www.deepwatch.com Open in urlscan Pro
2606:4700:10::6814:ca25 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
Submission: On September 26 via api (September 26th 2022, 11:16:33 am UTC) from IN — Scanned from DE

Summary HTTP 115 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 48 IPs in 7 countries across 35 domains to perform 115 HTTP transactions. The main IP is 2606:4700:10::6814:ca25, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.deepwatch.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 13th 2022. Valid for: a year.

This is the only time www.deepwatch.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2606:4700:10:... 2606:4700:10::6814:ca25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.236.89 52.222.236.89	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ba49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.237.219 151.139.237.219	33438 (STACKPATH) (STACKPATH)
4	2600:9000:215... 2600:9000:2156:e00:18:6c16:27c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.25 52.222.236.25	16509 (AMAZON-02) (AMAZON-02)
1	34.107.254.219 34.107.254.219	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	95.179.155.174 95.179.155.174	20473 (AS-CHOOPA) (AS-CHOOPA)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:80c::2013	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:807::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.122 18.66.122.122	16509 (AMAZON-02) (AMAZON-02)
2	34.107.203.234 34.107.203.234	15169 (GOOGLE) (GOOGLE)
1	54.205.2.75 54.205.2.75	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:440... 2606:4700:4400::ac40:91d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:11a... 2a02:26f0:11a::6867:4868	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:df5a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700::68... 2606:4700::6812:184c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eecc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:44b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:73b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:440... 2606:4700:4400::6812:21ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.232.159.108 34.232.159.108	14618 (AMAZON-AES) (AMAZON-AES)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:1fcd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
3 4	54.162.244.84 54.162.244.84	14618 (AMAZON-AES) (AMAZON-AES)
1	18.235.90.40 18.235.90.40	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.171.98.27 54.171.98.27	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.16.92 35.157.16.92	16509 (AMAZON-02) (AMAZON-02)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.222.236.94 52.222.236.94	16509 (AMAZON-02) (AMAZON-02)
2	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2606:4700::68... 2606:4700::6811:7d2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
115	48

31 2606:4700:10::6814:ca25 (United States)

ASN13335 (CLOUDFLARENET, US)

www.deepwatch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-89.fra56.r.cloudfront.net

privacy-policy.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ba49 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.237.219 (United States)

ASN33438 (STACKPATH, US)

cdn.getsmartcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:e00:18:6c16:27c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tools.luckyorange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-25.fra56.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.179.155.174 (Amsterdam, Netherlands)

ASN20473 (AS-CHOOPA, US)
PTR: 95.179.155.174.vultrusercontent.com

app.splithero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80c::2013 (Ireland)

ASN15169 (GOOGLE, US)

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:807::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-122.fra60.r.cloudfront.net

wec-assets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.203.234 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 234.203.107.34.bc.googleusercontent.com

settings.luckyorange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.205.2.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-2-75.compute-1.amazonaws.com

s.getsmartcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:91d9 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4868 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:df5a (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:184c (United States)

ASN13335 (CLOUDFLARENET, US)

wsmcdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wsv3cdn.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eecc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:73b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.232.159.108 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-159-108.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1fcd (United States)

ASN13335 (CLOUDFLARENET, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.162.244.84 (United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-162-244-84.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.235.90.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-90-40.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.98.27 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-98-27.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.16.92 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-16-92.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-94.fra56.r.cloudfront.net

analytics.audioeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:7d2 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	deepwatch.com www.deepwatch.com	232 KB
10	audioeye.com wsmcdn.audioeye.com — Cisco Umbrella Rank: 8005 wsv3cdn.audioeye.com — Cisco Umbrella Rank: 3616 analytics.audioeye.com — Cisco Umbrella Rank: 4024	337 KB
6	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 4617 track.hubspot.com — Cisco Umbrella Rank: 2260 app.hubspot.com — Cisco Umbrella Rank: 5559	23 KB
6	clickagy.com 3 redirects tags.clickagy.com — Cisco Umbrella Rank: 6675 aorta.clickagy.com — Cisco Umbrella Rank: 1502 hemsync.clickagy.com — Cisco Umbrella Rank: 5955	16 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 557 c.clarity.ms — Cisco Umbrella Rank: 998 i.clarity.ms — Cisco Umbrella Rank: 5269	26 KB
6	luckyorange.com tools.luckyorange.com — Cisco Umbrella Rank: 14922 settings.luckyorange.com — Cisco Umbrella Rank: 15219	90 KB
5	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 7081	265 KB
5	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2156	16 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2989	20 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 394 www.linkedin.com — Cisco Umbrella Rank: 623 px4.ads.linkedin.com — Cisco Umbrella Rank: 6198	3 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 375 c.bing.com — Cisco Umbrella Rank: 220	13 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 11225 scout.salesloft.com — Cisco Umbrella Rank: 13368	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	171 KB
3	influ2.com www.influ2.com — Cisco Umbrella Rank: 46103 t.influ2.com — Cisco Umbrella Rank: 40064	4 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 448 d.agkn.com — Cisco Umbrella Rank: 638	1 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14360 apt.techtarget.com — Cisco Umbrella Rank: 19138	2 KB
2	terminus.services vidassets.terminus.services — Cisco Umbrella Rank: 17566 wec-assets.terminus.services — Cisco Umbrella Rank: 15395	12 KB
2	getsmartcontent.com cdn.getsmartcontent.com — Cisco Umbrella Rank: 24185 s.getsmartcontent.com — Cisco Umbrella Rank: 25447	36 KB
1	gstatic.com fonts.gstatic.com	14 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 561	98 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 593	191 B
1	google.de www.google.de — Cisco Umbrella Rank: 6352	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 79	444 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3246	3 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2138	20 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4786	21 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 769	3 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 342	265 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4816	2 KB
1	splithero.com app.splithero.com — Cisco Umbrella Rank: 404386
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6297	147 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2212	922 B
1	truste.com privacy-policy.truste.com — Cisco Umbrella Rank: 9252	16 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1027	5 KB
115	35

	Domain	Requested by
31	www.deepwatch.com	www.deepwatch.com static.cloudflareinsights.com
8	wsv3cdn.audioeye.com	wsmcdn.audioeye.com wsv3cdn.audioeye.com
5	static.hsappstatic.net	app.hubspot.com static.hsappstatic.net
5	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
4	aorta.clickagy.com	3 redirects tags.clickagy.com
4	tools.luckyorange.com	www.deepwatch.com tools.luckyorange.com
3	app.hubspot.com	js.usemessages.com static.hsappstatic.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	bat.bing.com	www.deepwatch.com bat.bing.com
3	www.googletagmanager.com	www.deepwatch.com
2	i.clarity.ms	www.clarity.ms
2	c.clarity.ms	1 redirects
2	api.hubspot.com	js.usemessages.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	scout.salesloft.com	scout-cdn.salesloft.com
2	px.ads.linkedin.com	2 redirects
2	settings.luckyorange.com	tools.luckyorange.com
2	region1.google-analytics.com	www.googletagmanager.com
2	t.influ2.com	www.influ2.com
1	fonts.gstatic.com
1	analytics.audioeye.com	wsv3cdn.audioeye.com
1	c.bing.com	1 redirects
1	id.rlcdn.com
1	pixel-sync.sitescout.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	hemsync.clickagy.com	tags.clickagy.com
1	www.google.de
1	www.google.com
1	track.hubspot.com
1	tags.clickagy.com	ws.zoominfo.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	apt.techtarget.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	wsmcdn.audioeye.com	www.deepwatch.com
1	scout-cdn.salesloft.com	www.deepwatch.com
1	snap.licdn.com	www.deepwatch.com
1	trk.techtarget.com	www.deepwatch.com
1	s.getsmartcontent.com	cdn.getsmartcontent.com
1	wec-assets.terminus.services
1	match.adsrvr.org
1	ws.zoominfo.com	www.deepwatch.com
1	app.splithero.com	www.deepwatch.com
1	www.influ2.com	www.deepwatch.com
1	vidassets.terminus.services	www.deepwatch.com
1	cdn.getsmartcontent.com	www.deepwatch.com
1	js.hsforms.net	www.deepwatch.com
1	js.hs-scripts.com	www.deepwatch.com
1	privacy-policy.truste.com	www.deepwatch.com
1	static.cloudflareinsights.com	www.deepwatch.com
115	54

This site contains links to these domains. Also see Links.

Domain
www.iubenda.com
www.linkedin.com
twitter.com
www.youtube.com
www.facebook.com
go.deepwatch.com
login.deepwatch.com
partners.deepwatch.com
privacy.truste.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-13` - `2023-06-13`	a year	crt.sh
*.truste.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
*.getsmartcontent.com Go Daddy Secure Certificate Authority - G2	`2021-10-19` - `2022-11-20`	a year	crt.sh
luckyorange.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
*.terminus.services Amazon	`2021-11-16` - `2022-12-14`	a year	crt.sh
influ2.com GTS CA 1D4	`2022-08-16` - `2022-11-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
app.splithero.com R3	`2022-09-15` - `2022-12-14`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-09-03` - `2023-03-03`	6 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2022-05-04` - `2023-05-04`	a year	crt.sh
t.influ2.com GTS CA 1D4	`2022-09-13` - `2022-12-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
settings.luckyorange.com R3	`2022-09-01` - `2022-11-30`	3 months	crt.sh
bound360.com Amazon	`2022-06-13` - `2023-07-11`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-16` - `2023-04-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.clickagy.com Amazon	`2021-12-15` - `2023-01-12`	a year	crt.sh
*.audioeye.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-27` - `2023-06-01`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2022-05-10` - `2023-05-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
Frame ID: E0F4238B31F07E9C2EC6FF9E9DAD4DE3
Requests: 98 HTTP requests in this frame

Frame: https://tools.luckyorange.com/core/core.js?v=8a0ecc5
Frame ID: 71A63090BE6041EEE255C06B4B49B417
Requests: 4 HTTP requests in this frame

Frame: https://wsv3cdn.audioeye.com/v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=35a547d
Frame ID: 887EE0E1DA827537B2631FFDF1C056F0
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/5556002/threads/utk/a02c6fc532334678bc50e322e8a81ee1?uuid=dc1416fa8bba405d9524a4a4a4758f67&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=deepwatch.com&inApp53=false&messagesUtk=a02c6fc532334678bc50e322e8a81ee1&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 6B8486F42D954485DDA7868D336C6455
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gootloader Poisoned Blogs Uncovered by Deepwatch’s ATI Team - Deepwatchclose carousel

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Flickity (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/flickity(?:\.pkgd)?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

115
Requests

94 %
HTTPS

58 %
IPv6

35
Domains

54
Subdomains

48
IPs

7
Countries

1503 kB
Transfer

4909 kB
Size

50
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.iubenda.com/privacy-policy/46757738
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/deepwatchsec

Search URL Search Domain Scan URL

URL: https://twitter.com/deepwatch_sec

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCqd_ZEUkmbbwNKUDjV3za-g

Search URL Search Domain Scan URL

URL: https://www.facebook.com/deepwatchsec

Search URL Search Domain Scan URL

URL: https://go.deepwatch.com/deepwatch-ati-gootlander-report
Title: Read the Full Report

Search URL Search Domain Scan URL

URL: https://login.deepwatch.com/
Title: Customer Login

Search URL Search Domain Scan URL

URL: https://partners.deepwatch.com/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://privacy.truste.com/privacy-seal/validation?rid=e7f5b5c1-8dcf-4962-8267-704c4f17ff73

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2227562%26time%3D1664190988543%26url%3Dhttps%253A%252F%252Fwww.deepwatch.com%252Flabs%252Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&liSync=true&e_ipv6=AQLzwlUo5gtLWQAAAYN5g0JmyqA1xcUZgnz3N43MzXI5Cp9JZz9YhYd7Le1XAkbMH3FA72cstNXi

Request Chain 86

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:281edd6cb759455848c76b656d6bc457&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D HTTP 302
https://d.agkn.com/pixel/10751/?che=1664190989311&ip=178.162.209.134&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219723204286001800138 HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219723204286001800138 HTTP 302
https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D

