www.bitsight.com Open in urlscan Pro
2606:4700:10::ac43:60f  Public Scan

24 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 77

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQLUhjRvN_vn2gAAAZPaaUwpdS2olYgMMBwO7OpMEzv3zFHcRG4KE7_751_jLG2vsHXK2P8

Request Chain 79

• https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D

Request Chain 81

• https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= HTTP 303
• https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D6762ebda7b48c00001493fce%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= HTTP 302
• https://map.go.affec.tv/map/an/7922062215203395630?ch=6762ebda7b48c00001493fce&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= HTTP 303
• https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=

Request Chain 84

• https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request badbox-botnet-back Show response www.bitsight.com/blog/	135 KB 23 KB	547ms 475ms	Document text/html	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0617195be14d273c9e1f58f9f70196fae3ad12f99da773cb5ab9b180e3ecb216 Security Headers Name Value Content-Security-Policy report-uri /report-csp-violation Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers age 8572 cache-control max-age=31536000, public cf-cache-status DYNAMIC cf-ray 8f4039ab5cb363e4-LHR content-encoding br content-language en content-security-policy report-uri /report-csp-violation content-type text/html; charset=UTF-8 date Wed, 18 Dec 2024 15:35:53 GMT expires Sun, 19 Nov 1978 05:00:00 GMT last-modified Wed, 18 Dec 2024 13:12:59 GMT link <analytics.google.com>; rel="dns-prefetch", <js.driftt.com>; rel="dns-prefetch", <rackingapi.trendemon.com>; rel="dns-prefetch", <tags.srv.stackadapt.com>; rel="dns-prefetch", <cdn.optimizely.com>; rel="dns-prefetch", <js.hs-scripts.com>; rel="dns-prefetch", <logx.optimizely.com>; rel="dns-prefetch", <metrics.hotjar.io>; rel="dns-prefetch", <bootstrap.driftapi.com>; rel="dns-prefetch", <ka-p.fontawesome.com>; rel="dns-prefetch", <audioeye.com>; rel="dns-prefetch", <googletagmanager.com>; rel="dns-prefetch", <permutive.com>; rel="dns-prefetch", <hotjar.com>; rel="dns-prefetch", <analytics.google.com>; rel="preconnect", <js.driftt.com>; rel="preconnect", <rackingapi.trendemon.com>; rel="preconnect", <consent.trustarc.com>; rel="preconnect", <cdn.optimizely.com>; rel="preconnect", <js.hs-scripts.com>; rel="preconnect", <metrics.hotjar.io>; rel="preconnect", <logx.optimizely.com>; rel="preconnect", <bootstrap.driftapi.com>; rel="preconnect", <ka-p.fontawesome.com>; rel="preconnect", <tags.srv.stackadapt.com>; rel="preconnect", <audioeye.com>; rel="preconnect", <googletagmanager.com>; rel="preconnect", <permutive.com>; rel="preconnect", <hotjar.com>; rel="preconnect", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2>; rel="prefetch", <https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2>; rel="prefetch", <https://kit.fontawesome.com/bc8e4d7021.js>; rel="prerender", <https://js-agent.newrelic.com/nr-rum-1.255.0.min.js>; rel="prerender" referrer-policy no-referrer-when-downgrade server cloudflare strict-transport-security max-age=2592000; includeSubDomains surrogate-key tilu alec 15nq bh81 mfcg 135a t5be 1rv1 4iqj 2h09 k5im 7bmp epgs ffa2 tapm s1so lgqj d7d6 1971 6ehj gaf3 bdo0 vblc knej sheu khoj 4n5i cj78 vja0 ka5u 78t5 6dsl ldc7 snk9 tib3 rjqv tjhs n16q keo3 rl04 p93v vcdf e79l u1q5 gsd9 lira nl66 jro7 in6f h29v iu4c 3kis e6ki 2pbm 3t5u 96os 1cn6 8j3g o1kn grd9 o13v ck9d 7jh1 pdhm u7v7 vnpd b7mh 6ogk 22p7 6tvg 28nu 8ele ieco 3r6a q7vo kqe5 1vef 9obn qggh 8ust ppbt avon p78i afak krqr cdhs k8rv cios 4nfg ql68 3bhf l3np 5re3 bsc4 aucp ut71 kvo9 u6mj i1hh m4ma 704t l0o5 ebeg 601f kfqg eit7 ig0p 4fu4 vq51 oauf snab trke e1j3 vary Cookie,Accept-Encoding via varnish x-ah-environment prod x-cache HIT x-cache-hits 46 x-content-type-options nosniff x-dns-prefetch-control on x-drupal-cache MISS x-drupal-dynamic-cache MISS x-frame-options SAMEORIGIN x-generator Drupal 10 (https://www.drupal.org) x-request-id v-cdfb3a8e-bd41-11ef-ac56-cfcf651c01c5 x-xss-protection 1; mode=block
GET H3	200	S6uyw4BMUTPHjx4wXiWtFCc.woff2 fonts.gstatic.com/s/lato/v22/	0 14 KB	85ms 38ms	Other font/woff2	142.250.185.195 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXiWtFCc.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f3.1e100.net Software sffe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers age 546686 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Fri, 12 Dec 2025 07:44:27 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 07:44:27 GMT last-modified Wed, 26 Jan 2022 19:14:07 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 13976 x-xss-protection 0 server sffe
GET H2	200	pro-fa-light-300-0.woff2 ka-p.fontawesome.com/releases/v6.5.2/webfonts/	0 15 KB	98ms 39ms	Other font/woff2	2606:4700:4400::6812:2844 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-0.woff2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=31556926 cf-cache-status HIT etag "660c2974-3c34" age 2996815 cf-ray 8f4039aebb64ef07-LHR accept-ranges bytes access-control-allow-origin * content-length 15412 date Wed, 18 Dec 2024 15:35:53 GMT content-type font/woff2 last-modified Tue, 02 Apr 2024 15:51:16 GMT vary Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method server cloudflare
