f21db3f09c6679f832574592a1fa6f8a02db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

etag: "35d95bc4eb824c25"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sat, 28 Nov 2026 09:02:31 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 21:02:31 GMT
vary: Accept
link: <https://securityaffairs.com/wp-content/uploads/2024/11/image-36.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 1
access-control-allow-origin: *
content-length: 68948
server: nginx

GET
H2 200 image-36.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2024/11/ 59 KB
59 KB 149ms
29ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2024/11/image-36.png?resize=598%2C1024&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

7bc0dfe0a099664706874e29990887032db672b67f9103da686334745afae54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

etag: "edd33ce24aee2ec9"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sat, 28 Nov 2026 09:08:34 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 21:08:34 GMT
vary: Accept
link: <https://securityaffairs.com/wp-content/uploads/2024/11/image-36.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 1
access-control-allow-origin: *
content-length: 60058
server: nginx

GET
H3 200 image-38.png
securityaffairs.com/wp-content/uploads/2024/11/ 223 KB
224 KB 85ms
79ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2024/11/image-38.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71cdf59124762d17745ea80bc0f740f14ad3c0a39c41178f72e2fd0901901eb0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "6748f1fb-37d15"
age: 33062
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Olq6z43QauHD9puU2hKtYVNcX3AuQwuna9sRjWVtYw%2FyVa0lKxqwfYRCwtTG9l%2FoaLSNGNm0cFUW491NJGPvwt6sKl16bsrrEKRSbzKWahNTjw%2F2i7GY%2B1v6SVoGdr3D1EI2WPz%2FJg0y%2BrIa0YStT05J"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37804&min_rtt=32613&rtt_var=1629&sent=491&recv=124&lost=0&retrans=0&sent_bytes=537104&recv_bytes=22840&delivery_rate=766923&cwnd=133200&unsent_bytes=0&cid=0a2fa1e521860261&ts=704&x=1", cfExtPri, cfHdrFlush;dur=18
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Thu, 28 Nov 2024 22:43:07 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff249e75-CDG
accept-ranges: bytes
content-length: 228629
server: cloudflare

GET
H3 200 image-37.png
securityaffairs.com/wp-content/uploads/2024/11/ 150 KB
150 KB 58ms
54ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2024/11/image-37.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 811bee30a0b05776e36d9e8fd50f0cf53fca030681b325c72cdc489e57b4721b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "6747a32b-25696"
age: 94099
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKC7jQC9f4rFP5dwi9C3q%2FM34PT%2Fbk0WWxe0lyveeIwiaVwp2XyZOQ%2BU7iu4rDqSX%2BmDzdjn8BU14Dv1O%2F365bg7vr7jhUOR2P9bOE8qAg8x7OyKh6qS4tVqPXlqilF3sz0e5Le7fYRp3JgMP%2B7vdhtR"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=696&x=1", cfExtPri, cfHdrFlush;dur=4
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Wed, 27 Nov 2024 22:54:35 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff269e75-CDG
accept-ranges: bytes
content-length: 153238
server: cloudflare

GET
H3 200 t-mobile-experian-data-breach.jpg
securityaffairs.com/wp-content/uploads/2015/10/ 41 KB
42 KB 84ms
81ms Image
image/jpeg 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2015/10/t-mobile-experian-data-breach.jpg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd573dd2e1517dc366e78e8b5de070a16c80e5d32cc71d33e24b3455cffa2db1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "567166f8-a338"
age: 69125
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1h4oVLpatpRpHe29jBkmyIMp8BHmDH1SqydUEDZpyj20asIDWYo9iDElcQD4Ru5zwFpbw8dDqdBTkliZfwB5yRCHUPmsBaY%2F39oSUkvCYtY4RJUyS%2FWVA3nSMiVyDVW%2FEjvEY14TDuwZGsPqEIAY0TrZ"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37804&min_rtt=32613&rtt_var=1629&sent=445&recv=124&lost=0&retrans=0&sent_bytes=484736&recv_bytes=22840&delivery_rate=766923&cwnd=133200&unsent_bytes=0&cid=0a2fa1e521860261&ts=702&x=1", cfExtPri, cfHdrFlush;dur=21
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/jpeg
last-modified: Wed, 16 Dec 2015 13:28:24 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff289e75-CDG
accept-ranges: bytes
content-length: 41784
server: cloudflare

GET
H3 200 image-36.png
securityaffairs.com/wp-content/uploads/2024/11/ 279 KB
280 KB 58ms
54ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2024/11/image-36.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88c98c1c7450cc38ac247a8e59ba898234004fd000915d0a87f9dce58bd91eb2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "67478531-45cd4"
age: 131492
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2FtvW7ThdB3BAau95pyUlZ4mtu98fT7yKCiMmRAxK1Pv%2BsVwvlXykLDAa2c8qlqsSyy6Dy67SOEitxCVw583jGFEvD%2FglRwGivHFEJuW%2BKqOJUxaPnfKlCHnXCc8YpoCT7tS1%2F8KNZPVIk6jN%2Bf0wE1%2F"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=696&x=1", cfExtPri, cfHdrFlush;dur=4
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Wed, 27 Nov 2024 20:46:41 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff2a9e75-CDG
accept-ranges: bytes
content-length: 285908
server: cloudflare

GET
H3 200 vmware-logo.png
securityaffairs.com/wp-content/uploads/2021/04/ 104 KB
105 KB 84ms
81ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2021/04/vmware-logo.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86e1461856ddf98d69c210a23ee263e9144e54d19745fd3349a1e9a8f067f6f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "60662252-19fdf"
age: 22698584
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BqGcAI9byoV24x5nW6oYAyIoJlQ5cx3t8FQ3ixoVPT4Z0usHGjlVl%2F3afEf%2BjBS%2BMv4pOPK4T9ksKWfgHELlWGP1v18wcNGWxiW2wtbd480Y2WUPdEiWS5cHmPePlzfwwy%2BvbcjLX%2BYlw%2FkwQqtzN9x"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37804&min_rtt=32613&rtt_var=1629&sent=491&recv=124&lost=0&retrans=0&sent_bytes=537104&recv_bytes=22840&delivery_rate=766923&cwnd=133200&unsent_bytes=0&cid=0a2fa1e521860261&ts=711&x=1", cfExtPri, cfHdrFlush;dur=12
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Thu, 01 Apr 2021 19:43:14 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff2c9e75-CDG
accept-ranges: bytes
content-length: 106463
server: cloudflare