Request Chain 87

https://aorta.clickagy.com/liveramp_redir HTTP 302
https://id.rlcdn.com/711861.gif

Request Chain 89

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=729FB341D0A04F44BC938A6781EC3C87&RedC=c.clarity.ms&MXFR=323B1A3F4FF068D63D3208144BF0667C HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=729FB341D0A04F44BC938A6781EC3C87&MUID=1E489829A42267BF2DEC8A02A5F06644

115 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/ 66 KB
15 KB 1005ms
734ms Document
text/html 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

3982b6cf2ed6575f33845556f43925d0f53a47e4e9e963c8a6d4194c65986532

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 750b96634b079a18-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 11:16:27 GMT
link: <https://www.deepwatch.com/?p=13165>; rel=shortlink
server: cloudflare
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 136
x-cache-group: normal
x-cacheable: SHORT
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 style.min.css
www.deepwatch.com/wp-includes/css/dist/block-library/ 87 KB
12 KB 30ms
28ms Stylesheet
text/css 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:21 GMT
server: cloudflare
age: 301743
etag: W/"632b7949-15b64"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9667ebe79a18-FRA

GET
H2 200 style.css
www.deepwatch.com/wp-content/themes/twentytwentyone/ 127 KB
19 KB 28ms
26ms Stylesheet
text/css 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/twentytwentyone/style.css

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c235f034c37af84c187d25e67226381dfa536e879693ef2e4d3fd2cc882acf6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:26 GMT
server: cloudflare
age: 301743
etag: W/"632b794e-263d6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=156630
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9667ebeb9a18-FRA
cf-bgj: minify

GET
H2 200 style.css
www.deepwatch.com/wp-content/themes/deepwatch/ 79 KB
15 KB 28ms
27ms Stylesheet
text/css 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/style.css

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df9cf0f0a6e8226fe26f68dab8af29af21e837213b2fa093c4442fcc05935931

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 20:49:14 GMT
server: cloudflare
age: 11522
etag: W/"632e1bca-19965"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=104805
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9667ebec9a18-FRA
cf-bgj: minify

GET
H2 200 flickity.css
www.deepwatch.com/wp-content/themes/deepwatch/styles/ 2 KB
770 B 26ms
25ms Stylesheet
text/css 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/styles/flickity.css

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

697aa9bad784637089e866dec0fab57a20f19c634f6c52c276f77e71dbfd348f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301743
etag: W/"632b794f-976"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=2422
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9667ebf59a18-FRA
cf-bgj: minify

GET
H2 200 animate.css
www.deepwatch.com/wp-content/themes/deepwatch/styles/ 44 KB
5 KB 30ms
29ms Stylesheet
text/css 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/styles/animate.css

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8992882b548461f80c8ae3ffbfb873fe5e0a376d029fcf9a411326e8ce568a28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301743
etag: W/"632b794f-df07"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=57095
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9667ebf79a18-FRA
cf-bgj: minify

GET
H2 200 email-decode.min.js Show response
www.deepwatch.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
841 B 14ms
14ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Sep 2022 17:11:54 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"632b45da-4d7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=172800, public
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9667ebfa9a18-FRA
expires: Wed, 28 Sep 2022 11:16:27 GMT

GET
H2 200 rocket-loader.min.js Show response
www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 13ms
12ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Sep 2022 17:11:54 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"632b45da-302c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=172800, public
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96680c259a18-FRA
expires: Wed, 28 Sep 2022 11:16:27 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 76ms
57ms Script
text/javascript 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.deepwatch.com/
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 750b96682f98917a-FRA

GET
H2 200 print.css
www.deepwatch.com/wp-content/themes/twentytwentyone/assets/css/ 2 KB
854 B 21ms
21ms Stylesheet
text/css 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/twentytwentyone/assets/css/print.css

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e137691c561e3a0ff6ed790709af1e5b95ded96549c4fef9e2a90e0635bcc99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:26 GMT
server: cloudflare
age: 301743
etag: W/"632b794e-b51"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=2897
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96680c289a18-FRA
cf-bgj: minify

GET
H2 200 deepwatch-logo-dark.svg
www.deepwatch.com/wp-content/themes/deepwatch/images/ 6 KB
3 KB 33ms
33ms Image
image/svg+xml 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/deepwatch-logo-dark.svg

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ebfb3e7c28baaa1ed6caa661bf56e63896bf539b7718421c66a734d71703e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 267445
etag: W/"632b794f-188a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96683c7f9a18-FRA

GET
H2 200 cairo-v9-latin-regular.woff2
www.deepwatch.com/wp-content/themes/deepwatch/fonts/ 20 KB
20 KB 28ms
27ms Font
font/woff2 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/fonts/cairo-v9-latin-regular.woff2

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33b5e84734e6c2f41286376d3c9ee3da94da179f4e3b20c7e3a20e1a21c2b665

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301742
etag: "632b794f-50c0"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96683c849a18-FRA
content-length: 20672

GET
H2 200 archivo-v7-latin-regular.woff2
www.deepwatch.com/wp-content/themes/deepwatch/fonts/ 17 KB
17 KB 29ms
28ms Font
font/woff2 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/fonts/archivo-v7-latin-regular.woff2

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98f556295357a81a54321ddccf9ac9c907239015f86287539c9ae8981dc8a7b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301742
etag: "632b794f-43b0"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96683c8a9a18-FRA
content-length: 17328

GET
H2 200 archivo-v7-latin-700.woff2
www.deepwatch.com/wp-content/themes/deepwatch/fonts/ 17 KB
17 KB 33ms
32ms Font
font/woff2 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/fonts/archivo-v7-latin-700.woff2

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62b8e704838162585ae0dda4079c05b4cb17991998333e499579b5c350a74886

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301742
etag: "632b794f-4468"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96683c8c9a18-FRA
content-length: 17512

GET
H2 200 archivo-v7-latin-600.woff2
www.deepwatch.com/wp-content/themes/deepwatch/fonts/ 17 KB
17 KB 32ms
32ms Font
font/woff2 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/fonts/archivo-v7-latin-600.woff2

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8a8ec7352e8ef95ef8399a06d2093af1796b76629726af9f0a2bf32338854c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.deepwatch.com/wp-content/themes/deepwatch/style.css
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 299849
etag: "632b794f-452c"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96683c8e9a18-FRA
content-length: 17708

GET
H2 200 deepwatch-logo-light.svg
www.deepwatch.com/wp-content/themes/deepwatch/images/ 6 KB
2 KB 22ms
16ms Image
image/svg+xml 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/deepwatch-logo-light.svg

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34b2a92df475bac4213019d7cd954379219153c1e0049478632ba4d42a327aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 267454
etag: W/"632b794f-1803"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96688d119a18-FRA

GET
H2 200 gdpr-badge.webp
www.deepwatch.com/wp-content/themes/deepwatch/images/ 6 KB
6 KB 35ms
28ms Image
image/webp 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/gdpr-badge.webp

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a904656a4838445d97715acceb32d208859675ba1e689780398a6977c77d4d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 267454
etag: "632b794f-1720"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96689d3b9a18-FRA
content-length: 5920

GET
H2 200 PCI-DSS-footer-badge-1.webp
www.deepwatch.com/wp-content/uploads/ 3 KB
3 KB 34ms
27ms Image
image/webp 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/uploads/PCI-DSS-footer-badge-1.webp

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

169c1b84dd531894024c8602282fd3a814b5653adfd561277e77d031bc6a3544

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:22 GMT
server: cloudflare
age: 267454
etag: "632b794a-cdc"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96689d3d9a18-FRA
content-length: 3292

GET
H2 200 21972-312_SOC_NonCPA.webp
www.deepwatch.com/wp-content/uploads/ 11 KB
11 KB 35ms
29ms Image
image/webp 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/uploads/21972-312_SOC_NonCPA.webp

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5d73f1d1fbca77122e89e95b14ce453e3606bc3ea43921e221a1cb7a633314c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 20:49:09 GMT
server: cloudflare
age: 1869
etag: "632e1bc5-2bc6"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
accept-ranges: bytes
cf-ray: 750b96689d3f9a18-FRA
content-length: 11206

GET
H/1.1 200
OK seal
privacy-policy.truste.com/privacy-seal/ 14 KB
16 KB 119ms
8ms Image
image/svg+xml 52.222.236.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://privacy-policy.truste.com/privacy-seal/seal?rid=e7f5b5c1-8dcf-4962-8267-704c4f17ff73

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-89.fra56.r.cloudfront.net

Software

TXS /

Resource Hash

4b8271a7147141530b4450016f74d728419e6cea808360acdf2c25ce1ab6cf96

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; frame-ancestors https://.trustarc.com https://.truste.com ; upgrade-insecure-requests; block-all-mixed-content;, default-src 'self' 'unsafe-eval' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; font-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; style-src 'self' 'unsafe-inline' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; img-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net https://trustarc.com; frame-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; connect-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload, max-age=63072000; includeSubDomains; preload
Via: 1.1 c9499008aa7e1acd11e9fbc171281d82.cloudfront.net (CloudFront)
x-content-type-options: nosniff, nosniff, nosniff
Age: 79298
Cross-Origin-Embedder-Policy: unsafe-none, unsafe-none
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin, cross-origin
Connection: keep-alive
Content-Length: 14237
X-Xss-Protection: 1; mode=block, 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
Server: TXS
Cross-Origin-Opener-Policy: cross-origin, cross-origin
Date: Sun, 25 Sep 2022 13:14:48 GMT
Expect-CT: enforce, max-age=60, enforce, max-age=60
X-Frame-Options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
Content-Type: image/svg+xml
Cache-Control: no-cache, must-revalidate, no-cache, no-store
Access-Control-Allow-Credentials: true
Permissions-Policy: autoplay=(self), document-domain=(self), encrypted-media=(self), autoplay=(self), document-domain=(self), encrypted-media=(self)
ETag: W/"14237-1594834154000"
Content-Security-Policy: object-src 'none'; frame-ancestors https://*.trustarc.com https://*.truste.com ; upgrade-insecure-requests; block-all-mixed-content;, default-src 'self' 'unsafe-eval' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; font-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; style-src 'self' 'unsafe-inline' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; img-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net https://trustarc.com; frame-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; connect-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; upgrade-insecure-requests; block-all-mixed-content;
X-Amz-Cf-Pop: FRA56-P4
Accept-Ranges: bytes
X-Amz-Cf-Id: 4Xbt6TDQY6e-YqQqoKAmW6UxHkA0byYwmEyQ2E5P-OsPu4PRw6Fv7g==

GET
H2 200 linkedin.svg
www.deepwatch.com/wp-content/themes/deepwatch/images/ 1 KB
705 B 36ms
30ms Image
image/svg+xml 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/linkedin.svg

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20561d5752db7c8b4fb9cadd2d3f4137108740b246cab96479c88e71d115c3b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 267454
etag: W/"632b794f-421"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96689d439a18-FRA

GET
H2 200 twitter.svg
www.deepwatch.com/wp-content/themes/deepwatch/images/ 1 KB
899 B 36ms
30ms Image
image/svg+xml 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/twitter.svg

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75bcb168edf5c40186650f096234569a0b55f9ba24c65b04cc4e8219f28ab3a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 20:49:13 GMT
server: cloudflare
age: 3781
etag: W/"632e1bc9-570"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96689d459a18-FRA

GET
H2 200 youtube.svg
www.deepwatch.com/wp-content/themes/deepwatch/images/ 1 KB
726 B 77ms
72ms Image
image/svg+xml 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/youtube.svg

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c1fe8c89ac98d3cb920ae2ddb0ef72a3f4b8d86d42a30390b2a39163895bec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 267454
etag: W/"632b794f-474"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96689d469a18-FRA

GET
H2 200 facebook.svg
www.deepwatch.com/wp-content/themes/deepwatch/images/ 1 KB
734 B 84ms
78ms Image
image/svg+xml 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/images/facebook.svg

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e23c80add47a1d95b929b94c73e26e8ddd56e2a88f685694ca9071d246a972

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 267454
etag: W/"632b794f-4aa"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b96689d489a18-FRA