GET H2	200	26349430206.js Show response cdn.optimizely.com/js/	354 KB 101 KB	104ms 45ms	Script text/javascript	2606:4700::6812:4139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.optimizely.com/js/26349430206.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fc8434b6a21e508069e32534fd18568afe69a9ba30980f99f83d0f95eed66b5f Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-max-age 86400 access-control-expose-headers x-amz-meta-revision content-encoding gzip cf-cache-status HIT etag "0ec54cdd4f69da5ce6bf116800ad35f5" x-amz-version-id D_IvQ1gN4K.28uSeIq5oJruIrVBheODN age 189 access-control-allow-methods GET, HEAD date Wed, 18 Dec 2024 15:35:53 GMT x-amz-meta-revision 10757 content-type text/javascript; charset=utf-8 last-modified Wed, 18 Dec 2024 14:39:26 GMT vary Accept-Encoding x-amz-id-2 cgxvMQa2EpSmNj+gRORBAHGhJvtCVBzwB3+JsEMvdB3TwEwL8yBRKXhc+yRSnafcAh69qi4M7tw= access-control-allow-headers * x-amz-replication-status PENDING cache-control max-age=120 timing-allow-origin * x-amz-meta-pci_enabled False access-control-allow-credentials false x-amz-request-id WT36JZG36NQ0XAX3 cf-ray 8f4039aebd7c6582-LHR accept-ranges bytes access-control-allow-origin * content-length 102518 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css www.bitsight.com/sites/default/files/css/	4 KB 1 KB	395ms 395ms	Stylesheet text/css	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/css/css_wjLlWkvELeB5C1Dj3QMKZV9a9veXJMICaLma2A_nW0g.css?delta=0&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a9f95cd98279def71cf5279f01539030d309444815b54309fe6b692a40c3bc8 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-21564494-bb7b-11ef-a099-3f85994f2046 content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 07:03:44 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type text/css vary Accept-encoding x-cache-hits 9 last-modified Sun, 15 Dec 2024 05:50:24 GMT strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039ae5fb363e4-LHR accept-ranges bytes content-length 1331 server cloudflare
GET H2	200	css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css www.bitsight.com/sites/default/files/css/	90 KB 14 KB	362ms 362ms	Stylesheet text/css	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7993ddd718d3f12a2d1f83027a740a9cdb67932bb6c453cbb8db93cc4e1c15f3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-68cff7f0-bb7d-11ef-abab-3b18dfe012af content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 07:14:37 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type text/css vary Accept-encoding x-cache-hits 10 last-modified Fri, 13 Dec 2024 23:24:44 GMT strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039ae5fb763e4-LHR accept-ranges bytes content-length 14030 server cloudflare
GET H2	200	Products_EnterpriseSecurity.svg www.bitsight.com/sites/default/files/2024/04/27/	994 B 624 B	40ms 40ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_EnterpriseSecurity.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash faa835bf336518ca4931e778fb197ec61619cffb788dd165101fd75a72e8501c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-2b0579dc-7fa9-11ef-8f1a-1bf2f532319e content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:10 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:46:48 GMT x-cache-hits 98512 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039ae5fb863e4-LHR server cloudflare
GET H2	200	Products_DigitalSupplyChainSecurity.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 501 B	47ms 47ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_DigitalSupplyChainSecurity.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05ec3af317f66e55cf146dae21f89cefe57f554f4578b6f3cc2725556f6e4568 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-a69fc274-7fa8-11ef-877b-fbeec39b1bd6 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:10 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:48:47 GMT x-cache-hits 88192 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039ae5fb963e4-LHR server cloudflare
GET H2	200	Products_RiskGovernanceReporting.svg www.bitsight.com/sites/default/files/2024/04/27/	712 B 443 B	48ms 48ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskGovernanceReporting.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81c36cdb108432837c8b0aa93698c722ca46600ccd3b9b291f9525028cc597f0 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-8c303d32-06fa-11ef-b42b-5fe8171e2b39 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:56:06 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:50:46 GMT x-cache-hits 3 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8f4039ae9ff063e4-LHR server cloudflare
GET H2	200	Products_RiskAnalysisData.svg www.bitsight.com/sites/default/files/2024/04/27/	630 B 396 B	41ms 41ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_RiskAnalysisData.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e157ae234a3355cfdc3c556f5eb217ef5813a52285c7bc076cbcb2f2b051e1fa Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-f345b368-7fa8-11ef-a4ad-ef0b67ed8a2b content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:07 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:52:21 GMT x-cache-hits 100095 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039aea80063e4-LHR server cloudflare
GET H2	200	Products_CyberUnderwritingRiskControl.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 778 B	38ms 38ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Products_CyberUnderwritingRiskControl.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a06c148437510af39e43af96755690d51dade3be7db0e89187a517173a39fee Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-8cd85e0e-06fa-11ef-9a40-c7211ac61ad7 content-encoding br cf-cache-status HIT age 7 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:41 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:53:11 GMT x-cache-hits 1 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8f4039aee84263e4-LHR server cloudflare
GET H2	200	Produ_ProfessionalServices.svg www.bitsight.com/sites/default/files/2024/04/27/	2 KB 1 KB	44ms 41ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Produ_ProfessionalServices.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 597eaadaf8ff91a99dd23ce9c48bd76a015abd51b0c84719958a313844852259 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-2c86ad6c-7fa9-11ef-91e0-27d3f366b1a9 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:37 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:53:52 GMT x-cache-hits 97265 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af690263e4-LHR server cloudflare