GET
H3 200 Resecurity-Banner.jpg
securityaffairs.com/wp-content/uploads/2024/03/ 235 KB
235 KB 85ms
83ms Image
image/jpeg 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2024/03/Resecurity-Banner.jpg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f8e33084e855d45ffd07d52954f7cca447bc010a4bef3ec3b32a7e95de0543c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "65f843d7-3aa18"
age: 15318537
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bhP6oJYx5TcDnmRP33v63XMKqjDyY0MCtAvqzABEE2u7tvltD4sx0GNLpqnAv8fhiM5YHsEswyeJobjRW3zOQ3esCZF2I%2Frnc69YU1zIcVwkRSs799%2FxkK8FNYtBPm7sLGPLBZtVrAcY13CV6fEZKIfF"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37804&min_rtt=32613&rtt_var=1629&sent=491&recv=124&lost=0&retrans=0&sent_bytes=537104&recv_bytes=22840&delivery_rate=766923&cwnd=133200&unsent_bytes=0&cid=0a2fa1e521860261&ts=709&x=1", cfExtPri, cfHdrFlush;dur=19
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/jpeg
last-modified: Mon, 18 Mar 2024 13:38:31 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff2e9e75-CDG
accept-ranges: bytes
content-length: 240152
server: cloudflare

GET
H3 200 footer-logo.png
securityaffairs.com/wp-content/uploads/2023/08/ 4 KB
5 KB 57ms
54ms Image
image/png 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2023/08/footer-logo.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b253964206a6ce075557f8735e7b57268338885e821f317bc63c6616e75c7b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-cache-status: HIT
etag: "64eb5ea4-f4c"
age: 2068976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2Bed7TjoIwtwss92cKPIeP8IQifwCcxSBn2XHEy3%2Fwc%2FVef2RDSic%2FJNSg0HYD4%2BM%2FpeZvQQaOLUMN6lmQ9bncVWkn4pdpsnIsJoqqYP6K%2FyJh7vybDlHpMfYaS3yJ7kQcRz%2F6j%2FI8hqQ1UzVI6IxYpS"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=698&x=1", cfExtPri, cfHdrFlush;dur=2
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/png
last-modified: Sun, 27 Aug 2023 14:33:08 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff309e75-CDG
accept-ranges: bytes
content-length: 3916
server: cloudflare

GET
H3 200 email-decode.min.js Show response
securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 44ms
44ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"6740aa56-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mr6pVsp%2BRe9MJysxJ2knPsPzL0L970dzdDPyo1s2Pecg3zm6VlrDbGFOeryvI3zwISHSHBSB2iYRrKTX8uKNlRUnrEHt44%2B6OQDs7SKUS%2FtfwX3Ko4EyLZA2XzFaLCwxJ5d8JZQUHiWmtt8yU4ymhzkV"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8ea19d37edc59e75-CDG
expires: Sun, 01 Dec 2024 09:36:34 GMT
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Fri, 22 Nov 2024 15:59:18 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 hooks.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/dist/ 20 KB
5 KB 27ms
26ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/dist/hooks.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

382dce1ae88ca09958d38220e823dcfed16c11bd9a74057dc80e5ae81274b5c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Mon, 30 Sep 2024 05:11:31 GMT

GET
H2 200 i18n.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/dist/ 49 KB
12 KB 27ms
26ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/dist/i18n.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b15ed20e5b3c78e57f6856a29e88979872e970622415878b5a5082e4602d75ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 1
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 09:36:34 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Thu, 15 Feb 2024 16:53:15 GMT

GET
H3 200 index.js Show response
securityaffairs.com/wp-content/plugins/contact-form-7/includes/swv/js/ 12 KB
4 KB 51ms
50ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d60e3b25e56d35148888b5a08c8eb0ff3806f9698d4f6f54a35eab7d27f4c2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"672fe908-30e0"
age: 278960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ePxgKp81UdTega9H%2BUAmvvm8dkM8L8laqeLvoHp056Aw1NeTwfrJv9AeDhS5mFcr85IEGsMBHXUf8Nq32XK%2Ft4oZ4sKUDESoMQz8ojcNBLNh8NZyMOKNaga6dcF3cWeCVBTWDl%2Bo2ZSjxvlyu%2BsG0rMq"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 04:07:14 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37393&min_rtt=32613&rtt_var=2879&sent=329&recv=101&lost=0&retrans=0&sent_bytes=356503&recv_bytes=15357&delivery_rate=1572767&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=602&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Sat, 09 Nov 2024 22:58:16 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d386e479e75-CDG
server: cloudflare

GET
H3 200 index.js Show response
securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 49ms
48ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddcce687729cb358abf9d0d8e1217a097859be2b0d18c23d7c851b38c87bc9c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"672fe908-348c"
age: 469810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ruyN67qThtccwIVUT29QPABjbK7XOYLSDthwPMeRe1UxMuHMscXT7R3BZHt9gp36n4n8OMeYaHP2yHJpx6BOH4lN%2FT4djf5LkyDi7nPFNij8pPrfLt3KU3TycCEkvHyRN4UTsQ9I%2F75yRf7YwnJFhgy7"}],"group":"cf-nel","max_age":604800}
expires: Sat, 30 Nov 2024 23:06:24 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37393&min_rtt=32613&rtt_var=2879&sent=333&recv=101&lost=0&retrans=0&sent_bytes=361110&recv_bytes=15357&delivery_rate=1572767&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=604&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Sat, 09 Nov 2024 22:58:16 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d386e569e75-CDG
server: cloudflare