GET
H2 200 responsive-embeds.js Show response
www.deepwatch.com/wp-content/themes/twentytwentyone/assets/js/ 514 B
397 B 26ms
22ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b6d942711f1721a2458ec48d431a328384b7f955086cdcf4252b51e4a4ee2ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:26 GMT
server: cloudflare
age: 301742
etag: W/"632b794e-467"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=1127
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdad9a18-FRA
cf-bgj: minify

GET
H2 200 primary-navigation.js Show response
www.deepwatch.com/wp-content/themes/twentytwentyone/assets/js/ 4 KB
1 KB 42ms
38ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e11e1a3f5157da13ecdf6311a8ea51bc908f1de6e12564b11f0c505b3aa83c5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:26 GMT
server: cloudflare
age: 301742
etag: W/"632b794e-179f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=6047
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdb29a18-FRA
cf-bgj: minify

GET
H2 200 wow.min.js Show response
www.deepwatch.com/wp-content/themes/deepwatch/scripts/ 8 KB
3 KB 33ms
29ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/scripts/wow.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b084fbb870731ad1bb8215c558b54a43485fe1d71121db1c394b92f8d444d817

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301742
etag: W/"632b794f-20fe"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdb69a18-FRA

GET
H2 200 flickity.pkgd.min.js Show response
www.deepwatch.com/wp-content/themes/deepwatch/scripts/ 56 KB
14 KB 41ms
37ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/scripts/flickity.pkgd.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

472c7748607b5b76986bb54ffe3fe79ea954f61705aabd2a0fa80d13b2eee46b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301742
etag: W/"632b794f-e0a9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdb79a18-FRA

GET
H2 200 menu.js Show response
www.deepwatch.com/wp-content/themes/deepwatch/scripts/ 2 KB
817 B 31ms
27ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-content/themes/deepwatch/scripts/menu.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7715065c3e179318c7c23235408a4213a4a9ef93bc31532244080cfe03fafbcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:27 GMT
server: cloudflare
age: 301742
etag: W/"632b794f-a7a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-polished: origSize=2682
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdb99a18-FRA
cf-bgj: minify

GET
H2 200 5556002.js Show response
js.hs-scripts.com/ 2 KB
922 B 169ms
122ms Script
application/javascript 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5556002.js?integration=WordPress&ver=9.0.123
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27ecfb00dc34367ee0f42518ae04fbabdb9c4e2b6bf32c5288dd8f214e2a7b4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 10:59:35 GMT
server: cloudflare
x-hubspot-correlation-id: aab020b5-6364-4337-943c-fcae945aacb4
x-trace: 2BF312E262D08CC94CFA929A9FB0C1F079FAD3B72D000000000000000000
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.deepwatch.com
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 750b96690efc9c12-FRA
expires: Mon, 26 Sep 2022 11:17:27 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 585 KB
147 KB 84ms
41ms Script
application/javascript 2606:4700::6811:ba49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ba49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01166bec93c254eab63db48f7155045ec7124dfeaa5fe8fd2b8faa31041489ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 271
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cache-tag: staticjsapp-FormsNext-web-prod,staticjsapp-prod
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 26 Sep 2022 10:31:32 UTC
server: cloudflare
etag: W/"c0d6f823847acd673fef3bd504e7469e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgOneB%2BwvcBbAItagqHPnTFfbpjQOrVuJ4JU1L56XSl6n6xvSuZygkziOWbxj3%2Bav0YHnvVJEyilLn0TMMielxIH9LdiDcBrC4sZslS6GuiKA3mAxK1boU%2FGpd0glLjfyDcCPkeKAPtHnABN"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: oqhXIu0zY73DszgncA5TEsG3kIYczGpO
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=300
x-hs-cache-status: HIT
x-amz-cf-pop: IAD12-P3
cf-ray: 750b9669095d6945-FRA
x-amz-cf-id: RSzs4pWjcWz7WPgqO0Sd6jeYc_DdzGLkoCx4g_6-xjn-BBc6h13hNA==
x-hs-target-asset: FormsNext/static-5.533/bundles/project_with_deps.js

GET
H/1.1 200
OK SZWCKD9G.js Show response
cdn.getsmartcontent.com/ 100 KB
36 KB 572ms
12ms Script
application/javascript 151.139.237.219
STACKPATH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.getsmartcontent.com/SZWCKD9G.js
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.237.219 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 22f3ee9f5089c44953a5879948aac89acab428baef1ef15145233470da61b8cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 11:16:28 GMT
Content-Encoding: gzip
ETag: W/"93474f633ebdc2ea86721c7b69cb56c8"
Last-Modified: Mon, 26 Sep 2022 11:15:16 GMT
Server: NetDNA-cache/2.2
x-amz-request-id: JBG6Z6988VNRW2F7
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: application/javascript
Cache-Control: public, max-age=900
x-amz-replication-status: COMPLETED
Connection: keep-alive
x-amz-version-id: N7IO23GXEiGB0RGalDqkNsHNlbM4sVfp
x-amz-id-2: rZmzZX7CE2/rwNorjCmUt6TRMhDnjQ8/avt0zaiufkUNNmc97jVRLb+s3RI5upAwbN2f6Hb8MTk=

GET
H2 200 lo.js Show response
tools.luckyorange.com/core/ 11 KB
5 KB 72ms
8ms Script
application/javascript 2600:9000:2156:e00:18:6c16:27c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tools.luckyorange.com/core/lo.js?site-id=9b1d0e44
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e00:18:6c16:27c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2bb70668c3a697c9dbeec81da46b468369fea6591ff492d152949f10b07927ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 10:31:47 GMT
content-encoding: gzip
last-modified: Thu, 15 Sep 2022 16:31:21 GMT
server: AmazonS3
age: 2681
etag: "fe4e1bdb7d38477bc1b2ac29b76d1ef4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4300
x-amz-cf-id: inIwDkqmTetCwJ6P7Bt_cZQkS_H4yeBBBjfHwkfGlHX-ZQ7kmZBf5A==

GET
H2 200 t.js Show response
vidassets.terminus.services/e1c91371-aaac-471d-8984-3d63bc4ea92f/ 35 KB
12 KB 58ms
8ms Script
application/javascript 52.222.236.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vidassets.terminus.services/e1c91371-aaac-471d-8984-3d63bc4ea92f/t.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.25 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-25.fra56.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 10:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2410
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 23 Jun 2022 17:58:18 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: Sjh9yWc8EjlNxDn1lsCJphdKliLD7gvW2pXIC9cQdRfBcFD-qnOdPg==

GET
H2 200 tracker Show response
www.influ2.com/ 6 KB
2 KB 188ms
119ms Script
application/javascript 34.107.254.219
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=eaee4bcb-1028-413c-aa59-e5116a9fd85e

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

3dc3f4b3215701f48038c52e3df8a298a1366ca69e36dbe06300894372d8ab5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Sep 2022 11:16:27 GMT
x-frame-options: DENY
content-type: application/javascript
via: 1.1 google
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 208 KB
73 KB 89ms
44ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9T89M3FL79

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

173b8381fa04cccd882762d794347a90da3d11e22c26ac430c54ac4a5cb15287

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74775
x-xss-protection: 0
expires: Mon, 26 Sep 2022 11:16:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
42 KB 70ms
25ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153275196-2

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

987941b5d3a6c4e78ca1ffb937a62002f0f888c1c85dfaa05de36ced74b36696

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42256
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Sep 2022 11:16:27 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.deepwatch.com/wp-includes/js/jquery/ 11 KB
4 KB 26ms
24ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:20 GMT
server: cloudflare
age: 301742
etag: W/"632b7948-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdbb9a18-FRA

GET
H2 200 jquery.min.js Show response
www.deepwatch.com/wp-includes/js/jquery/ 87 KB
31 KB 34ms
32ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:20 GMT
server: cloudflare
age: 301742
etag: W/"632b7948-15db1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b9668cdbc9a18-FRA

GET
H2 404 js
app.splithero.com/api/ 0
0 257ms
209ms Script
text/html 95.179.155.174
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://app.splithero.com/api/js?r=https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/&wpliu=false
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.179.155.174 Amsterdam, Netherlands, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 95.179.155.174.vultrusercontent.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H2 200 wp-emoji-release.min.js Show response
www.deepwatch.com/wp-includes/js/ 18 KB
5 KB 30ms
29ms Script
application/javascript 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/wp-includes/js/wp-emoji-release.min.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Sep 2022 20:51:20 GMT
server: cloudflare
age: 253383
etag: W/"632b7948-48b9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=15552000; preload
cf-ray: 750b966c5dd09a18-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 165 KB
56 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W5MRQTD

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cb571806844701539661fb479c3435d493c4879058b4ba2f0e120c4d4c2c49ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57665
x-xss-protection: 0
last-modified: Mon, 26 Sep 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Sep 2022 11:16:28 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 80ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7191974039BE4997B9D28397A8D2BBCC Ref B: FRAEDGE1216 Ref C: 2022-09-26T11:16:28Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Mon, 26 Sep 2022 11:16:27 GMT
accept-ranges: bytes
content-length: 11376

GET
H2 200 tlLhAe4Dtv4kKkzHEXWZ Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 265ms
229ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/tlLhAe4Dtv4kKkzHEXWZ

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

990ac459aa852af7e53e62feccbf70cfe935bf4f732bfd3d827e10f678dc4f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 750b966cb9d35c26-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
via: 1.1 google

GET
H2 200 / Show response
t.influ2.com/u/ 63 B
285 B 315ms
166ms XHR
text/plain 2a00:1450:400d:80c::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1664190988249
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=eaee4bcb-1028-413c-aa59-e5116a9fd85e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:80c::2013 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 5cbfc3e27c7865053f62a56eabceb2cbd3586056165a875d17e8022e9e5ac814

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://www.deepwatch.com
date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
access-control-allow-credentials: true
vary: Accept-Encoding
via: 1.1 google
content-type: text/plain; charset=utf-8

GET
H2 200 /
t.influ2.com/p/vt/ 597 B
796 B 302ms
154ms Image
image/jpeg 2a00:1450:400d:80c::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.influ2.com/p/vt/?a=&clid=eaee4bcb-1028-413c-aa59-e5116a9fd85e&caid=&cb=1664190988249&s=&dt=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&ref=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&d=0&da=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:80c::2013 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d267998c3594ce7f02341a5a8ef2b2705627f2552960e332d73747022406a30b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 26 Sep 2022 11:16:28 GMT
via: 1.1 google
access-control-allow-credentials: true
content-length: 597
content-type: image/jpeg

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 108ms
28ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153275196-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 2936
date: Mon, 26 Sep 2022 10:27:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Mon, 26 Sep 2022 12:27:32 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
349 B 56ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9T89M3FL79&gtm=2oe9l0&_p=479974331&cid=1165302478.1664190988&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=1&sid=1664190988&sct=1&seg=0&dl=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&dt=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9T89M3FL79
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepwatch.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
265 B 124ms
34ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=e1c91371-aaac-471d-8984-3d63bc4ea92f|242b8f5e-1998-4177-b6a8-8c989536fa4e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 t.gif
wec-assets.terminus.services/e1c91371-aaac-471d-8984-3d63bc4ea92f/ 43 B
303 B 46ms
12ms Image
image/gif 18.66.122.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wec-assets.terminus.services/e1c91371-aaac-471d-8984-3d63bc4ea92f/t.gif?d=242b8f5e-1998-4177-b6a8-8c989536fa4e&s=d4e29b78-d2b5-436b-82cd-28379ed5465b&p=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&cb=1664190988313&t=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&r=&e=page_viewed&u=94726e04-601f-4c1e-8ffe-55521dc6cd59-1664190988313

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-122.fra60.r.cloudfront.net

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:09:22 GMT
via: 1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront)
age: 426
strict-transport-security: max-age=31536000
x-cache: Hit from cloudfront
content-type: image/gif
x-amz-cf-pop: FRA60-P2
content-length: 43
x-amz-cf-id: lx_mWbEasQ-Q5sDoblWVIy8t_LGThBHgJ-4bb9HpNc35Aq5XTHowaQ==