GET H2	200	Sidebar_LightBulb.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 634 B	64ms 61ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_LightBulb.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2b7a7368a6cca9fcd7c5f2ec658933e4d659dda40a9252133327a050f7be5822 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-9e9cbe8c-06fa-11ef-a662-17b03e11abdd content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:13 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:45:47 GMT x-cache-hits 1 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8f4039af690463e4-LHR server cloudflare
GET H2	200	Solutions_UseCases.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 651 B	50ms 48ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_UseCases.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fcc825efbd3a34a29ae7b9bd642d2b255555ec30d23c63404ec5b1fcc7a84a4a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-f34b8d1a-7fa8-11ef-a39a-ab9d0c870871 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:07 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:56:37 GMT x-cache-hits 100680 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af690863e4-LHR server cloudflare
GET H2	200	Solutions_Industries.svg www.bitsight.com/sites/default/files/2024/04/27/	864 B 527 B	63ms 61ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Solutions_Industries.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 419070443915898c758df09443308ff56b55aaaef50b9e9d2f2d9c1bed232474 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-8e9ca90c-06fa-11ef-b9e5-772998f816ed content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:13 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 17:59:41 GMT x-cache-hits 1 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8f4039af690f63e4-LHR server cloudflare
GET H2	200	DataInsights_OurData.svg www.bitsight.com/sites/default/files/2024/04/27/	725 B 552 B	65ms 64ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_OurData.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dbe2450ea985e2c9c09a59f572b41bb82c98e2e72e681e56def06dcb5d57d71a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-a6cf3f54-7fa8-11ef-94e3-83b871583532 content-encoding br cf-cache-status HIT age 7 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:07 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:58 GMT x-cache-hits 79568 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af691163e4-LHR server cloudflare
GET H2	200	DataInsights_ThreatResearch.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 474 B	61ms 60ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/DataInsights_ThreatResearch.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f4313da09ef903b43059f86c88118846f9a01916857b958be35813cec02c4b42 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-f354b958-7fa8-11ef-8c5e-67301c689dca content-encoding br cf-cache-status HIT age 7 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:07 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:18:18 GMT x-cache-hits 71940 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af691363e4-LHR server cloudflare
GET H2	200	Sidebar_Bell.svg www.bitsight.com/sites/default/files/2024/04/27/	766 B 508 B	76ms 74ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_Bell.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39623c86e4198f8b41011334fc0449c1f4fc53881eb4319d3abc170ab343b64c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-2e6c63e2-7fa9-11ef-908f-0b147fff18b1 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:37 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:03:01 GMT x-cache-hits 98190 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af691663e4-LHR server cloudflare
GET H2	200	Company_AboutUs.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 664 B	65ms 63ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Company_AboutUs.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 48f34eb1ce7d0cbd0efad1b6683a8d15e031151f733f85f044fff6b4b066c9b4 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-2e06863a-7fa9-11ef-b5e1-5f78105553e7 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 07:00:30 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:07:02 GMT x-cache-hits 97044 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af691963e4-LHR server cloudflare
GET H2	200	Company_ConnectWithUs.svg www.bitsight.com/sites/default/files/2024/04/27/	745 B 477 B	66ms 64ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Company_ConnectWithUs.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53fe440fd8722dba2c71db5ae5817928330215b74c84a96096231dffde0c4017 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-74d36e98-7fa9-11ef-9c4a-cf3fcb713adf content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:16 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:09:14 GMT x-cache-hits 98847 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af691d63e4-LHR server cloudflare
GET H2	200	Resources_Resources.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 732 B	68ms 67ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Resources.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99a21545d4225c0181c2c0e7df5e5961abe2d404c65b35ca727c7a55fc4fa7d5 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-a6cdb79c-7fa8-11ef-83ef-8b8478498df7 content-encoding br cf-cache-status HIT age 7 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:17 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:12:47 GMT x-cache-hits 100068 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af992d63e4-LHR server cloudflare
GET H2	200	Resources_Blog.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 578 B	71ms 70ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Resources_Blog.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee1b1b8e566d16455e7a351f87237f103ecd33be8111d4f3448056ef8dd00e04 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-2f15ac90-7fa9-11ef-a7a7-43b2cace716c content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:17 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:14:49 GMT x-cache-hits 50489 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af993163e4-LHR server cloudflare