GET
H3 200 ssba.js Show response
securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 54ms
54ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1686486772
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-bgj: minify
etag: W/"6485bef4-c26"
age: 135533
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2BtnpvjmdxD1jKjRVI2KGQpRTn5%2FtTAxNh%2FQgLvLa0XQMNFOHrA4gFe%2BRk471V%2B5etieiDGb6fFv4%2BXg0gt6oc5pT7TRHQfqYwS9AVCu2MwDLD40garesfMZL6HyFWGY473wSrJQ47S1GURagZ4eve6P"}],"group":"cf-nel","max_age":604800}
expires: Wed, 04 Dec 2024 19:57:41 GMT
cf-polished: origSize=3110
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=339&recv=104&lost=0&retrans=0&sent_bytes=366565&recv_bytes=16144&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=662&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Sun, 11 Jun 2023 12:32:52 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38cec79e75-CDG
server: cloudflare

GET
H3 200 jquery-3.5.1.min.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 87 KB
34 KB 52ms
52ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/jquery-3.5.1.min.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8dba-15d84"
age: 310738
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrSBET27q7RyHqFE1BVLBgfVUoHdJrudRdIW25QpIMTkbs4lg%2FcduAbqsAA%2FcpqLxXVjAOIYrvYBN%2BSUxb3go117WsR9v%2BlW1mmaLMNflBHSeodBBr3Y07uYd7WD5S7m6qNiOqlM62FRhQQBgbrzK5xM"}],"group":"cf-nel","max_age":604800}
expires: Mon, 02 Dec 2024 19:17:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=340&recv=104&lost=0&retrans=0&sent_bytes=367354&recv_bytes=16144&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=662&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:02 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38cece9e75-CDG
server: cloudflare

GET
H3 200 bootstrap.bundle.min.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 77 KB
25 KB 51ms
51ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/bootstrap.bundle.min.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8db9-13397"
age: 315274
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tijWzOLNeC2oqO%2BJ1S9%2FtYjG8KDLNg7ZazqEriIgjiwfU0bbEgIWLSIswSw5JR%2B2QNdqk4nsLy9KAy5%2FCM3PWPn1PNV2CGYEdZ585sf1Sxw1bYA1N1zb2YqgxiOn%2F38I4e%2FhPoABnv5VYw6gy0owurBp"}],"group":"cf-nel","max_age":604800}
expires: Mon, 02 Dec 2024 18:02:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=375&recv=120&lost=0&retrans=0&sent_bytes=403904&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=688&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:01 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38eeff9e75-CDG
server: cloudflare

GET
H3 200 animation.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 3 KB
2 KB 52ms
52ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/animation.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c03404e75c3b5dd3190080d5b678433a88aed86b17fba7685f8a36950414fb8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8dba-b93"
age: 308216
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bUGdhj9a9FHYoIoyFJxGKIY8EBdcV8SkOINTa0B8ta%2BdHCrsOY2%2BGzX11ewpFZ7mDQIREoXvXkB8zrKDRBDZXnbeG0b0HwxX3p7FkOlhjG%2Fc2g%2Fa9DHe2qrJD%2BnCO8rKa0m0wldiVRBxhLXgbcokK4Vj"}],"group":"cf-nel","max_age":604800}
expires: Mon, 02 Dec 2024 19:59:38 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=375&recv=120&lost=0&retrans=0&sent_bytes=403904&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=688&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:02 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ef029e75-CDG
server: cloudflare

GET
H3 200 slick.min.js Show response
securityaffairs.com/wp-content/themes/security_affairs/slick/ 42 KB
12 KB 52ms
52ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/slick/slick.min.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8db3-a76f"
age: 113394
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EIS8QNxBUejT9wyTSReREKsy0j%2Fm4QpJkn3%2F6UzN45QRtZstMMORZd4pDMyzdMWFkIDaJzp6t9Je91McWi4vxpYZs65EtTMj%2BzpjTKGY6Xi7j9FoalSK3QV%2F5v9ZK7zAhPdscgVC5jop5xyrFmUGkj3X"}],"group":"cf-nel","max_age":604800}
expires: Thu, 05 Dec 2024 02:06:40 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=395&recv=120&lost=0&retrans=0&sent_bytes=427904&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=689&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:45:55 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ef049e75-CDG
server: cloudflare

GET
H3 200 select2.min.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 71 KB
23 KB 55ms
52ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/select2.min.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8db9-11dcb"
age: 94247
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmlL%2Bbvf4%2BDv8Yg1w5YVDHSfPp2cGZ9v1sRx6m6ih647SvxXD%2BRnzW7bXpQ3S4Om0SVl1h0vK4umD1hv5Aa8tH4u6JnVKtqBzQTsBYYoOqhYn%2FFtqIQLQ9m%2B5BZ%2FzITeSUo%2FlDGpfTdFGOgyEICmwByL"}],"group":"cf-nel","max_age":604800}
expires: Thu, 05 Dec 2024 07:25:47 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=421&recv=120&lost=0&retrans=0&sent_bytes=457236&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=692&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:01 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff0e9e75-CDG
server: cloudflare

GET
H3 200 moment.min.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 33 KB
14 KB 53ms
46ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/moment.min.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b5dcd8c4de34bf3e2bbbb1499ef55172ca6a8c7124c5aaa04cc6ea48a084b8b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8dba-857b"
age: 135533
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n77uMeRK%2BLicr1pRj3anznPd8iRDbUSmmyqghSWc2JWWjSvDlqz049D2IHjqjgXtFxe0IyyiwLAT6Gug0LaAliJhszH1SS6gGTAs7sLtYs6syhdhrBNH3aObRZNgUklR6PnXaXY7CBYzGnC8osXXE3V8"}],"group":"cf-nel","max_age":604800}
expires: Wed, 04 Dec 2024 19:57:41 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=411&recv=120&lost=0&retrans=0&sent_bytes=445236&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=692&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:02 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff1b9e75-CDG
server: cloudflare