GET
H3 200 9b1d0e44 Show response
settings.luckyorange.com/ 7 KB
2 KB 296ms
268ms Fetch
application/json 34.107.203.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://settings.luckyorange.com/9b1d0e44
Requested by: Host: tools.luckyorange.com
URL: https://tools.luckyorange.com/core/lo.js?site-id=9b1d0e44
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.203.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 234.203.107.34.bc.googleusercontent.com
Software: /
Resource Hash: d32c386d660f024b4b4c8a6a461296bfc2abd88dfa4f5daaff03a64b8a84ea99

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
x-lucky-uid: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
x-lucky-referrer

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.deepwatch.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

OPTIONS
H2 200 9b1d0e44
settings.luckyorange.com/ Frame 0
0 160ms
116ms Preflight 34.107.203.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://settings.luckyorange.com/9b1d0e44
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 234.203.107.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-lucky-referrer,x-lucky-uid
Access-Control-Request-Method: GET
Origin: https://www.deepwatch.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Access-Control-Allow-Origin,Authorization,Content-Type,X-Lucky-Uid,X-Lucky-Site-Id,X-Lucky-Impersonate,X-Lucky-Session-Id,X-Lucky-Referrer
access-control-allow-methods: POST,GET,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://www.deepwatch.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 26 Sep 2022 11:16:28 GMT
via: 1.1 google

GET
H2 200 serving Show response
s.getsmartcontent.com/ 161 B
580 B 415ms
168ms Script
application/javascript 54.205.2.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://s.getsmartcontent.com/serving?tm=1664190988&rv=c0eed74e-e894-4161-8650-e6d759a8d7a0&i=pxobvewtsxcvv0t81l25x6bcmevbb3wm&loc=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&w=SZWCKD9G&c=&v=1664190988.1664190988.1664190988.1&s=pxobvewtsxcvv0t81l25x6bcmevbb3wm.1664190988&d=1600%2C1200&ab=&r=&m.eg=&lvc=&lvcr=&dl=%7B%7D

Requested by

Host: cdn.getsmartcontent.com
URL: https://cdn.getsmartcontent.com/SZWCKD9G.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.205.2.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-2-75.compute-1.amazonaws.com

Software

Resource Hash

c7d7d4073c85a19e51e38957a531597a037d44e32097cb9c2413d9c129cb74cf

Security Headers

Name	Value
Content-Security-Policy	default-src '*'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
referrer-policy: unsafe-url
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=0, must-revalidate, no-cache=Set-Cookie, private
content-security-policy: default-src '*'
x-content-type-options: nosniff
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 89ms
30ms Script
text/javascript 2606:4700:4400::ac40:91d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 389
vary: Accept-Encoding
content-type: text/javascript
expires: Mon, 26 Sep 2022 11:19:59 GMT
cache-control: max-age=1200
cf-ray: 750b966d7cfe9bfb-FRA
cf-bgj: minify

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 93ms
19ms Script
application/x-javascript 2a02:26f0:11a::6867:4868
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4868 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=64113
accept-ranges: bytes
content-length: 3063

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 99ms
21ms Script
application/javascript 2606:4700::6812:df5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:df5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6697
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HZJ761PC0HH3VMMR
x-amz-id-2: dvVv//zyFmukwIAlsFVWsd4KTkr4e1UY3Sd6wvG7mtSeN1Np5WLlXuCBaBQFZLJc/wePe8E6EbQ=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
strict-transport-security: max-age=0
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
cf-ray: 750b966daaac9b45-FRA
expires: Mon, 26 Sep 2022 15:16:28 GMT

GET
H2 200 aem.js Show response
wsmcdn.audioeye.com/ 1020 B
685 B 53ms
18ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsmcdn.audioeye.com/aem.js
Requested by: Host: www.deepwatch.com
URL: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e56bd6105d6e24d804d3db97049f580c26390f475a87f7535e066bdc815b2f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

cache-tags
date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
surrogate-keys
cf-cache-status: HIT
server: cloudflare
age: 287
etag: W/"c5f5d23dbd841fb0868078e4bfbbd713"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=3600
cf-ray: 750b966d79b5994e-FRA

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 73 KB
21 KB 83ms
47ms Script
application/javascript 2606:4700::6811:eecc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5556002.js?integration=WordPress&ver=9.0.123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:eecc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8f3054d66c25b3b2011b4f801244e7b7905fcb3fe5dac5619dd0153c1a0d694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 131
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.10824/bundles/project.js&cfRay=750b93397f5c9143-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Thu, 22 Sep 2022 02:34:31 UTC
server: cloudflare
etag: W/"020eea6787fe43ee21bd3dbd987fa0af"
vary: Accept-Encoding
x-amz-version-id: CfQMt4LAVbhINYuHlmdgZgJLNFJkBpGH
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD12-P3
cf-ray: 750b966d8cdc90a9-FRA
x-amz-cf-id: j-_xFdrscxlTJys2NicMPzjV_XBe2oKtJJCdfJavLQH_hoDTxq4XHg==
x-hs-target-asset: conversations-embed/static-1.10824/bundles/project.js

GET
H2 200 5556002.js Show response
js.hs-analytics.net/analytics/1664190900000/ 63 KB
20 KB 185ms
162ms Script
text/javascript 2606:4700::6811:44b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1664190900000/5556002.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5556002.js?integration=WordPress&ver=9.0.123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39fff1625b0b4cafafad7147fb99ea074ddac65d5f1de885968e0d90f01a51dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 9EGVJR2HZC5N97W1
x-amz-server-side-encryption: AES256
cf-ray: 750b966d9cf59199-FRA
x-amz-id-2: g8Phs40SdgQhQzwqmElDTum5yWG6pO4kZtER6Tc0pT1t9lmLgkfKqre9oPWMXp74luPGkQeQ8Tc=
last-modified: Wed, 31 Aug 2022 12:06:42 GMT
server: cloudflare
etag: W/"f563dbcace42d1dc4ff123bf2f7d36f0"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Mon, 26 Sep 2022 11:21:28 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 5 KB
3 KB 74ms
48ms Script
application/javascript 2606:4700::6811:73b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5556002.js?integration=WordPress&ver=9.0.123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbe5717b2e530ed3889fef7a3f64bd8703892af4df7a50ebdab50877d714ccb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
via: 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 392
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.293/bundles/pixels-release.js&cfRay=750b8cda3b775c68-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Fri, 23 Sep 2022 05:23:07 UTC
server: cloudflare
etag: W/"46dd82490c71a41bce1eabb2e38c89c0"
vary: Accept-Encoding
x-amz-version-id: 7KJ54BFzipn1nE_Td6RfTtNOqayLQBYG
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD12-P3
cf-ray: 750b966db9ab695d-FRA
x-amz-cf-id: wrgBFm5hiSC0JIlMaZWfbYPj6a0p3-R8dzv_blYcz7pUpI4dGrq2_A==
x-hs-target-asset: adsscriptloaderstatic/static-1.293/bundles/pixels-release.js

GET
H2 200 5556002.js Show response
js.hs-banner.com/ 61 KB
16 KB 155ms
137ms Script
text/javascript 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5556002.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5556002.js?integration=WordPress&ver=9.0.123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 117f572bf8be158075549dc3278c0a511ed194a7b95c140808b8045a7cf906e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: KB2CZC8KQC2RAV0Y
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: vzVcvjb2vAYy5gucgJf0mitREkFTyQTGQQ0z8wsc5OQAkscHio8wz9Wwd7gXex/SEjTsj6p9A5U=
timing-allow-origin: *
last-modified: Tue, 30 Aug 2022 21:13:40 GMT
server: cloudflare
etag: W/"c668c3aa132b6eed84492a74aea4ac50"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: 3KcPaqAsJr0zm5HU8upWQLglcVJ8uy5s
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 750b966dcb2cbb32-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 26 Sep 2022 11:21:28 GMT

POST
H2 200 rum Show response
www.deepwatch.com/cdn-cgi/ 0
236 B 35ms
34ms XHR
text/plain 2606:4700:10::6814:ca25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepwatch.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:ca25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
content-type: application/json

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.deepwatch.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 750b966d5ff19a18-FRA
vary: Origin

GET
H2 200 134608030.js Show response
bat.bing.com/p/action/ 1 KB
853 B 112ms
111ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/134608030.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

81da95eaab8c694156407f8f1eb8c88dd6824a0435fe3265fcec746783d45351

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 709493960A8D43C5BC6EC490DE16D7E7 Ref B: FRAEDGE1216 Ref C: 2022-09-26T11:16:28Z
date: Mon, 26 Sep 2022 11:16:27 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 668

GET
H2 204 0
bat.bing.com/action/ 0
175 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134608030&Ver=2&mid=8b2355dd-cb9f-4131-aea9-33e42caf07a5&sid=aa839d103d8c11ed8ae3e559018e5f6a&vid=aa83e4a03d8c11ed9895f1b0ee26b444&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&p=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&r=&lt=1166&evt=pageLoad&sv=1&rn=569769

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C86B2DB64AAA4CA9BDE6CD2E1EE90B50 Ref B: FRAEDGE1216 Ref C: 2022-09-26T11:16:28Z
date: Mon, 26 Sep 2022 11:16:27 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 108ms
48ms XHR
text/plain 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j97&a=479974331&t=pageview&_s=1&dl=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&ul=en-us&de=UTF-8&dt=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=1083964734&gjid=591921129&cid=1165302478.1664190988&tid=UA-153275196-2&_gid=502570505.1664190988&_r=1&gtm=2ou9l0&z=1364277292

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepwatch.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 50ms
50ms XHR
text/plain 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j97&a=479974331&t=pageview&_s=1&dl=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&ul=en-us&de=UTF-8&dt=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=1979606912&gjid=498116979&cid=1165302478.1664190988&tid=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&_gid=502570505.1664190988&_r=1&gtm=2wg9l0W5MRQTD&z=1464811023

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepwatch.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-153275196-2&cid=1165302478.1664190988&jid=1083964734&gjid=591921129&_gid=502570505.1664190988&_u=YADAAUAAAAAAAC~&z=1681550607

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 26 Sep 2022 11:16:28 GMT
content-type: text/plain
access-control-allow-origin: https://www.deepwatch.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.js Show response
wsv3cdn.audioeye.com/ 34 KB
13 KB 59ms
23ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=83605a848e2897df095c1a05ed7249d7
Requested by: Host: wsmcdn.audioeye.com
URL: https://wsmcdn.audioeye.com/aem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef2ff8c86ce1f6c911a5458648e11036559cd2fcb5aa249bd0f050031f8a8caf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

cache-tags: 83605a848e2897df095c1a05ed7249d7
date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
surrogate-keys: 83605a848e2897df095c1a05ed7249d7
cf-cache-status: HIT
server: cloudflare
age: 14
etag: W/"ee71f73c9a8d338b521898c7a7d0c207"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=120
cf-ray: 750b966e98de9bca-FRA

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
324 B 725ms
97ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=21018431&version=2.1.1&ref=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&r=1664190988542
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 11:16:29 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=37
Content-Length: 43

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2227562%26time%3D1664190988543%26url%3Dhttps%253A%252F%252Fwww.deepwatch.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&liSync=true...