GET H2	200	Sidebar_QuoteBubble.svg www.bitsight.com/sites/default/files/2024/04/27/	1 KB 683 B	69ms 67ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/04/27/Sidebar_QuoteBubble.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 401deae0c12a30d865a0d9d562ae3da5fcbb13d60e196f73d27e3f7a95dc7b2c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-570f12fe-1eba-11ef-b716-c79cf80b08f4 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:17 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Sat, 27 Apr 2024 18:16:50 GMT x-cache-hits 3759 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=1209600 x-ah-environment prod via varnish cf-ray 8f4039af993763e4-LHR server cloudflare
GET H2	200	blog%20BADBOX%20Botnet%20is%20back%20hero%20v2.webp www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/12/16/	132 KB 133 KB	396ms 395ms	Image image/webp	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/styles/16_9_large_2x/public/2024/12/16/blog%20BADBOX%20Botnet%20is%20back%20hero%20v2.webp?itok=ohsF_9sU Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a1847853aca5a9214e135721b88e1a5aabab5214ab304ff92907dd2c873bec06 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-6b2bd726-bc86-11ef-8de5-0f96a16a9399 cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 17 Dec 2025 14:52:15 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/webp last-modified Mon, 16 Dec 2024 19:54:14 GMT x-cache-hits 11 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af993d63e4-LHR accept-ranges bytes content-length 135368 server cloudflare
GET H2	200	Favorable_TermScout.svg www.bitsight.com/sites/default/files/2024/10/10/	16 KB 5 KB	74ms 73ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/10/10/Favorable_TermScout.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a19055fd2703293b99fff8c281b07fabc9623c4a4d10b1f9a976d6388a963c3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-56c54b70-874b-11ef-9c85-df1a7d2d3fb7 content-encoding br cf-cache-status HIT age 8 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:57:30 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Thu, 10 Oct 2024 21:05:11 GMT x-cache-hits 65026 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af994963e4-LHR server cloudflare
GET H2	200	js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js Show response www.bitsight.com/sites/default/files/js/	92 KB 32 KB	412ms 412ms	Script text/javascript	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/js/js_NZEtnooiivwiLvk79CFvaRGenLQ3EFHmLxY9r-la4KQ.js?scope=footer&delta=0&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2785338f57bd8c8bf3e6349d1ad3a7061b4985747fd6c488ddda0a15e9c1bdf3 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-9398603c-bb7b-11ef-8823-9fb04b666cc4 content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 07:03:44 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type text/javascript vary Accept-encoding x-cache-hits 22 last-modified Fri, 13 Dec 2024 16:57:19 GMT strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039aee84463e4-LHR accept-ranges bytes content-length 32455 server cloudflare
GET H2	200	277648.js Show response js.hs-scripts.com/	1 KB 1 KB	103ms 48ms	Script application/javascript	2606:4700::6810:8bd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/277648.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c70f8376f15439209189c3cde9b4e59bfed122cbde8e09e1fb308012594cab4d Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT age 7 x-content-type-options nosniff expires Wed, 18 Dec 2024 15:37:23 GMT date Wed, 18 Dec 2024 15:35:53 GMT x-hubspot-correlation-id 175e99aa-f77d-448d-a126-7386f3240486 content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Wed, 18 Dec 2024 15:35:46 GMT cache-control public, max-age=90 access-control-allow-credentials true cf-ray 8f4039afca44949d-LHR accept-ranges bytes access-control-allow-origin https://www.bitsight.com content-length 603 server cloudflare
GET H2	200	js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js Show response www.bitsight.com/sites/default/files/js/	55 KB 14 KB	368ms 368ms	Script text/javascript	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/js/js_s8SVLwiaB8u-XrYiGnOuTam2NYQL58ZJuFvF_mRiF74.js?scope=footer&delta=2&language=en&theme=bitsight_theme&include=eJxljFEKxCAMBS9U65FEY2jSmkQ0wh5_YVtYlv16DMM8WmV280j37mAVk48MF-ux4csb6xXrWD23_cGtsE8-yJMTCsZpwLkFQV1fBSZiGs8lPf2aO5LM-klCaQb_n-wYCHPF8QarZkAd Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 45176bc99e7e21bb5d01be8dd0d88c3d3fe4a396f97e067ea410dddc721d55dd Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-93a3c616-bb7b-11ef-83c8-7745d49c906a content-encoding gzip cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 07:01:30 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type text/javascript vary Accept-encoding x-cache-hits 24 last-modified Sun, 15 Dec 2024 05:30:08 GMT strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039af289d63e4-LHR accept-ranges bytes content-length 14340 server cloudflare
GET H2	200	geo4.js Show response cdn3.optimizely.com/js/	296 B 306 B	115ms 49ms	Script application/javascript	172.64.152.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn3.optimizely.com/js/geo4.js Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/26349430206.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.152.14 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8ed0748bb2aa02c2b972b2436f9be30ee7010cc674eb4e328082bd26938c9994 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cf-ray 8f4039afddeb948f-LHR content-encoding br date Wed, 18 Dec 2024 15:35:53 GMT content-type application/javascript vary Accept-Encoding server cloudflare
GET H2	200	gtm.js Show response www.googletagmanager.com/	451 KB 136 KB	150ms 67ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash eb904facb92ef2df368b5644e3580b79f03d0218a0eed4080d349d04afcd51b8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],} expires Wed, 18 Dec 2024 15:35:53 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:53 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Wed, 18 Dec 2024 15:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 138574 x-xss-protection 0 server Google Tag Manager