GET
H3 200 bootstrap-datetimepicker.min.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 23 KB
8 KB 63ms
54ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/bootstrap-datetimepicker.min.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5220bfc9416c5b55c41b39baaf1744ed2ce2bec1b0e77382067dea40eec68ba2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8dba-5a28"
age: 315112
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uRSbvnFos3tSx21ZWp%2BI2abs9hmUfi5MWd2LEHaWH8csQQrGKKIAshezGrVtLSvA42M85QBmwb3Lomcn3R%2BDXP1sJIoM5eid6hr9Cnr5nj9yQ%2FOaEhuGV2QpDMLiGlvMAoRSJzb2g4c7KhSzfdA2x0ar"}],"group":"cf-nel","max_age":604800}
expires: Mon, 02 Dec 2024 18:04:42 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=698&x=1", cfExtPri, cfHdrFlush;dur=2
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:02 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff1e9e75-CDG
server: cloudflare

GET
H3 200 script-datepicker.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 552 B
1004 B 63ms
54ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/script-datepicker.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90f48ba602dfc98c2c658bcd8aeda30d5a9570ff39e142b05bbe384903090582

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"63ec8dba-228"
age: 455741
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mG6m8YtDs3s14ibZyXxlMJELNonEruRYlEuCwza6vGeQI%2FIdOFDyY0kEv6BAWTEZDhkWpOkh3Ae6CnAoVaYGqg0wCJBpz2AkyAwspS1pBnsySpRqmAzX02siX8V0xSWv0y31rRDEpohOnrX1Z6U2CSeq"}],"group":"cf-nel","max_age":604800}
expires: Sun, 01 Dec 2024 03:00:53 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=695&x=1", cfExtPri, cfHdrFlush;dur=5
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:02 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff1f9e75-CDG
server: cloudflare

GET
H3 200 script.js Show response
securityaffairs.com/wp-content/themes/security_affairs/js/ 6 KB
2 KB 63ms
54ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/js/script.js?ver=1.0.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 628fa3e7ecfc8af7a931be8c581244529e7f428bda6f346bf5c7b0d958bfcba6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"63ec8db9-1886"
age: 236878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23VqHiu6Z7rJPzCbHoTP4%2F7dUoNQCuT4oCFTZB0ndSUY1sEp9xUka%2FaqwK1zSlJCnN5CF9FQwuQxiRT7PzAlQPNx0%2Fyl51ae%2BQwwcOhF39QR32ztHV8TEdFwD6JVqYUi2t5t6O7n7aPtBLcqrDX8qK8o"}],"group":"cf-nel","max_age":604800}
expires: Tue, 03 Dec 2024 15:48:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37196&min_rtt=32613&rtt_var=2553&sent=443&recv=120&lost=0&retrans=0&sent_bytes=483364&recv_bytes=22287&delivery_rate=181545&cwnd=116700&unsent_bytes=0&cid=0a2fa1e521860261&ts=695&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
last-modified: Wed, 15 Feb 2023 07:46:01 GMT
vary: Accept-Encoding
priority: u=2,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d38ff209e75-CDG
server: cloudflare

GET
H2 200 e-202448.js Show response
stats.wp.com/ 7 KB
3 KB 157ms
29ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202448.js
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

cache-control: max-age=31536000
content-encoding: br
x-nc: HIT lhr
etag: W/14421-1717166113344.7605
x-minify: t
x-minify-cache: hit
access-control-allow-methods: GET, HEAD
expires: Mon, 24 Nov 2025 03:27:04 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 65f850d4db40be00131d1c63.js Show response
buttons-config.sharethis.com/js/ 927 B
1 KB 247ms
61ms Script
text/javascript 2600:9000:2057:ee00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/65f850d4db40be00131d1c63.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=2.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:ee00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

16c238246f72d6664babdd6dd27bc30813fb13fb633881a14a3f44445f6a2b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

etag: "9e18acbb6d773fab62392bf31b15ea82"
age: 18
x-cache: Hit from cloudfront
x-amz-cf-id: gxvcK-Z1fgRKu_3nQWCHaoH_sse1mDPDd2bhO26_E_oaCCnYlvS-fg==
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: text/javascript
vary: accept-encoding
last-modified: Mon, 18 Mar 2024 14:33:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=60
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 927
x-amz-cf-pop: FRA6-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
406 B 269ms
44ms XHR
text/plain 52.59.126.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.com&location=%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&product=unknown&url=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&source=sharethis-share-buttons-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Bootkitty%20is%20the%20first%20UEFI%20Bootkit%20designed%20for%20Linux%20systems&cms=unknown&publisher=65f850d4db40be00131d1c63&sop=true&version=st_sop.js&lang=en&description=ESET%20discovered%20the%20first%20Unified%20Extensible%20Firmware%20Interface%20(UEFI)%20bootkit%20specifically%20designed%20for%20Linux%20systems%2C%20named%20Bootkitty.&ua=&ua_mobile=false&ua_full_version_list=&uuid=ded91bc3-e1d8-47ab-b3ce-82cef82dc5a9

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=2.3.2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.126.205 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-59-126-205.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://securityaffairs.com
Date: Fri, 29 Nov 2024 09:36:34 GMT
Access-Control-Allow-Headers: *

GET
H3 200 search-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/ 940 B
1 KB 72ms
71ms Image
image/svg+xml 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/search-icon.svg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df70b268a34a8036eca2f536d670f59e142b877bf09ad993aec61417c7a4870

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"63ec8dd0-3ac"
age: 94324
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=26S5XNrGdjvQ3w0yhctc0eukIqkCPzYVKlCOr6cHyxpeTBN6%2BHQDIl5FXugmyckg%2FS0c5bGZwmiKYxaIXn9qXmklAHOiTExWfJiVKkSz0%2B%2Fj7I7ghVxm%2FB4qtZW7OWusfL9d%2BGChfU5NntxEQNq%2B4ToO"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=37804&min_rtt=32613&rtt_var=1629&sent=491&recv=124&lost=0&retrans=0&sent_bytes=537104&recv_bytes=22840&delivery_rate=766923&cwnd=133200&unsent_bytes=0&cid=0a2fa1e521860261&ts=722&x=1", cfExtPri, cfHdrFlush;dur=6
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/svg+xml
last-modified: Wed, 15 Feb 2023 07:46:24 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d391f4e9e75-CDG
server: cloudflare