0
264 B

230ms
111ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&liSync=true&e_ipv6=AQLzwlUo5gtLWQAAAYN5g0JmyqA1xcUZgnz3N43MzXI5Cp9JZz9YhYd7Le1XAkbMH3FA72cstNXi
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 1583E75133004CE2B01A01629980B1F3 Ref B: FRAEDGE1312 Ref C: 2022-09-26T11:16:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXpkqi+qLL/l/UphNBX2g==
x-li-fabric: prod-lva1

Redirect headers

date: Mon, 26 Sep 2022 11:16:28 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: EBD6259AE7914E178E973C07CFE72D64 Ref B: FRAEDGE1318 Ref C: 2022-09-26T11:16:28Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2227562&time=1664190988543&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&liSync=true&e_ipv6=AQLzwlUo5gtLWQAAAYN5g0JmyqA1xcUZgnz3N43MzXI5Cp9JZz9YhYd7Le1XAkbMH3FA72cstNXi
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXpkqi7KqihBhh/sCYfng==

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
405 B 621ms
92ms XHR
application/json 34.232.159.108
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDY2ODZ9.KnaJ0v-LywW0XHEb1fl3jQhwnlyLC7TbL8B_HIHvecA

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.232.159.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-159-108.compute-1.amazonaws.com

Software

Resource Hash

1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
strict-transport-security: max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 25466729a7868115cefaef75357d8974

GET
H2 200 134608030 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 147ms
102ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/134608030
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/134608030.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: cdb73ac09f899f4ec3eb0301e9a5fa93edbbaf85017a642ea16342e38c782cb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
x-powered-by: ASP.NET
x-azure-ref: 0DIoxYwAAAACYwZIWOtyrQ794MBRhG7q0QU1TMDRFREdFMTgxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
content-length: 1544
expires: -1

GET
H2 200 data.js Show response
tags.clickagy.com/ 38 KB
14 KB 58ms
39ms Script
application/javascript 2606:4700::6812:1fcd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Requested by: Host: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/tlLhAe4Dtv4kKkzHEXWZ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fcd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b05f32b262a8ddfa4c0322b0b4b376258b7996177b98d5a1e2b4585d20cba27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 58107
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id: voLTTawX.GcVEDQiIRYzY2txm8P5Ii8i
last-modified: Fri, 16 Sep 2022 04:12:14 GMT
server: cloudflare
etag: W/"9d3ea74a65932cc93f95029e15978232"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 fd3cce3e0bafd8b312277d0ad9f4762e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
cf-ray: 750b966e8c1b9a30-FRA
x-amz-cf-id: q95EVEdLcbRfvvhGb0uWPR8_Uj9bL5xkhsq9D29pdRfROqXGzIXpww==

GET
H3 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 206ms
189ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=5556002&conversations-embed=static-1.10824&mobile=false&messagesUtk=a02c6fc532334678bc50e322e8a81ee1&traceId=a02c6fc532334678bc50e322e8a81ee1

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6ec3d58b9ab894724de4110f4deee223ef4667cd38ce885474ddfe0fe3233d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f895265e-e4ac-4d9a-92de-b57f00fbf06d
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1462
server: cloudflare
x-trace: 2B499C7E7C08B2BC228A64477D2F38B6D426939848000000000000000000
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXa56cs6KxgVtb3l4%2BilJYRb%2Fr1xZgYSNShCluG7s9Ww7yO1gAhQ52vSlqOZhfKPxsC7059LuHeYiIdJe1C2%2BgQJkXF2sAL6r4eDYmrM%2FxRAwp77IB4pBr7m9Ob3Bjiu0ElX%2FyxyPRQMT8Hw5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.deepwatch.com
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 750b966faac69bee-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 172ms
133ms Preflight
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.deepwatch.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.deepwatch.com
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 750b966ebfc59a24-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Mon, 26 Sep 2022 11:16:28 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8L8hnALXHAasvKKGN%2Ble%2B1Q22iQ%2FfSreAO285HPOQLaHZLo%2BU90fKGiyZb0cn0fp4OlIUgwZO%2BfI7UjvJBweXY9tJvtwOhkjt0uCOxvTBlDvEiym37hBUcpAD5feI9Y72DTWP4YWoLtj23nCw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-hubspot-correlation-id: f5720929-3a03-4ea9-b3cb-7e747ae369c2
x-trace: 2BCC53F2CD53431060816BF4F98539ED69B6EAB1B3000000000000000000

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
892 B 169ms
139ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=492729889&v=1.1&a=5556002&ct=blog-post&rcu=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&pu=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&t=Gootloader+Poisoned+Blogs+Uncovered+by+Deepwatch%E2%80%99s+ATI+Team+-+Deepwatch&cts=1664190988593&vi=a3729fded557eebeaf0c189d52e02f8c&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: a0d1dfd8-9a06-4e68-94dd-7bcb49ed1715
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
x-robots-tag: none
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sx6xLc9OKWtcEHX9TNigRFHN3ST0twxG9T1UZg%2FE8fHRjrPjaNQ5cl7H3sCLwsm60V9aGx5z7%2FR%2FZNRdlPr5m0ylTIZ9PQr4YBQNQgGUrNomrPJXqpMRrAzkMkrbU7drGCqwf6%2FNByMOl9zS2dAb"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 750b966eeab6bbd9-FRA

OPTIONS
H2 200 domain-collection
js.hs-banner.com/cookie-banner-public/v1/ Frame 0
0 133ms
118ms Preflight
application/octet-stream 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/domain-collection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.deepwatch.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 750b966ed9f69ba6-FRA
content-length: 0
content-type: application/octet-stream
date: Mon, 26 Sep 2022 11:16:28 GMT
server: cloudflare
timing-allow-origin: *

POST
H2 204 domain-collection Show response
js.hs-banner.com/cookie-banner-public/v1/ 0
114 B 175ms
172ms XHR
text/plain 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/domain-collection
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/5556002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 11:16:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: a125ac0e-95a3-4149-822a-e69b6e33e6a6
x-trace: 2B5B58EDB9DEED97746C5F544D62B353F72C2DDD0A000000000000000000
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 750b966fac239ba6-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
136 B 132ms
130ms XHR
text/plain 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/5556002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 11:16:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 8950341a-29cc-416b-bf55-da14c5ce8a74
x-trace: 2B358A2016E3E5C4C0EB18F14FBC3177E3795E4D34000000000000000000
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 750b966fac259ba6-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 133ms
120ms Preflight
application/octet-stream 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.deepwatch.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 750b966ed9fa9ba6-FRA
content-length: 0
content-type: application/octet-stream
date: Mon, 26 Sep 2022 11:16:28 GMT
server: cloudflare
timing-allow-origin: *

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 77ms
40ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-153275196-2&cid=1165302478.1664190988&jid=1083964734&_u=YADAAUAAAAAAAC~&z=1369321773

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 77ms
40ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-153275196-2&cid=1165302478.1664190988&jid=1083964734&_u=YADAAUAAAAAAAC~&z=1369321773

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
wsv3cdn.audioeye.com/v2/scripts/ 33 KB
11 KB 35ms
19ms Script
text/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=83605a848e2897df095c1a05ed7249d7&lang=en-US&cb=35a547d
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=83605a848e2897df095c1a05ed7249d7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e710d1e23f7335f645e695f13aacb7f6fcef20f93d45b404a80a8613fab4f03

Request headers

Referer: https://www.deepwatch.com/
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
surrogate-key: prod 83605a848e2897df095c1a05ed7249d7 35a547d
last-modified: Tue, 12 Jul 2022 17:28:34 GMT
server: cloudflare
age: 1933
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
cf-ray: 750b966ef8009b3d-FRA
cf-cache-status: HIT

GET
H2 200 jquery.bundle.35a547d.js Show response
wsv3cdn.audioeye.com/v2/build/ 95 KB
34 KB 17ms
17ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/jquery.bundle.35a547d.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=83605a848e2897df095c1a05ed7249d7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0918cc46e1db66520c7cf95483b33c7fdefede58b575882fd5d5efa352069f31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 18:31:47 GMT
server: cloudflare
age: 6311
etag: W/"632dfb93-17d35"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 750b966ed9639bca-FRA
expires: Tue, 26 Sep 2023 11:16:28 GMT

GET
H2 200 startup.bundle.35a547d.js Show response
wsv3cdn.audioeye.com/v2/build/ 600 KB
144 KB 33ms
33ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.35a547d.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=83605a848e2897df095c1a05ed7249d7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 928da664cfc61ccb22a1e14e0ab5b64d1f6441401228c894a8b5e92ddd5a7919

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 18:31:47 GMT
server: cloudflare
age: 6311
etag: W/"632dfb93-95e3b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 750b966ed9679bca-FRA
expires: Tue, 26 Sep 2023 11:16:28 GMT

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
508 B 551ms
100ms XHR
application/json 54.162.244.84
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.162.244.84 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-162-244-84.compute-1.amazonaws.com
Software: Aorta/20220926.89ad1fb8c /
Resource Hash: 9e634bca97143b3150b782f10eb980a3904f3a3c07c83b1af1cae41ef97eed2e

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
content-encoding: gzip
server: Aorta/20220926.89ad1fb8c
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 65a0bd2e9188
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
328 B 540ms
90ms XHR
text/plain 18.235.90.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.90.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-90-40.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

GET
H2

204

usersync
pixel-sync.sitescout.com/connectors/clickagy/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:281edd6cb759455848c76b656d6bc457&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
https://d.agkn.com/pixel/10751/?che=1664190989311&ip=178.162.209.134&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219723204286001800138
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219723204286001800138
https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D

0
191 B

151ms
33ms

Image
text/plain

66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
Protocol: H2
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:29 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

date: Mon, 26 Sep 2022 11:16:29 GMT
server: Aorta/20220926.89ad1fb8c
location: https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 70c435c15549
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2

451

711861.gif
id.rlcdn.com/
Redirect Chain

https://aorta.clickagy.com/liveramp_redir
https://id.rlcdn.com/711861.gif

0
98 B

98ms
38ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711861.gif
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Mon, 26 Sep 2022 11:16:29 GMT
server: Aorta/20220926.89ad1fb8c
location: https://id.rlcdn.com/711861.gif
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 89a07e50f7e3
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-c/s/0.6.41/ 54 KB
23 KB 101ms
100ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-c/s/0.6.41/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/134608030
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 61b9926e5d52c52c383c00d7e52f2c491b15e7cfd715373b53571632a7459517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
etag: "1d8ccdebe9ad570"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0DIoxYwAAAAApGhDfhNn4RJsuKwrQ1BJ2QU1TMDRFREdFMTgxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=729FB341D0A04F44BC938A6781EC3C87&RedC=c.clarity.ms&MXFR=323B1A3F4FF068D63D3208144BF0667C
https://c.clarity.ms/c.gif?CtsSyncId=729FB341D0A04F44BC938A6781EC3C87&MUID=1E489829A42267BF2DEC8A02A5F06644

42 B
368 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=729FB341D0A04F44BC938A6781EC3C87&MUID=1E489829A42267BF2DEC8A02A5F06644
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
last-modified: Tue, 13 Sep 2022 19:54:52 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8d3298b0aac7d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B616C41219D246E38435FE9A07E3D7FC Ref B: FRAEDGE1216 Ref C: 2022-09-26T11:16:29Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=729FB341D0A04F44BC938A6781EC3C87&MUID=1E489829A42267BF2DEC8A02A5F06644
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 smartrems.bundle.35a547d.js Show response
wsv3cdn.audioeye.com/v2/build/ 135 KB
39 KB 23ms
23ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/smartrems.bundle.35a547d.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.35a547d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2a5027df936787cdf8ad93929c4d069e9b303bdbdf208391b17d8509c658d97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 18:31:59 GMT
server: cloudflare
age: 6269
etag: W/"632dfb9f-21b75"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 750b966fdb929bca-FRA
expires: Tue, 26 Sep 2023 11:16:28 GMT

GET
H2 200 core.js Show response
tools.luckyorange.com/core/ Frame 71A6 204 KB
62 KB 25ms
9ms Script
application/javascript 2600:9000:2156:e00:18:6c16:27c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tools.luckyorange.com/core/core.js?v=8a0ecc5
Requested by: Host: tools.luckyorange.com
URL: https://tools.luckyorange.com/core/lo.js?site-id=9b1d0e44
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e00:18:6c16:27c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32c7ad96308f6af745d811cb40e0922506fd8a3cec66da79bd81dd5538f4b51b

Request headers

Referer
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 16:51:42 GMT
content-encoding: gzip
age: 930287
x-cache: Hit from cloudfront
content-length: 62966
access-control-allow-origin: *
last-modified: Thu, 15 Sep 2022 16:31:22 GMT
server: AmazonS3
etag: "7d65d0dae1bfaf54fe6cf19206080aa8"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/javascript
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: KJnjQQF1vqSmFMUgbvWvkmOseDR4N7IeLzHu4OEDlOOLghKjOX2ajw==