GET H2	200	a26349430206.html a26349430206.cdn.optimizely.com/client_storage/ Frame 6AAF	0 0	111ms 48ms	Document text/html	2606:4700::6812:4139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a26349430206.cdn.optimizely.com/client_storage/a26349430206.html Requested by Host: cdn.optimizely.com URL: https://cdn.optimizely.com/js/26349430206.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bitsight.com/blog/badbox-botnet-back Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 138 cache-control max-age=120 cf-cache-status HIT cf-ray 8f4039b00ce488b0-LHR content-encoding gzip content-length 775 content-type text/html; charset=utf-8 date Wed, 18 Dec 2024 15:35:53 GMT etag "5462c7245e017a3fb61642a5428d6eeb" last-modified Wed, 18 Dec 2024 14:39:19 GMT server cloudflare server-timing cfCacheStatus;desc="HIT" vary Accept-Encoding x-amz-id-2 SGyfhG/zjWyUgBphK6N01TgGLCHGAWWg5hYG9yTL4IOY2DPN2uSgJmD0Ccpr6ynmrvQOeDH0fsI= x-amz-meta-pci_enabled False x-amz-replication-status COMPLETED x-amz-request-id 9ZYJ4VNKM7TMR4Y9 x-amz-server-side-encryption AES256 x-amz-version-id Z6VMaqM9r6dWhGxnW6bHG8bw8s3cWmj3
GET H2	200	p.css p.typekit.net/	5 B 172 B	169ms 40ms	Stylesheet text/css	2a02:26f0:3500:16::215:1495 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=dws7syq&ht=tk&f=39488.39489.39490.39491.39492.39493.39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509&a=212160357&app=typekit&e=css Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Response headers cache-control public, max-age=604800 etag "674c5a4a-5" cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 5 date Wed, 18 Dec 2024 15:35:53 GMT content-type text/css last-modified Sun, 01 Dec 2024 12:44:58 GMT server nginx
GET H2	200	notice Show response consent.trustarc.com/	34 KB 11 KB	117ms 43ms	Script text/javascript	18.66.122.49 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.49 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-49.fra60.r.cloudfront.net Software / Resource Hash 8c2aded2af79e73ed87c7b26f590227404b0bab4379307dafd73f8b0fb01d7d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control max-age=3600 content-encoding gzip age 104 via 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id AU-EwYpF4oYulYoJUVrHPe4SRNbx7LHxxEg1Kj-mXWgR9dlBv_Eakw== date Wed, 18 Dec 2024 15:34:09 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding, Origin x-amz-cf-pop FRA60-P2
POST H3	200	collect www.google.com/ccm/	0 0	121ms 46ms	Ping text/plain	142.250.186.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&scrsrc=www.googletagmanager.com&frm=0&rnd=701791961.1734536154&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&auid=2100460441.1734536154&navt=n&npa=0&gtm=45He4cc1v76025611za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734536153769&tfd=999&apve=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f4.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	136ms 25ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (lhd/359D) / Resource Hash 6b1518ca2a1e0e588fd30c05fab1d3ffd4f8892d9ac25038428d9d60f0f96f8d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSub cache-control max-age=86400 content-encoding gzip etag "3699142dc24cdb1:0" age 66015 accept-ranges bytes x-cache HIT content-length 25407 date Wed, 18 Dec 2024 15:35:53 GMT content-type application/x-javascript last-modified Thu, 12 Dec 2024 18:18:00 GMT server ECS (lhd/359D) vary Accept-Encoding
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	19 KB 8 KB	133ms 42ms	Script application/javascript	2a02:26f0:780::210:ca40 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:ca40 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers vary Accept-Encoding cache-control max-age=63861 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 7404 date Wed, 18 Dec 2024 15:35:53 GMT last-modified Wed, 18 Dec 2024 09:08:52 GMT content-type application/javascript;charset=utf-8 x-edgeconnect-midmile-rtt 0, 0 x-edgeconnect-origin-mex-latency 470, 470 x-amz-server-side-encryption AES256
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	121ms 38ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip age 6732 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],} x-content-type-options nosniff expires Wed, 18 Dec 2024 15:43:41 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 13:43:41 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT content-type text/javascript vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=7200 cross-origin-resource-policy cross-origin content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0 cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 20994 server Golfe2
GET H2	200	destination Show response www.googletagmanager.com/gtag/	262 KB 93 KB	53ms 52ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 6c77cedfe623cfed94da6ec04557082876f202291693528ae1cd68b26b7d7a57 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Wed, 18 Dec 2024 15:35:53 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:53 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Wed, 18 Dec 2024 15:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 94823 x-xss-protection 0 server Google Tag Manager
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	43 KB 13 KB	86ms 25ms	Script application/javascript	2a04:4e42::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control public, max-age=60 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip etag "1a001f3a066bff47a766099b87253911" report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 12220 date Wed, 18 Dec 2024 15:35:53 GMT last-modified Mon, 18 Nov 2024 21:16:35 GMT content-type application/javascript vary Accept-Encoding,Origin server snooserv x-amz-server-side-encryption AES256
GET H/1.1	200 OK	js Show response pixel.mathtag.com/event/	161 B 711 B	317ms 102ms	Script text/javascript	74.121.140.211 PAEDAE-INC