GET
H3 200 b-arrow.svg
securityaffairs.com/wp-content/themes/security_affairs/images/ 903 B
1 KB 53ms
53ms Image
image/svg+xml 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/b-arrow.svg
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 732fe1ff87d948c44d6d26af7aa89d8e1eb9eb8e00c372dadbacb51c0ba5865d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"63ec8dd8-387"
age: 9225940
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RREfiEb6Y9YrQVnBs71JxC%2BT2zwpS8%2Bk1QH2nn5SExzKjGz8iTJln5qzHtwIB3ZYqF25aKfcK8AdgxxyaL5AT0ubMTZFjQsfs3VtMd1tyMCiR%2Fh66axk%2Bd6VgHT7HSRlwuWXOJ%2FnD5doUBjC6RswEw7Z"}],"group":"cf-nel","max_age":604800}
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=36390&min_rtt=32613&rtt_var=1749&sent=680&recv=135&lost=0&retrans=0&sent_bytes=759230&recv_bytes=23708&delivery_rate=2467730&cwnd=231600&unsent_bytes=0&cid=0a2fa1e521860261&ts=745&x=1", cfExtPri, cfHdrFlush;dur=3
date: Fri, 29 Nov 2024 09:36:34 GMT
content-type: image/svg+xml
last-modified: Wed, 15 Feb 2023 07:46:32 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d394f8e9e75-CDG
server: cloudflare

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 149ms
37ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityaffairs.com
Referer: https://fonts.googleapis.com/

Response headers

age: 301032
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 21:59:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 21:59:23 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

GET
H3 200 fontawesome-webfont.woff2
securityaffairs.com/wp-content/themes/security_affairs/fonts/ 75 KB
76 KB 57ms
57ms Font
application/octet-stream 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/plugins.css?ver=1.0.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityaffairs.com
Referer: https://securityaffairs.com/wp-content/themes/security_affairs/css/plugins.css?ver=1.0.0

Response headers

cf-cache-status: HIT
etag: "63ec8de8-12d68"
age: 292
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=He0GqYMc9hbtI9J4HQ9%2BVe23AmODI8ibsqzVOuPh6l6otOzt8RICDtc%2BUPG6c13igZgPePZ%2Bt5%2B5Vg%2BHo8e7trOsURACL16sVR4gEqxIPwrGQqLqvUvFkXQm%2FKTm2iZyNC%2BwgGV4EdZJibTsbR6CA62z"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=36489&min_rtt=32613&rtt_var=1099&sent=1516&recv=246&lost=129&retrans=129&sent_bytes=1741200&recv_bytes=29880&delivery_rate=3337679&cwnd=444360&unsent_bytes=0&cid=0a2fa1e521860261&ts=1084&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: application/octet-stream
last-modified: Wed, 15 Feb 2023 07:46:48 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d3b59d29e75-CDG
accept-ranges: bytes
content-length: 77160
server: cloudflare

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/ 434 KB
144 KB 139ms
137ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6eb64c067d8c6125a6a8630e302f343c1d2358cd4e793a7a2c9e8bea38d31f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

content-encoding: br
etag: 2499358075594826883
x-content-type-options: nosniff
expires: Fri, 29 Nov 2024 09:36:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147670
x-xss-protection: 0
server: cafe

GET
H2 200 g.gif
pixel.wp.com/ 50 B
178 B 50ms
27ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=29506073&post=171479&tz=0&srv=securityaffairs.com&j=1%3A14.0&host=securityaffairs.com&ref=&fcp=0&rand=0.5635142583629587
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

cache-control: no-cache
access-control-allow-origin: *
content-length: 50
alt-svc: h3=":443"; ma=86400
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: image/gif
server: nginx

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 171ms
56ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8ZWTX5HC4Z&gtm=45je4bk0v893534898za200&_p=1732872994689&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&gdid=dZTNiMT&cid=149172716.1732872995&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732872995&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&dt=Bootkitty%20is%20the%20first%20UEFI%20Bootkit%20designed%20for%20Linux%20systems&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1453
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://securityaffairs.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: text/plain
server: Golfe2

POST collect
region1.analytics.google.com/g/ 0
0

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
548 B 491ms
48ms Ping
text/plain 2a00:1450:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NPN4VEKBTY&cid=149172716.1732872995&gtm=45je4bk0v9100359598za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://securityaffairs.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 7800 0
0 563ms
133ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-NPN4VEKBTY&gacid=149172716.1732872995&gtm=45je4bk0v9100359598za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=932811990

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Nov 2024 09:36:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 513ms
75ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NPN4VEKBTY&cid=149172716.1732872995&gtm=45je4bk0v9100359598za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&tag_exp=101925629~102067555~102067808~102077855~102081485&z=1415535060

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 29 Nov 2024 09:36:35 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 twemoji.js Show response
securityaffairs.com/wp-includes/js/ 32 KB
10 KB 54ms
53ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/twemoji.js?ver=d33525c695408c58d596109cd2ac2623
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b75fdcb9cb724ed0e6a3c091e5ea96250e16643c5b9c6427a6240fff3c026e22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"660ddfaf-80a6"
age: 59526
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKr27bBtHM3qwTEsjtWRM4REQpBYHdDko2fLz0eTuT5YewEv4Ssa2BxDyaOFgLJ%2Fdxu8X23epWJNoA9b3eyTq7Y%2BMXGZ1ZHfHdm3GVK%2FF8PKIxsmSw3LsXK%2Bmv98WMkWezC6IVYpOXlPQqfgOEYajc7n"}],"group":"cf-nel","max_age":604800}
expires: Thu, 05 Dec 2024 17:04:29 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=35951&min_rtt=32613&rtt_var=786&sent=1589&recv=256&lost=129&retrans=129&sent_bytes=1825397&recv_bytes=31583&delivery_rate=1408350&cwnd=444360&unsent_bytes=0&cid=0a2fa1e521860261&ts=1597&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: application/javascript
last-modified: Wed, 03 Apr 2024 23:01:03 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d3e9d6e9e75-CDG
server: cloudflare