GET
H2 200 cookieStorage.html Show response
wsv3cdn.audioeye.com/v2/frame/ Frame 887E 1 KB
749 B 18ms
17ms Document
text/html 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/frame/cookieStorage.html?build=prod/m&pscb=&cb=35a547d
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.35a547d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fdd357508c4cd326fd421f0893d124d018d55acb5dbb457d7eca24fecfbe4c8c

Request headers

Referer: https://www.deepwatch.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 236889
cache-control: public, max-age=365000000, immutable
cf-cache-status: HIT
cf-ray: 750b9671afe89bca-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 11:16:29 GMT
last-modified: Fri, 23 Sep 2022 17:27:44 GMT
server: cloudflare
vary: Accept-Encoding

POST
H2 200 send
analytics.audioeye.com/air/v0/ 44 B
405 B 639ms
432ms Ping
application/json 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.audioeye.com/air/v0/send
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.35a547d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-94.fra56.r.cloudfront.net
Software: /
Resource Hash: 264a9a3fa2fe11c43ece039b85e14387bd5a7a2b2275cc927ad4a4691d9c1986

Request headers

Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: e7bcb4a5-0f86-4f94-a5fb-59e2142784fc
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-63318a0d-39f90fde66199d5842125da9
x-amz-apigw-id: ZEKCIFNWPHcFi5A=
content-length: 44
x-amz-cf-id: z5th3SJs3NvPakXKxiqaMHoh4EuzWybXiAhMjz_PUyDHsiJs3C_mTw==

POST
H2 204 collect Show response
i.clarity.ms/ 0
177 B 408ms
196ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-c/s/0.6.41/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://www.deepwatch.com
date: Mon, 26 Sep 2022 11:16:28 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 a02c6fc532334678bc50e322e8a81ee1 Show response
app.hubspot.com/conversations-visitor/5556002/threads/utk/ Frame 6B84 49 KB
18 KB 228ms
228ms Document
text/html 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/5556002/threads/utk/a02c6fc532334678bc50e322e8a81ee1?uuid=dc1416fa8bba405d9524a4a4a4758f67&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=deepwatch.com&inApp53=false&messagesUtk=a02c6fc532334678bc50e322e8a81ee1&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9959895bde4d9b5a74356e667c30c43e563563d9e6a6c8389c5a01cacf6ff43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.deepwatch.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 359
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 750b9671a8c2bbd9-FRA
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-visitor-ui/static-1.13284/html/index.html&cfRay=750b9671a8c2bbd9&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F5556002%2Fthreads%2Futk%2Fa02c6fc532334678bc50e322e8a81ee1%3Fuuid%3Ddc1416fa8bba405d9524a4a4a4758f67%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Ddeepwatch.com%26inApp53%3Dfalse%26messagesUtk%3Da02c6fc532334678bc50e322e8a81ee1%26url%3Dhttps%253A%252F%252Fwww.deepwatch.com%252Flabs%252Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fwww.deepwatch.com%2F&cfenv=prod&pdt=2022-09-26&csp=ro
content-type: text/html; charset=utf-8
date: Mon, 26 Sep 2022 11:16:29 GMT
etag: W/"d4c8374b268a70f4c57209c7eabda038"
last-modified: Thu, 22 Sep 2022 02:34:31 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=750b9671a8c2bbd9&resource=conversations-visitor-ui/static-1.13284/html/index.html"}]}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
x-amz-cf-id: 7L8tNP2JO7HHtSjgdlAfxbe0CkfmnOQU1E6MIqEoqBhSOARHu6i4VA==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: 2huMUwwhOy.BXXHDYok45yqT0UOUOfYk
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.13284/html/index.html
x-hs-worker-debug-mode: false

GET
H2 200 main.js Show response
tools.luckyorange.com/integrations/integration-hubspot/core/ Frame 71A6 6 KB
3 KB 11ms
11ms Script
application/javascript 2600:9000:2156:e00:18:6c16:27c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tools.luckyorange.com/integrations/integration-hubspot/core/main.js
Requested by: Host: tools.luckyorange.com
URL: https://tools.luckyorange.com/core/core.js?v=8a0ecc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e00:18:6c16:27c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6eafda6e421fcd8ac5e141da98af953f63188e3c278de5afb19324598f8cc14e

Request headers

Referer
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
content-encoding: gzip
last-modified: Fri, 05 Nov 2021 19:27:10 GMT
server: AmazonS3
age: 1393
etag: W/"7247873faf18ae4b350d0ce91193b76f"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: M0yI7l5OMggwR7LCL3DKp_3WlNox0qO6Pq9ZT4YGb975TDQpnHuUIQ==
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)

GET
H2 200 frame.js Show response
tools.luckyorange.com/core/ Frame 6B84 57 KB
18 KB 16ms
15ms Script
application/javascript 2600:9000:2156:e00:18:6c16:27c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tools.luckyorange.com/core/frame.js?v=8a0ecc5
Requested by: Host: tools.luckyorange.com
URL: https://tools.luckyorange.com/core/core.js?v=8a0ecc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e00:18:6c16:27c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4eb3fc82341890850d95b3f98db54d5a7611cc44afbb90cd83d03f455f8f9be8

Request headers

Referer
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
content-encoding: gzip
age: 1197
x-cache: Hit from cloudfront
content-length: 18350
access-control-allow-origin: *
last-modified: Thu, 15 Sep 2022 16:31:21 GMT
server: AmazonS3
etag: "e7b19089152e3a733640fa404fa3713b"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/javascript
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: VckukMDYPJcKlt7TygnuD3wOfkjdCG2gA_5w5XrZvb5GJktOLaAYpg==

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
512 B 94ms
93ms XHR
application/json 34.232.159.108
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.232.159.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-159-108.compute-1.amazonaws.com

Software

Resource Hash

26a8ebf9f8493155765ccbe380bd5549b993da89d8700bbd8b7182a5ff087534

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
strict-transport-security: max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.deepwatch.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 79c68810af02ce0d0ca886335735bc42

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.233/ Frame 6B84 44 KB
17 KB 51ms
18ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.233/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5556002/threads/utk/a02c6fc532334678bc50e322e8a81ee1?uuid=dc1416fa8bba405d9524a4a4a4758f67&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=deepwatch.com&inApp53=false&messagesUtk=a02c6fc532334678bc50e322e8a81ee1&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93937bf0817b6e1bcdb89f84be1c22381dfda8e57ea8545162f918bda831fb57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 95e3cc9e14ff093ad937f013959268c0.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1695220
x-amz-server-side-encryption: AES256
cf-ray: 750b96735fce695b-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 31 Aug 2022 16:27:12 GMT
server: cloudflare
etag: W/"b9bb5deb1fd70094d095348bbc9bac3b"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=faAVP%2FPzX7jGV3EqypdPUK4yxwd7F%2F%2B2W3jZnUosiuaZ8C0aSWn6KqFZUz2MsOwFto8YYutuDvWXVQE0Vg0QYLmPikPgsuPl%2Ffjb30neHIEyezqhM2FT2t0kLZbxDRzm6%2BAcsuKnSSKoHD9EpN1YVAkz%2F14%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: YwWEW3GKTBxM3DcfvjDQDD5wuQDlJQS2
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: TXL50-P4
content-type: application/javascript
x-amz-cf-id: 8qAWgKJC2lSgprSuL2nWGkiidvgxNcPwtDzbTBuSC0HD59Uun_cRww==
expires: Tue, 26 Sep 2023 11:16:29 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.11843/sass/ Frame 6B84 20 KB
4 KB 88ms
56ms Stylesheet
text/css 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11843/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1740075
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 15 Nov 2021 19:50:41 GMT
server: cloudflare
etag: W/"370a89ea102d7b437eb549729472631f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOdfwZExXiXEYyu%2BUqPVQyZKNRS2GQhnRER%2BwTS7Ds7wVOy8BPH3QKAbYBU5L5Wvv7hndsR3heSMIzOmH5vlaIFy9KRRHnocx%2FMaTwToL9zvWnjkQqeT2rl%2FzDoZjSGnVwq3mMmsK774DcjvqT73H5oJ1yc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: LgyvJN0nZOCplqIYlCYJJ1cibXdW_3K_
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA56-P2
cf-ray: 750b96735b599a33-FRA
x-amz-cf-id: 23c1eNiCqFv3-L7b7GcD5q0QudwUFfEGt_BsOirNla5ADUFWqNjTzQ==
expires: Tue, 26 Sep 2023 11:16:29 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.318/ Frame 6B84 295 KB
94 KB 66ms
34ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.318/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b73e04f825fce19886cac0aca9d05731a0a84cb2cb9d89d02824f78050432cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 239644
x-amz-server-side-encryption: AES256
cf-ray: 750b96735fd3695b-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 26 Aug 2022 15:55:01 GMT
server: cloudflare
etag: W/"5b1f4d75d6eaee5beeed9dac4837c0a5"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mnErDN2NsNOWtYPxFVWhGQbS4gCekZTEJU0VcF5KM4Dn86XuQB1R0Id1ofJPl78Bi93s%2BMxTtMxClPPbpKLYBWr35iA0BTPTVGU%2Bb%2FDccv%2FxiOxHE3vYcHXC9LbSrvQ4gXkWvoXysiEps2FxfR4vYcluhJc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 79lzeElEPpgNZqHHhZKRkUIqs6i85I5W
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P2
content-type: application/javascript
x-amz-cf-id: Ut7ebVKCHIcKBQGEe3TF5zJ_AgERUcd5EZYyYX69aEpUz082-6dtrg==
expires: Tue, 26 Sep 2023 11:16:29 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.13284/bundles/ Frame 6B84 509 KB
148 KB 65ms
33ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.13284/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf6857d5cd423fe71f72573653ba6a4d92624636e565ebc0829bb6b5e9a85fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 333712
x-amz-server-side-encryption: AES256
cf-ray: 750b96735fd4695b-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 21 Sep 2022 18:13:41 GMT
server: cloudflare
etag: W/"cc33b7615661deaf6a5b14825e094602"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXQNt7X76NyfaE3h7VB7uiZk%2FqITL53Gw9yo9hfDREJjBrC0Bm%2BHrsbb0N9J7rfP3JiwEHgsC4vWotyypbfe9qAqUrzmNErDd9Y6mOMHz4Y5cQmamDH4ULrZ%2FivsU9VX%2BPSEBT0mjRiMY%2F7oex%2FoV1IAkWQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: iFN10IANtEnVFJ8NsxoX9t5hw5Ym2Ieg
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P2
content-type: application/javascript
x-amz-cf-id: 2pEtUiEC8mEhe6PF-wS3YkZkogRGAhaEVNWvJyZOS-umsUQyolBNWA==
expires: Tue, 26 Sep 2023 11:16:29 GMT

GET
BLOB 200
OK 093d788e-bd2f-4a8d-883f-cd22635e5be4
https://www.deepwatch.com/ Frame 71A6 0
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.deepwatch.com/093d788e-bd2f-4a8d-883f-cd22635e5be4
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Length: 0

GET
BLOB 200
OK 92b36442-0032-49f8-bf5d-2c6f1b769fca
https://www.deepwatch.com/ Frame 71A6 22 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.deepwatch.com/92b36442-0032-49f8-bf5d-2c6f1b769fca
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: facdb180b697f86f717823c9b0690f55f4792754d6df3bfe356624240d9a0253

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Length: 22873

GET
H3 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.13132/ Frame 6B84 776 B
1 KB 159ms
43ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.13132/i18n-data-data-locales-en-us.js

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.13284/bundles/visitor.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38807303b39d93680355c8470abceb4e815d828dfd46910a93c699ef98501b35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
via: 1.1 b51ed6b920d39641b1652c420839ef4a.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 507086
x-amz-server-side-encryption: AES256
cf-ray: 750b96753dbe915f-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 25 Aug 2022 16:40:34 GMT
server: cloudflare
etag: W/"044638241f905d41789cc2c673254c60"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qTLlrrmYvLA31tkuFKcfc4TQNC7waAaNpsEFLZmUlORKEbIqqg5d%2BgQfhl2Rl3g53TLyCrHtcw4R24gBF91NOc1nqtr5PnGMsGwBNOLKhTxi6Jvsfha7rmhYnCqHPm5prE9NhB02LFGCfFVONB2%2F%2F9JZTMQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: zipcIInrJFt3zfvIiQZo97o9mJSxcBiN
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FCO50-P4
content-type: application/javascript
x-amz-cf-id: K7QujK2c85zmLBahX4KpuFpnvDOz1Umzj5_a5Ds5XLYJuaqonVjBtQ==
expires: Tue, 26 Sep 2023 11:16:29 GMT