General Check archive.org Show headers Download Go to Full URL https://pixel.mathtag.com/event/js?mt_pp=1&mt_adid=222552 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 74.121.140.211 Reston, United States, ASN30419 (PAEDAE-INC, US), Reverse DNS Software MT3 1688 76e1918 master iad iad-pixel-x1 config_version:"2352" / Resource Hash 98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457 Security Headers Name Value Strict-Transport-Security 31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers Strict-Transport-Security 31536000 Cache-Control no-cache Content-Encoding gzip Connection close Cross-Origin-Resource-Policy cross-origin Referrer-Policy strict-origin X-Content-Type-Options nosniff X-Permitted-Cross-Domain-Policies all Access-Control-Allow-Origin * P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Date Wed, 18 Dec 2024 15:35:54 GMT X-XSS-Protection 0 Content-Type text/javascript Server MT3 1688 76e1918 master iad iad-pixel-x1 config_version:"2352"
GET H2	200	7127e84810857c8d.min.js Show response tag.demandbase.com/	76 KB 20 KB	133ms 46ms	Script application/javascript	18.245.46.25 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.demandbase.com/7127e84810857c8d.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.46.25 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-46-25.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 0f83dfe6f033f907b96f377f8a03a5a8ef7d115e473d85ed7e2dabe5f82a0462 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip x-amz-version-id v05QvrvxRI0VOl7C8T2uZsSJ_x4PrkcB etag W/"dc57eab4525914a6ed3317a7f6046ff8" age 296 x-cache Hit from cloudfront x-amz-cf-id vr9FORTaXhN0VhEJiAcLJZyZ3OuwLCzp2rsQaQLkQ8CjcscL4La0xg== date Wed, 18 Dec 2024 15:33:29 GMT content-type application/javascript; charset=utf-8 vary accept-encoding last-modified Fri, 15 Nov 2024 20:20:16 GMT strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=3600 via 1.1 6b15a9d1514a5645abfd43cbf330ce48.cloudfront.net (CloudFront) permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-pop FRA56-P9 server AmazonS3 x-amz-server-side-encryption AES256
GET H3	200	nB5wHQT3fvQHVI5gp4PL Show response ws.zoominfo.com/pixel/	3 KB 2 KB	367ms 338ms	Script text/javascript	104.16.118.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/nB5wHQT3fvQHVI5gp4PL Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 9ca977c82cfa2be167e4d3536a9741ebae96b2e34ff9c86dde528e9e9465dfb5 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-robots-tag noindex, nofollow content-encoding gzip cf-cache-status DYNAMIC x-content-type-options nosniff alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript vary Accept-Encoding priority u=3,i=?0 access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url access-control-allow-credentials true via 1.1 google cf-ray 8f4039b15e5c4195-LHR access-control-allow-origin * x-powered-by Express server cloudflare
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	125ms 38ms	Script text/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip age 5890 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],} x-content-type-options nosniff expires Wed, 18 Dec 2024 15:57:43 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 13:57:43 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT content-type text/javascript vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=7200 cross-origin-resource-policy cross-origin content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0 cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 17168 server Golfe2
GET H2	200	events.js Show response tags.srv.stackadapt.com/	22 KB 7 KB	219ms 132ms	Script text/javascript	35.157.57.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/events.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-157-57-152.eu-central-1.compute.amazonaws.com Software / Resource Hash 0c03026bdb2674cbe23c43c63d41f31279820ce08016b42a694cf5babad7d252 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-allow-origin * cache-control max-age=5 content-encoding gzip date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript
GET H2	200	sw_iframe.html www.googletagmanager.com/static/service_worker/4cc0/ Frame 4EB3	0 0	118ms 39ms	Document text/html	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.bitsight.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 512500 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 1476 content-type text/html cross-origin-opener-policy same-origin; report-to="analytics-container-tag-serving" cross-origin-resource-policy cross-origin date Thu, 12 Dec 2024 17:14:13 GMT expires Fri, 12 Dec 2025 17:14:13 GMT last-modified Thu, 12 Dec 2024 10:18:00 GMT report-to {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]} server sffe service-worker-allowed /static/service_worker vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/965095466/	43 B 61 B	125ms 52ms	Script text/javascript	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965095466/?random=1734536153852&cv=11&fst=1734536153852&bg=ffffff&guid=ON&async=1&gtm=45be4cc1z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&hn=www.googleadservices.com&frm=0&tiba=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=2100460441.1734536154&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-cache, must-revalidate timing-allow-origin * content-encoding br pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-length 37 date Wed, 18 Dec 2024 15:35:53 GMT x-xss-protection 0 content-type text/javascript; charset=UTF-8 content-disposition attachment; filename="f.txt" server cafe