GET
H3 200 wp-emoji.js Show response
securityaffairs.com/wp-includes/js/ 9 KB
4 KB 48ms
47ms Script
application/javascript 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/wp-emoji.js?ver=d33525c695408c58d596109cd2ac2623
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9d54383a1ae1cc16b30c0a748ff78cebfffede0e53dd7821dfcb6328ccef47e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"6424c1b3-2309"
age: 59526
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VOOAFgy89EsJuqNCRkncFoYWFNyF5OCX3A7Pdw6ZySA77D%2FIwcRbs7xY%2BL%2FpLMzwU1Z9JlB44VyfknoziQa2bgLp9Zg5hxYINqmV6bwPymeMPRXXusRlPYzI03Q6o68wXoUd43B87tbGh6Q%2FeAwywkqZ"}],"group":"cf-nel","max_age":604800}
expires: Thu, 05 Dec 2024 17:04:29 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=35951&min_rtt=32613&rtt_var=786&sent=1585&recv=256&lost=129&retrans=129&sent_bytes=1820924&recv_bytes=31583&delivery_rate=1408350&cwnd=444360&unsent_bytes=0&cid=0a2fa1e521860261&ts=1592&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: application/javascript
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d3e9d6f9e75-CDG
server: cloudflare

GET
H3 200 schema Show response
securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/feedback/ 333 B
1 KB 92ms
92ms Fetch
application/json 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/feedback/schema

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7768ba8a87a1e3eac6a0b94b899036af0cbc1bd28fa48b6a8da5e9160f3cb46

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, */*;q=0.1
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

x-robots-tag: noindex
cf-edge-cache: cache,platform=wordpress
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iKd%2B8TXVvztFDrILusQjOW5ZbBeY2V7SN6eUoM%2BXWAdqA65GhF9%2B6irPYA8n8WTUpX%2BltnkknxOtpAqfTcSaXVqVSu88ss4oMSV5KgI8OnIezM5tfwvJ2PAMmYuSuLFDqBWIl6ceZwHmKe3aVNux0qrh"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=35731&min_rtt=32613&rtt_var=1029&sent=1598&recv=257&lost=129&retrans=129&sent_bytes=1835686&recv_bytes=31627&delivery_rate=223981&cwnd=444360&unsent_bytes=0&cid=0a2fa1e521860261&ts=1637&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:35 GMT
content-type: application/json; charset=UTF-8
vary: Origin
priority: u=1,i
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
link: <https://securityaffairs.com/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
allow: GET
cf-ray: 8ea19d3e9d719e75-CDG
server: cloudflare

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20241120/r20190131/ Frame 7DF7 0
0 181ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20241120/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202411140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 52628
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4128
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Nov 2024 18:59:28 GMT
etag: 17661348622971093804
expires: Thu, 12 Dec 2024 18:59:28 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 71ms
70ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=0&y=1130.4

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 29 Nov 2024 09:36:35 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 403 ads
pagead2.googlesyndication.com/pagead/ Frame D547 0
0 230ms
91ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1732872995&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&pra=5&wgl=1&aihb=0&aiof=4&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aifgd=1&aipaq=1&itsi=-1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1732872995140&bpp=17&bdt=832&idt=531&shv=r20241120&mjsv=m202411140101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=4244327439416&frm=20&pv=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088670%2C31088729%2C95331832%2C95332925%2C95348326%2C95345966%2C95347755&oid=2&pvsid=1160417451747036&tmod=1635152326&uas=0&nvt=1&fsapi=1&fc=1920&brdim=450%2C450%2C450%2C450%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=588

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Nov 2024 09:36:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 refill Show response
securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/ 2 B
874 B 92ms
92ms Fetch
application/json 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/refill

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, */*;q=0.1
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

x-robots-tag: noindex
cf-edge-cache: cache,platform=wordpress
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNzDiU7%2BKiwAjxfXjzb704BWXZYBbDTmE%2B0b0gMZ5dpivt5TqRESViIKlDmFvGny9tKcO14xZKT0%2FdDahp8SJgyZAZC9t%2FYKgRbu01Ln0fpsXjjxoGPkxHxoitDjGIcPKIgypvJQUu4EsTa%2FuLmry2pe"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=35134&min_rtt=32613&rtt_var=1642&sent=1601&recv=261&lost=129&retrans=129&sent_bytes=1836826&recv_bytes=32848&delivery_rate=72144&cwnd=444360&unsent_bytes=0&cid=0a2fa1e521860261&ts=2119&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:36 GMT
content-type: application/json; charset=UTF-8
vary: Origin
priority: u=1,i
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
link: <https://securityaffairs.com/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
allow: GET
cf-ray: 8ea19d4198cb9e75-CDG
server: cloudflare

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 171ms
56ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241120&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5d09d117cd369413cb58d245f3851322500765d96485e374e09eb62c6a2d86b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13249
date: Fri, 29 Nov 2024 09:36:36 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 404 favicon.ico
securityaffairs.com/wp-content/themes/security_affairs/images/ 572 KB
90 KB 1466ms
1465ms Other
text/html 2606:4700:3031::6815:90b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c58ae8ab29a32caea4858c5646c9a3f36bf388b369bf4a2e71273c47f4aae47b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html