POST
H3 204 rhumb
app.hubspot.com/api/cartographer/v1/ Frame 6B84 0
1 KB 169ms
157ms Ping
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.13284

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.13284/bundles/visitor.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/conversations-visitor/5556002/threads/utk/a02c6fc532334678bc50e322e8a81ee1?uuid=dc1416fa8bba405d9524a4a4a4758f67&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=deepwatch.com&inApp53=false&messagesUtk=a02c6fc532334678bc50e322e8a81ee1&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Sep 2022 11:16:29 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 9e9d1e48-2f00-406b-a37b-2b868a742eb9
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
server: cloudflare
access-control-max-age: 604800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0S09MXHGyOICSADFv%2BTEKYn%2FL5IPFxch3BiGr4BD2gQHCttzyAlkPz4n%2Fz3AVwkbGsvE4ZOYLC3c8dNhzNAQzoeFHD5qCzx%2F4oTikikwg5oRwru8iY95gL%2FWIf2XV4I%2FBRTfddyUslvD%2FgdxCg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet
access-control-allow-credentials: true
cf-ray: 750b9675c97c905b-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer

GET
H3 200 welcomeMessages Show response
app.hubspot.com/api/livechat-public/v1/bots/public/bot/1494839/ Frame 6B84 856 B
1 KB 159ms
156ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/1494839/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.13284&conversations-visitor-ui=static-1.13284&traceId=a02c6fc532334678bc50e322e8a81ee1&sessionId=AMOaWbK2Pt8oCdrApGP6waqMs04fmWcpdSGNh8pMB1ekrTTmG1hL3xTxuDVo6Lrq5q2xoFcoMwiN-BRZTRH0IwJribMyUESVNZjmRGdvLH80_pmktBAeMJLnXzX0PD1B19dO6VxjUGh05YdAF2gUKSSJSc2Xq7V5qW3RG-9luDk7R1u7AX_HvoQ

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/head-dlb/static-1.233/bundle.production.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6511af55a96e158663e43ba5eb8b9c1a05e7fdf4364273a5f962bea9acca81b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://app.hubspot.com/conversations-visitor/5556002/threads/utk/a02c6fc532334678bc50e322e8a81ee1?uuid=dc1416fa8bba405d9524a4a4a4758f67&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=deepwatch.com&inApp53=false&messagesUtk=a02c6fc532334678bc50e322e8a81ee1&url=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f4205d8a-1515-4835-8ff0-eee11ba44fd8
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2B334DA81AF3DCCC70D83B287CB9273D3FFBE0030F000000000000000000
date: Mon, 26 Sep 2022 11:16:29 GMT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wx6p5uZRPRIFltkXbErrnXxxEZVk6BdnGObaejsIJCy7LQ%2FR69kFjngvjed7%2FG8dhyNfEUaYxxXNmDzVxkBc7mZfJcMf2Ztt32ppg2mn%2BRBUpRRXIjfWSygKZpWnYdi8uSv80JTp7xungveBLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-credentials: false
cf-ray: 750b9675c978905b-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 97ms
96ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-c/s/0.6.41/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.deepwatch.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-origin: https://www.deepwatch.com
date: Mon, 26 Sep 2022 11:16:29 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 launcher.bundle.35a547d.js Show response
wsv3cdn.audioeye.com/v2/build/ 83 KB
21 KB 20ms
19ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/launcher.bundle.35a547d.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.35a547d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6068296ee45719e27afae4be6bac39d0af15fba17728b4261b941c1d782956a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 18:31:47 GMT
server: cloudflare
age: 6254
etag: W/"632dfb93-14c2a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 750b96833ed39bca-FRA
expires: Tue, 26 Sep 2023 11:16:31 GMT

GET
H2 200 compliance.bundle.35a547d.js Show response
wsv3cdn.audioeye.com/v2/build/ 329 KB
74 KB 26ms
26ms Script
application/javascript 2606:4700::6812:184c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsv3cdn.audioeye.com/v2/build/compliance.bundle.35a547d.js
Requested by: Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/build/startup.bundle.35a547d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:184c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4961929e3a8925ab015d582b52657e3b23a2c24e243692b2aaf9cda5a569dba3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 11:16:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 18:31:59 GMT
server: cloudflare
age: 6219
etag: W/"632dfb9f-5235d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 750b96833ed59bca-FRA
expires: Tue, 26 Sep 2023 11:16:31 GMT

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35

Request headers

Referer
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: font/truetype

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v22/ 14 KB
14 KB 108ms
30ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.deepwatch.com/
Origin: https://www.deepwatch.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 08:29:26 GMT
x-content-type-options: nosniff
age: 269226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13976
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:07 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 23 Sep 2023 08:29:26 GMT

POST report
analytics.audioeye.com/air/ 0
0

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 53ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9T89M3FL79&gtm=2oe9l0&_p=479974331&cid=1165302478.1664190988&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=2&sid=1664190988&sct=1&seg=1&dl=https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F&dt=Gootloader%20Poisoned%20Blogs%20Uncovered%20by%20Deepwatch%E2%80%99s%20ATI%20Team%20-%20Deepwatch&en=page_view&_et=76
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9T89M3FL79
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepwatch.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 11:16:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepwatch.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: analytics.audioeye.com
URL: https://analytics.audioeye.com/air/report

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.deepwatch.com/	1970-01-20 15:02:06	Name: d-a8e6 Value: 242b8f5e-1998-4177-b6a8-8c989536fa4e
www.deepwatch.com/	1970-01-20 06:16:31	Name: s-9da4 Value: d4e29b78-d2b5-436b-82cd-28379ed5465b
.bing.com/	1970-01-20 15:38:06	Name: MUID Value: 1E489829A42267BF2DEC8A02A5F06644
www.deepwatch.com/	1969-12-31 23:59:59	Name: gscs Value: 1664190988.1664190988.1664190988
www.deepwatch.com/	1970-01-20 15:52:30	Name: gscv Value: 1664190988.1664190988.1664190988.1
www.deepwatch.com/	1970-01-20 15:52:30	Name: gsci Value: pxobvewtsxcvv0t81l25x6bcmevbb3wm
.deepwatch.com/	1970-01-20 08:26:06	Name: _gcl_au Value: 1.1.541477433.1664190988
.deepwatch.com/	1970-01-20 15:52:30	Name: _ga_9T89M3FL79 Value: GS1.1.1664190988.1.1.1664190988.0.0.0
.deepwatch.com/	1970-01-20 06:17:57	Name: _uetsid Value: aa839d103d8c11ed8ae3e559018e5f6a
.deepwatch.com/	1970-01-20 15:38:06	Name: _uetvid Value: aa83e4a03d8c11ed9895f1b0ee26b444
.deepwatch.com/	1970-01-20 15:52:30	Name: _ga Value: GA1.2.1165302478.1664190988
.deepwatch.com/	1970-01-20 06:17:57	Name: _gid Value: GA1.2.502570505.1664190988
.deepwatch.com/	1970-01-20 06:16:31	Name: _gat_gtag_UA_153275196_2 Value: 1
.techtarget.com/	1970-01-20 06:16:32	Name: __cf_bm Value: 2ka0fxA5AF0omQ_XSy.kUEwelVuuZuo1NkcnrC4XMgI-1664190988-0-AcJNU7IxB3aGH2awn/6FPScG1TFQw/cNmuXpr3E5njSu7F/ID8DKOlvNOiH2dFEijDT8hYfPXQ8H4tnEayhbRXA=
.ws.zoominfo.com/	1970-01-20 15:02:06	Name: visitorId Value: 97c184cb909b3f678b124a1b5f7147d7c8ce94e3c36e913ba5b4c4a2880c7a95
.zoominfo.com/	1970-01-20 06:16:32	Name: __cf_bm Value: UAHVdgJo3dTIAC2QwFnTW1dm_lSL7IO4rz6bqTsAilk-1664190988-0-AQqj3OY+623KuD37FWnAW8QpxSUOXJCBo7VacJ/vM7ZTQiDg2TdSl+vhhQ5jddfJwaDmz1v2sO1D4RCDYTjc3ks=
.deepwatch.com/	1970-01-20 06:16:31	Name: _gat_https%3A%2F%2Fwww.deepwatch.com%2Flabs%2Fgootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team%2F Value: 1
.influ2.com/	1970-01-20 15:02:06	Name: R Value: c40e7cbbb181c38fa4ed2cc1
www.clarity.ms/	1970-01-20 15:02:06	Name: CLID Value: d62cdca0781545e495602e7ed2c296db.20220926.20230926
.linkedin.com/	1970-01-20 06:59:42	Name: UserMatchHistory Value: AQLDWRmYeij89AAAAYN5g0Fq62VHDxEyq-RlRTBKByBNNMpVoQwixRUw4eCY1TmG3ZAXFC7sDfsd7A
.linkedin.com/	1970-01-20 06:59:42	Name: AnalyticsSyncHistory Value: AQJ1oq9j-pWCggAAAYN5g0FqGpNP0_Ckdc8Kq4K66I-_fTPsbjd8Gxt5etBjytt4piisWn1sMqXJe72b-EZqyA
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 15:02:06	Name: bcookie Value: "v=2&f1aa3a8a-ac19-4a56-83f3-d04bbc869899"
.linkedin.com/	1970-01-20 06:17:57	Name: lidc Value: "b=VGST06:s=V:r=V:a=V:p=V:g=2486:u=1:x=1:i=1664190988:t=1664277388:v=2:sig=AQEWZl4WuzbeC3fF38sOWI4T7Uqzoheb"
s.getsmartcontent.com/	1970-01-20 15:52:30	Name: gsci Value: pxobvewtsxcvv0t81l25x6bcmevbb3wm
.hubspot.com/	1970-01-20 06:16:32	Name: __cf_bm Value: SEZAw2Dhf85MUBphTbhiEQI9n6d_BFMNjarZ4QAaYJw-1664190988-0-Aes94qwJz898n13oSgXnfYXnpXoGxIlh+ISXRF3HJOyA+ZxUZNuGw3I24/o36EFH54U6ugLgQbR9qibHihUzwTk=
.deepwatch.com/	1970-01-20 15:02:06	Name: _clck Value: a9vhyj\|1\|f57\|0
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:02:06	Name: bscookie Value: "v=1&20220926111628bd9e9a29-063d-4718-8712-58fbf07c3741AQFGFiyWADoe3FKcCTu51r313Qtss40n"
.linkedin.com/	1970-01-20 10:35:42	Name: li_gc Value: MTswOzE2NjQxOTA5ODg7MjswMjHo1iRXdojBXTWgZ8K62uETPQWeddvD+usGXkK3X5nf4Q==
www.deepwatch.com/	1970-01-20 15:02:06	Name: _aeaid Value: 6ae98508-0649-4dbf-afac-ee5e69e13490
.deepwatch.com/	1970-01-20 15:52:30	Name: lo-uid Value: 9b1d0e44-1664190988722-ffa2e14cdbb1dd35
.deepwatch.com/	1970-01-20 15:52:30	Name: lo-visits Value: 1
www.deepwatch.com/	1970-01-20 06:26:35	Name: slireg Value: https://scout.us3.salesloft.com
.c.bing.com/	1970-01-20 15:38:06	Name: SRM_B Value: 1E489829A42267BF2DEC8A02A5F06644
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:38:06	Name: MUID Value: 1E489829A42267BF2DEC8A02A5F06644
.c.clarity.ms/	1970-01-20 06:16:31	Name: ANONCHK Value: 0
www.deepwatch.com/	1970-01-20 15:02:06	Name: sliguid Value: dce7beea-2a3c-44ea-b885-b0a7b255fc86
www.deepwatch.com/	1970-01-20 15:02:06	Name: slirequested Value: true
.deepwatch.com/	1970-01-20 06:17:57	Name: _clsk Value: mvz6kb\|1664190989329\|1\|1\|i.clarity.ms/collect
.agkn.com/	1970-01-20 15:02:06	Name: ab Value: 0001%3AD6Ck8dz2Yn%2B4Xpqw%2F25vhwQEkxTiXV6Z
.agkn.com/	1970-01-20 15:02:06	Name: u Value: C\|0AAAAAAAAKsRGjQAAAAAA
.deepwatch.com/	1970-01-20 10:35:42	Name: messagesUtk Value: a02c6fc532334678bc50e322e8a81ee1
www.deepwatch.com/	1970-01-20 15:52:30	Name: aelastsite Value: W%2BPvDTsBHVrXb80z3KiaTMCsArGYPESe4XWufil4niXsU%2F%2FVzLXSDaxSvU8e3e%2FT
www.deepwatch.com/	1969-12-31 23:59:59	Name: aelreadersettings Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
wsv3cdn.audioeye.com/	1970-01-20 15:52:30	Name: aelastsite Value: W%2BPvDTsBHVrXb80z3KiaTMCsArGYPESe4XWufil4niXsU%2F%2FVzLXSDaxSvU8e3e%2FT
wsv3cdn.audioeye.com/	1969-12-31 23:59:59	Name: aelreadersettings Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
www.deepwatch.com/	1969-12-31 23:59:59	Name: aeatstartmessage Value: true
wsv3cdn.audioeye.com/	1969-12-31 23:59:59	Name: aeatstartmessage Value: true