GET H2	200	965095466 td.doubleclick.net/td/rul/ Frame 5476	0 0	130ms 51ms	Document text/html	2a00:1450:4001:81d::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://td.doubleclick.net/td/rul/965095466?random=1734536153852&cv=11&fst=1734536153852&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1z876025611za201zb76025611&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&hn=www.googleadservices.com&frm=0&tiba=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&did=dNTIxZG&gdid=dNTIxZG&rdp=1&npa=0&pscdl=noapi&auid=2100460441.1734536154&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=AW-965095466&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.bitsight.com/blog/badbox-botnet-back Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-encoding br content-length 16 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:35:53 GMT expires Fri, 01 Jan 1990 00:00:00 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H2	200	point-of-precision.svg www.bitsight.com/themes/custom/bitsight_theme/src/assets/	327 B 418 B	44ms 44ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/themes/custom/bitsight_theme/src/assets/point-of-precision.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fbf16ed57105515412b31b67ae51c8811ff37d9ae1e5634185f0bc86881a5ddc Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Response headers x-request-id v-50a3fa16-bb7b-11ef-842b-0315d950a475 content-encoding br cf-cache-status HIT age 7 x-content-type-options nosniff expires Tue, 16 Dec 2025 06:55:13 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:53 GMT content-type image/svg+xml last-modified Wed, 20 Nov 2024 16:22:42 GMT x-cache-hits 30 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039b1cb8f63e4-LHR server cloudflare
GET H2	200	l use.typekit.net/af/0230dd/00000000000000007735bb33/30/	26 KB 26 KB	253ms 116ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/0230dd/00000000000000007735bb33/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 970585a0ab7ef1cd0c3f7af9c90fafb0278b676ee10f51df605762041fc9afd3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "5bb33ae2a954c4b3b528681f85ecbf7624532fad" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 26420 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/153042/00000000000000007735bb62/30/	24 KB 24 KB	209ms 73ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "b0d46bd3fb22c6c06785f44e1a131be6878e0485" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 24460 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/305037/00000000000000007735bb39/30/	27 KB 27 KB	223ms 87ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/305037/00000000000000007735bb39/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 357e9638466a0ed42f1a9d503d72f5d2420aa843ba7e1560851f762e707c9df8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "4af6f044e86b0a30d1aa7c5babe16808274dd9a8" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 27780 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/	23 KB 23 KB	248ms 112ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/1ba16c/00000000000000007735bb5a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 945247b37ca459967e61f373daa58a1f65571bf045a9e5d47aa94ab148f72c2a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "11d02edbb0e1552504cdb4512876b33f0c02dcaf" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 23256 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/384d9b/00000000000000007735bb6a/30/	25 KB 25 KB	174ms 38ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "23427917d6d72688888854d7151dc7962d8d8301" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 25828 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/aed66e/00000000000000007735bb35/30/	27 KB 27 KB	214ms 78ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/aed66e/00000000000000007735bb35/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash 62a382e91ed614e0fde41e75af950e689567e895203f54fac5e2c81fc0df21d8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "9e3369ea7ed88f1e4a8a12a637f7348f31af57ce" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 27892 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	l use.typekit.net/af/160664/00000000000000007735bb32/30/	28 KB 28 KB	183ms 46ms	Font application/font-woff2	2a02:26f0:780::210:a41b AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/160664/00000000000000007735bb32/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/sites/default/files/css/css_vXnRZWsTU0cFMhTpQk06JbmuiBRWZyW4VQdOcOXbUps.css?delta=1&language=en&theme=bitsight_theme&include=eJxtkNFyAyEIRX9I40x_KINKdmlRdgSb2K9PsmkfuuZNPFzgXh1qWEIERZcYVMe_d0FVWFBdkoahSivA9IMukiktq51txYJhYYnADm_GVL9Cbn0DPv2Wx2aVRMC-YO0TIkN_ETFsR_TZy_bSMAzpds6kSb6xjSAVk7ArmAnChfihPiXYjKQep6wImepy_LbHqf46lK5jYq91_uP2l0mVPAWw736vnFtr90w6gdjN5osLUN19-8iS5jCficUG9Z2tHT4tY7sDdCa-8g Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a41b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software nginx / Resource Hash d46328b6026c1b4d7f1b4707c3f2f1f2c8bf66292ae919034313697c557844d3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/ Response headers cache-control public, max-age=31536000 timing-allow-origin * etag "a0a5b94f1d2bb67123bf96637186b77b73341264" cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 28612 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/font-woff2 server nginx
GET H2	200	Pedro_fale-v2.jpg www.bitsight.com/sites/default/files/styles/avatar/public/2024/12/16/	1 KB 2 KB	398ms 397ms	Image image/jpeg	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/styles/avatar/public/2024/12/16/Pedro_fale-v2.jpg?itok=J7AjEWCL Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4e62a999b83dc784cb25311bcddac205db447962e4489be827f4377b6cb346c2 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-8cffc43e-bc86-11ef-93a3-a78385cf9ff0 cf-bgj h2pri cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 17 Dec 2025 14:51:39 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:54 GMT content-type image/jpeg last-modified Mon, 16 Dec 2024 19:54:25 GMT x-cache-hits 9 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039b1dba063e4-LHR accept-ranges bytes content-length 1462 server cloudflare
GET H2	200	BADBOX%20criminal%20scheme.png www.bitsight.com/sites/default/files/2024/12/16/	50 KB 51 KB	377ms 376ms	Image image/png	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/12/16/BADBOX%20criminal%20scheme.png Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7e5733dbd73c891414dad830492c2d29b37428d3e634a91fd055230083eea72c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-c5e776b2-bbea-11ef-878b-cf1013804020 cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 20:17:28 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:54 GMT content-type image/png last-modified Mon, 16 Dec 2024 20:17:07 GMT x-cache-hits 16 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039b1dba163e4-LHR accept-ranges bytes content-length 51540 server cloudflare