Response headers

cf-edge-cache: cache,platform=wordpress
content-encoding: zstd
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsxJEOaXSKUYJRH5ZGoyRebYPJwSlm4nOtrYJ1dCkzdffhfAzi5MiX%2FUDw8LtpqvIiSOz0Uhunr7rCONcGuOTa32ncwcwOaqvAr8jiNAwf2jhW%2FmxEgYuQN7qzjt70d%2Bl9dJsrMhe3lfXrtILaIyxnbZ"}],"group":"cf-nel","max_age":604800}
expires: Wed, 11 Jan 1984 05:00:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=34909&min_rtt=32613&rtt_var=1682&sent=1602&recv=262&lost=129&retrans=129&sent_bytes=1837724&recv_bytes=32893&delivery_rate=9177&cwnd=444360&unsent_bytes=0&cid=0a2fa1e521860261&ts=3505&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 29 Nov 2024 09:36:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
priority: u=1,i
link: <https://securityaffairs.com/wp-json/>; rel="https://api.w.org/"
cache-control: max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ea19d41b8e19e75-CDG
server: cloudflare

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 18 KB
7 KB 189ms
51ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityaffairs.com/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Fri, 29 Nov 2024 09:36:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 09:36:36 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame EEF1 0
0 179ms
52ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1542
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Nov 2024 09:10:54 GMT
expires: Fri, 29 Nov 2024 10:00:54 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
ep1.adtrafficquality.google/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securityaffairs.com
URL: blob:https://securityaffairs.com/bff4a8c1-35eb-4c8b-a022-c3b2e018fbe4

Domain: region1.analytics.google.com
URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=45je4bk0v9100359598za200&_p=1732872994689&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&gdid=dZTNiMT&cid=149172716.1732872995&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1732872995&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F171479%2Fmalware%2Fbootkitty-uefi-bootkit-linux.html&dt=Bootkitty%20is%20the%20first%20UEFI%20Bootkit%20designed%20for%20Linux%20systems&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1492

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241120&jk=1160417451747036&bg=!xsWlxYrNAAaIaF9IqGg7ADQBe5WfOEamMlDvjQZMFDCkzum8ZIAoyBxdaoS6pRo7bizEI9bi2tgczB5cPK2wAVg1oCsoAgAAAIhSAAAAA2gBB34ANnkQbID4N1qs5igz62ltGebteeiiWVJQvzTOvEBFYQp9qeVcdzgsNO2uiTwDgaLgR9wfrMRJkgoAjncIYopjip3ZPdoQ1vBBKbsuah1snZYwQwG-wMp5aPsl0EZ4RepdaWaDyxq4pp5mzhFEAlzuqZBC8FYg1KKMGb4hv79cJZ3Cyf4Vhrnze-38vLQp8AYlYXczXMsrDWgD8UT817I0K9VWCrUi-dMZMHyTP3-1doo2erCJdlIrZyAAivUv5dC1lLEq6HppOymZApWNasGSZ6oBn84pEj8mnDLfLS0FMc5eR8yF6C82CrNX0E-3vaJdZ_8bS8-EpVcXevfndheoDcQwWQVyeTbqbcwnvVgbhlSc_BmMASbnN-K6MPKVEv1Y8XXW0ICKEnE6RDAEyk6BI5HDgSwaI3uCmqEAfIg1nz3ezIwgHuY9UGPz9LiUS_I-uQyaHJZbI6qNngImKSbSlHR4Unmly4OqEF35IFKm_WVUQGG1Y6bdD8O_0Hxi0PkchycznsipPtdWdcTui4cUE2vypRQOGcNNjs0G2-FwMgUyariy3V8JU6t-4zvsg1XDYyftoQpwlaBzzetQ67_rOVZfzPdM0POC1TYutd-Koe0g599d2mjKM5h-trtJ0I_hTXLE62Y3-vGgIhadZokIQwclOLbeAB65-wOn1fPiFi7f8WYKUsxrwGFJPW5t1NqgR9OkA-c5v-7g3OqERQT0L9zw3piSaqvs5Lzrb-0J74dot4jthKiQ7KOuS2jjFkJSqnqb_n9s2dHRvmswn5K8fFHtfCHkZCLPRnohyH6KDS24fN6jdgq2HZwwPLVwhdQX9ZTVqhVs5VY9P_gxtdRnErPCZ8r4tt8359ltSUpOHMVPywF8hhuxFJzy0GS4Z0TjTCvrdKNgwW2m6GtZgVMfy0AYUIeSFHmJqU12PxlWYqkfm5BcBmubzSc1oBBbhIkEunNY_v70rNs3zSSagoudaBs4_PxqW7G5WaWNhE5rJqqbUsOgkMrIC2EuM_HFQP0DZLxmlgolLPFW6AfT1WiGHaqenyZirMRI2rqVFucd7J1P3WjySLcQ9TsI098H8iIy0GVTk5vtfTPr8svYP7il8ca_MPoJd6uhHpxoO6_4asDtywtKQ1OWvkyu8cwRgmwB

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.securityaffairs.com/	1970-01-21 10:57:12	Name: _ga_8ZWTX5HC4Z Value: GS1.1.1732872995.1.0.1732872995.0.0.0
.securityaffairs.com/	1970-01-21 10:57:12	Name: _ga Value: GA1.1.149172716.1732872995
.securityaffairs.com/	1970-01-21 10:57:12	Name: _ga_NPN4VEKBTY Value: GS1.1.1732872995.1.0.1732872995.60.0.0
securityaffairs.com/	1970-01-21 10:06:48	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.com/	1970-01-21 10:06:48	Name: cookielawinfo-checkbox-non-necessary Value: yes
.doubleclick.net/	1970-01-21 01:21:13	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://securityaffairs.com/wp-content/themes/security_affairs/images/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