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://app.splithero.com/api/js?r=https://www.deepwatch.com/labs/gootloader-poisoned-blogs-uncovered-by-deepwatchs-ati-team/&wpliu=false Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://id.rlcdn.com/711861.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
analytics.audioeye.com
aorta.clickagy.com
api.hubspot.com
app.hubspot.com
app.splithero.com
apt.techtarget.com
bat.bing.com
c.bing.com
c.clarity.ms
cdn.getsmartcontent.com
d.agkn.com
fonts.gstatic.com
hemsync.clickagy.com
i.clarity.ms
id.rlcdn.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.usemessages.com
match.adsrvr.org
pixel-sync.sitescout.com
privacy-policy.truste.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.getsmartcontent.com
scout-cdn.salesloft.com
scout.salesloft.com
settings.luckyorange.com
snap.licdn.com
static.cloudflareinsights.com
static.hsappstatic.net
stats.g.doubleclick.net
t.influ2.com
tags.clickagy.com
tools.luckyorange.com
track.hubspot.com
trk.techtarget.com
vidassets.terminus.services
wec-assets.terminus.services
ws.zoominfo.com
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
www.clarity.ms
www.deepwatch.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.influ2.com
www.linkedin.com
analytics.audioeye.com
13.107.42.14
151.139.237.219
18.235.90.40
18.66.122.122
20.234.93.27
2001:4860:4802:32::36
206.19.49.24
2600:9000:2156:e00:18:6c16:27c0:93a1
2606:4700:10::6814:ca25
2606:4700:4400::6812:21ab
2606:4700:4400::ac40:91d9
2606:4700:440e::ac40:9c1a
2606:4700::6810:650c
2606:4700::6811:44b0
2606:4700::6811:73b0
2606:4700::6811:7d2
2606:4700::6811:ba49
2606:4700::6811:d5cc
2606:4700::6811:eecc
2606:4700::6812:184c
2606:4700::6812:1fcd
2606:4700::6812:df5a
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:806::2004
2a00:1450:4001:810::2003
2a00:1450:4001:813::2008
2a00:1450:400c:c0c::9c
2a00:1450:400d:807::200e
2a00:1450:400d:80c::2013
2a00:1450:400d:80d::2003
2a02:26f0:11a::6867:4868
34.107.203.234
34.107.254.219
34.232.159.108
35.157.16.92
35.244.174.68
35.71.131.137
52.167.85.21
52.222.236.25
52.222.236.89
52.222.236.94
54.162.244.84
54.171.98.27
54.205.2.75
66.155.71.149
95.179.155.174
01166bec93c254eab63db48f7155045ec7124dfeaa5fe8fd2b8faa31041489ca
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988
0918cc46e1db66520c7cf95483b33c7fdefede58b575882fd5d5efa352069f31
0b6d942711f1721a2458ec48d431a328384b7f955086cdcf4252b51e4a4ee2ff
117f572bf8be158075549dc3278c0a511ed194a7b95c140808b8045a7cf906e3
169c1b84dd531894024c8602282fd3a814b5653adfd561277e77d031bc6a3544
173b8381fa04cccd882762d794347a90da3d11e22c26ac430c54ac4a5cb15287
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
20561d5752db7c8b4fb9cadd2d3f4137108740b246cab96479c88e71d115c3b6
22e23c80add47a1d95b929b94c73e26e8ddd56e2a88f685694ca9071d246a972
22f3ee9f5089c44953a5879948aac89acab428baef1ef15145233470da61b8cd
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
264a9a3fa2fe11c43ece039b85e14387bd5a7a2b2275cc927ad4a4691d9c1986
26a8ebf9f8493155765ccbe380bd5549b993da89d8700bbd8b7182a5ff087534
27ecfb00dc34367ee0f42518ae04fbabdb9c4e2b6bf32c5288dd8f214e2a7b4c
2bb70668c3a697c9dbeec81da46b468369fea6591ff492d152949f10b07927ec
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f6ec3d58b9ab894724de4110f4deee223ef4667cd38ce885474ddfe0fe3233d
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
32c7ad96308f6af745d811cb40e0922506fd8a3cec66da79bd81dd5538f4b51b
33b5e84734e6c2f41286376d3c9ee3da94da179f4e3b20c7e3a20e1a21c2b665
34b2a92df475bac4213019d7cd954379219153c1e0049478632ba4d42a327aeb
38807303b39d93680355c8470abceb4e815d828dfd46910a93c699ef98501b35
3982b6cf2ed6575f33845556f43925d0f53a47e4e9e963c8a6d4194c65986532
39fff1625b0b4cafafad7147fb99ea074ddac65d5f1de885968e0d90f01a51dc
3dc3f4b3215701f48038c52e3df8a298a1366ca69e36dbe06300894372d8ab5a
472c7748607b5b76986bb54ffe3fe79ea954f61705aabd2a0fa80d13b2eee46b
4961929e3a8925ab015d582b52657e3b23a2c24e243692b2aaf9cda5a569dba3
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b8271a7147141530b4450016f74d728419e6cea808360acdf2c25ce1ab6cf96
4c1fe8c89ac98d3cb920ae2ddb0ef72a3f4b8d86d42a30390b2a39163895bec0
4eb3fc82341890850d95b3f98db54d5a7611cc44afbb90cd83d03f455f8f9be8
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5cbfc3e27c7865053f62a56eabceb2cbd3586056165a875d17e8022e9e5ac814
5ebfb3e7c28baaa1ed6caa661bf56e63896bf539b7718421c66a734d71703e76
6068296ee45719e27afae4be6bac39d0af15fba17728b4261b941c1d782956a1
61b9926e5d52c52c383c00d7e52f2c491b15e7cfd715373b53571632a7459517
62b8e704838162585ae0dda4079c05b4cb17991998333e499579b5c350a74886
6511af55a96e158663e43ba5eb8b9c1a05e7fdf4364273a5f962bea9acca81b9
697aa9bad784637089e866dec0fab57a20f19c634f6c52c276f77e71dbfd348f
6a904656a4838445d97715acceb32d208859675ba1e689780398a6977c77d4d9
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6eafda6e421fcd8ac5e141da98af953f63188e3c278de5afb19324598f8cc14e
75bcb168edf5c40186650f096234569a0b55f9ba24c65b04cc4e8219f28ab3a1
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
7715065c3e179318c7c23235408a4213a4a9ef93bc31532244080cfe03fafbcf
81da95eaab8c694156407f8f1eb8c88dd6824a0435fe3265fcec746783d45351
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8992882b548461f80c8ae3ffbfb873fe5e0a376d029fcf9a411326e8ce568a28
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216
928da664cfc61ccb22a1e14e0ab5b64d1f6441401228c894a8b5e92ddd5a7919
93937bf0817b6e1bcdb89f84be1c22381dfda8e57ea8545162f918bda831fb57
987941b5d3a6c4e78ca1ffb937a62002f0f888c1c85dfaa05de36ced74b36696
98f556295357a81a54321ddccf9ac9c907239015f86287539c9ae8981dc8a7b7
990ac459aa852af7e53e62feccbf70cfe935bf4f732bfd3d827e10f678dc4f23
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b05f32b262a8ddfa4c0322b0b4b376258b7996177b98d5a1e2b4585d20cba27
9b73e04f825fce19886cac0aca9d05731a0a84cb2cb9d89d02824f78050432cc
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
9e56bd6105d6e24d804d3db97049f580c26390f475a87f7535e066bdc815b2f2
9e634bca97143b3150b782f10eb980a3904f3a3c07c83b1af1cae41ef97eed2e
9e710d1e23f7335f645e695f13aacb7f6fcef20f93d45b404a80a8613fab4f03
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
b084fbb870731ad1bb8215c558b54a43485fe1d71121db1c394b92f8d444d817
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a5027df936787cdf8ad93929c4d069e9b303bdbdf208391b17d8509c658d97
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b8a8ec7352e8ef95ef8399a06d2093af1796b76629726af9f0a2bf32338854c4
b8f3054d66c25b3b2011b4f801244e7b7905fcb3fe5dac5619dd0153c1a0d694
bbe5717b2e530ed3889fef7a3f64bd8703892af4df7a50ebdab50877d714ccb1
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf6857d5cd423fe71f72573653ba6a4d92624636e565ebc0829bb6b5e9a85fd1
c235f034c37af84c187d25e67226381dfa536e879693ef2e4d3fd2cc882acf6a
c7d7d4073c85a19e51e38957a531597a037d44e32097cb9c2413d9c129cb74cf
cb571806844701539661fb479c3435d493c4879058b4ba2f0e120c4d4c2c49ec
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdb73ac09f899f4ec3eb0301e9a5fa93edbbaf85017a642ea16342e38c782cb4
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35
d267998c3594ce7f02341a5a8ef2b2705627f2552960e332d73747022406a30b
d32c386d660f024b4b4c8a6a461296bfc2abd88dfa4f5daaff03a64b8a84ea99
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df9cf0f0a6e8226fe26f68dab8af29af21e837213b2fa093c4442fcc05935931
e11e1a3f5157da13ecdf6311a8ea51bc908f1de6e12564b11f0c505b3aa83c5c
e137691c561e3a0ff6ed790709af1e5b95ded96549c4fef9e2a90e0635bcc99f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9959895bde4d9b5a74356e667c30c43e563563d9e6a6c8389c5a01cacf6ff43
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ff8c86ce1f6c911a5458648e11036559cd2fcb5aa249bd0f050031f8a8caf
f5d73f1d1fbca77122e89e95b14ce453e3606bc3ea43921e221a1cb7a633314c
facdb180b697f86f717823c9b0690f55f4792754d6df3bfe356624240d9a0253
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fdd357508c4cd326fd421f0893d124d018d55acb5dbb457d7eca24fecfbe4c8c

www.deepwatch.com Open in urlscan Pro 2606:4700:10::6814:ca25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

115 Requests

94 %HTTPS

58 %IPv6

35 Domains

54 Subdomains

48 IPs

7 Countries

1503 kBTransfer

4909 kBSize

50 Cookies

9 Outgoing links

Redirected requests

115 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.deepwatch.com Open in urlscan Pro
2606:4700:10::6814:ca25 Public Scan

Screenshot
Live screenshot

Full Image

115
Requests

94 %
HTTPS

58 %
IPv6

35
Domains

54
Subdomains

48
IPs

7
Countries

1503 kB
Transfer

4909 kB
Size

50
Cookies

115 HTTP transactions
1 data transactions