buttons-config.sharethis.com
c0.wp.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fonts.googleapis.com
fonts.gstatic.com
i0.wp.com
l.sharethis.com
pagead2.googlesyndication.com
pixel.wp.com
platform-api.sharethis.com
region1.analytics.google.com
region1.google-analytics.com
securityaffairs.com
stats.g.doubleclick.net
stats.wp.com
td.doubleclick.net
www.google.co.uk
www.googletagmanager.com
ep1.adtrafficquality.google
region1.analytics.google.com
securityaffairs.com
18.173.205.53
192.0.76.3
192.0.77.2
192.0.77.37
2001:4860:4802:34::36
2600:9000:2057:ee00:c:abe:f440:93a1
2606:4700:3031::6815:90b
2a00:1450:4001:809::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2008
2a00:1450:400c:c0b::9d
52.59.126.205
09f417c2e643b736c19e96b99e166681af1002e9b192b84e4e85b0794e764f7f
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
165d6cf0440273d98a7ff9e3a3c996af430f251f139ce41bd21d2b995291a0ff
16920fa8e266e8b1f52753ac51a13b430a1fd1d814ad7a0ba8d7102752d7a59d
16c238246f72d6664babdd6dd27bc30813fb13fb633881a14a3f44445f6a2b5f
1df70b268a34a8036eca2f536d670f59e142b877bf09ad993aec61417c7a4870
1e0352c858984ddb68c11c0b8265ea2ae72ab8d29b4471f888d4cbd95fe881ef
1e7f83052e1e3442c4397ced9555033cd1d3f08444d85960683bcf91c8433cdb
2289a15d63d3f58033641266b6ac126377142b679132997efd08600e5d9234c4
24c96170c8307f6a1f4eff1fd0d355a91ebd6d208b809298dd2a75b238371390
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c03404e75c3b5dd3190080d5b678433a88aed86b17fba7685f8a36950414fb8
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
382dce1ae88ca09958d38220e823dcfed16c11bd9a74057dc80e5ae81274b5c1
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
44c16ad39aac233483223fa35b221ee0fe5b2a481a69d5cd650bd9bbb11a9327
4b5dcd8c4de34bf3e2bbbb1499ef55172ca6a8c7124c5aaa04cc6ea48a084b8b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f8e33084e855d45ffd07d52954f7cca447bc010a4bef3ec3b32a7e95de0543c
51e18fa3a179268df5763ae93f237dfa9ab4733b4e2791fe3cfeecca702a8832
5220bfc9416c5b55c41b39baaf1744ed2ce2bec1b0e77382067dea40eec68ba2
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
60c3f99e42f05145cf3e5222db42be38b32717f857d45afebc8a7b1feb283c93
61b5d4f52ec96a0aef85f731e618cb627749775534ae86976446f42350757392
61c7a5d0c2a80afafe4c818c8e8747dab5c0853bb39a19aa2ffb1879e8e5e099
628fa3e7ecfc8af7a931be8c581244529e7f428bda6f346bf5c7b0d958bfcba6
6d60e3b25e56d35148888b5a08c8eb0ff3806f9698d4f6f54a35eab7d27f4c2f
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6eb64c067d8c6125a6a8630e302f343c1d2358cd4e793a7a2c9e8bea38d31f7f
71cdf59124762d17745ea80bc0f740f14ad3c0a39c41178f72e2fd0901901eb0
732fe1ff87d948c44d6d26af7aa89d8e1eb9eb8e00c372dadbacb51c0ba5865d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79ef2c493105913ae8a012433b49e73fec9f4e3dfaf70723bcf66c3e3e0e09e9
7bc0dfe0a099664706874e29990887032db672b67f9103da686334745afae54f
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
811bee30a0b05776e36d9e8fd50f0cf53fca030681b325c72cdc489e57b4721b
86e1461856ddf98d69c210a23ee263e9144e54d19745fd3349a1e9a8f067f6f8
88c98c1c7450cc38ac247a8e59ba898234004fd000915d0a87f9dce58bd91eb2
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4
90bed464813fbd721e4991e83fe323e763f91294f98018462c2698d16e60ae5f
90f48ba602dfc98c2c658bcd8aeda30d5a9570ff39e142b05bbe384903090582
98d32b00fca86fc6994df33302e051a6ad03461a43ff5797d5b10ace4cf4772f
a58001d08829546d85c9429abc2fde58f32237d29be75d8671b8eee2b0395374
a5d09d117cd369413cb58d245f3851322500765d96485e374e09eb62c6a2d86b
ac4e3a420e262172c5caf62f5cac1fcbe508825666766a7b7f310355c2174379
b15ed20e5b3c78e57f6856a29e88979872e970622415878b5a5082e4602d75ce
b253964206a6ce075557f8735e7b57268338885e821f317bc63c6616e75c7b60
b75fdcb9cb724ed0e6a3c091e5ea96250e16643c5b9c6427a6240fff3c026e22
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
c58ae8ab29a32caea4858c5646c9a3f36bf388b369bf4a2e71273c47f4aae47b
c6d0d78d73c8618c4c22287fb022469bfc689b5eb6f58523b49c0ecf4c306e2f
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
d7768ba8a87a1e3eac6a0b94b899036af0cbc1bd28fa48b6a8da5e9160f3cb46
dd573dd2e1517dc366e78e8b5de070a16c80e5d32cc71d33e24b3455cffa2db1
ddcce687729cb358abf9d0d8e1217a097859be2b0d18c23d7c851b38c87bc9c0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3fba86b8d1c97a65dcb519aa2c0ec3c2312f6b27e85aeb8b8ae55ff9307f7a4
e9d54383a1ae1cc16b30c0a748ff78cebfffede0e53dd7821dfcb6328ccef47e
eaade0e5f063f06ba9ec0303b6e2cf134e7e7ddedce6b51813880fe52bbb5de2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1927f7b2412897eb8ea718e168f21db3f09c6679f832574592a1fa6f8a02db9
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f85e538e44687fc0feaa2f66a67831ec9f9b03446f115dec74b996da4a0a4a52
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

securityaffairs.com Open in urlscan Pro 2606:4700:3031::6815:90b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

81 Requests

96 %HTTPS

71 %IPv6

12 Domains

19 Subdomains

18 IPs

3 Countries

2516 kBTransfer

5570 kBSize

6 Cookies

13 Outgoing links

Redirected requests

81 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securityaffairs.com Open in urlscan Pro
2606:4700:3031::6815:90b Public Scan

Screenshot
Live screenshot

Full Image

81
Requests

96 %
HTTPS

71 %
IPv6

12
Domains

19
Subdomains

18
IPs

3
Countries

2516 kB
Transfer

5570 kB
Size

6
Cookies

81 HTTP transactions
0 data transactions