GET H2	200	activity%20flow%20behind%20the%20process%20of%20BADBOX%20deployment.png www.bitsight.com/sites/default/files/styles/cta/public/2024/12/16/	86 KB 86 KB	371ms 370ms	Image image/png	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/styles/cta/public/2024/12/16/activity%20flow%20behind%20the%20process%20of%20BADBOX%20deployment.png?itok=-EEGE9Ol Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 17f7f27a16648f6bb13af45474de061c07214d641737d118c409bcb2960d958c Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-8899f93c-bc86-11ef-8a78-4bf308325c17 cf-cache-status REVALIDATED x-content-type-options nosniff expires Wed, 17 Dec 2025 14:51:47 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:54 GMT content-type image/png last-modified Mon, 16 Dec 2024 20:19:03 GMT x-cache-hits 12 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039b1dba263e4-LHR accept-ranges bytes content-length 88229 server cloudflare
GET H2	200	KEV-research-white-paper-ad.svg www.bitsight.com/sites/default/files/2024/09/20/	167 KB 112 KB	404ms 403ms	Image image/svg+xml	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bitsight.com/sites/default/files/2024/09/20/KEV-research-white-paper-ad.svg Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f8ff2ac315cd0aaa1dc03f411ce9352baa0cbcd155036ab9c22d316d879e4182 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-e405ce10-bb7b-11ef-8ea0-476c583fe013 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 07:05:15 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:54 GMT content-type image/svg+xml last-modified Fri, 20 Sep 2024 19:03:54 GMT x-cache-hits 7 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039b1dba363e4-LHR server cloudflare
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_dy92zhkbx/	3 B 124 B	86ms 26ms	XHR application/json	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_dy92zhkbx/config Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=14400 content-encoding gzip via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 27 date Wed, 18 Dec 2024 15:35:53 GMT content-type application/json
GET H2	200	t2_dy92zhkbx_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	92ms 41ms	XHR application/json	2a04:4e42::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_dy92zhkbx_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=300 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 98 date Wed, 18 Dec 2024 15:35:53 GMT content-type application/json vary Accept-Encoding,Origin server snooserv
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	179ms 113ms	Image image/gif	151.101.129.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1734536153892&id=t2_dy92zhkbx&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=963a5f62-7174-4842-add3-11deeede1251&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc= Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} retry-after 0 cross-origin-resource-policy cross-origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes content-length 42 date Wed, 18 Dec 2024 15:35:54 GMT content-type image/gif server Varnish
GET H2	200	v1.7-38 Show response consent.trustarc.com/asset/notice.js/v/	95 KB 28 KB	115ms 43ms	Script text/javascript	18.66.122.49 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.trustarc.com/asset/notice.js/v/v1.7-38 Requested by Host: consent.trustarc.com URL: https://consent.trustarc.com/notice?domain=bitsighttech.com&c=teconsent&js=bb&noticeType=bb&text=true&pn=1&gtm=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.49 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-49.fra60.r.cloudfront.net Software / Resource Hash bc0a9f809abe594823927a1385b53e29f1bce8648cd0c4b91cab524be11eaa04 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers * content-encoding gzip age 2902 x-cache Hit from cloudfront x-amz-cf-id dCnWoQqg4dKmZamn2t_v6ZGnl0lV5FrzwCjzIdmoeDkibGIPyGE0aA== date Wed, 18 Dec 2024 14:47:31 GMT content-type text/javascript last-modified Thu, 5 Dec 2024 02:35:55 GMT vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains cache-control max-age=2592000 pragma public via 1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront) access-control-allow-origin * content-length 28264 x-amz-cf-pop FRA60-P2
GET H2	200	log consent.trustarc.com/	43 B 429 B	65ms 65ms	Image image/gif	18.66.122.49 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/log?domain=bitsighttech.com&country=gb&state=&behavior=implied&session=da2c0779-949d-4d6b-89a5-456816e8d3fa&userType=NEW&c=d230&referer=https://www.bitsight.com&language=en Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.49 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-49.fra60.r.cloudfront.net Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache via 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront) expires Mon, 26 Jul 1997 05:00:00 GMT x-cache Miss from cloudfront content-length 43 x-amz-cf-id yxqZk1eB0_Z4MePyu41gl_uxE7KY9Jo96MQWabezVTK9Q15DDVLDWA== date Wed, 18 Dec 2024 15:35:53 GMT content-type image/gif x-amz-cf-pop FRA60-P2 vary Origin
GET H2	200	277648.js Show response js.hs-analytics.net/analytics/1734536100000/	87 KB 28 KB	112ms 56ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1734536100000/277648.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 177ccc903bc1e582e387f061cda57593eece2329b8a9d84d6225aa5ad6ecb970 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-amz-server-side-encryption AES256 x-request-id 11878a97-83c2-4b65-a17d-dc5f40e48642 content-encoding gzip cf-cache-status HIT etag W/"1a816f50c8ec3bdb09dc86b88930a279" x-amz-version-id null age 7 expires Wed, 18 Dec 2024 15:40:46 GMT x-evy-trace-listener listener_https date Wed, 18 Dec 2024 15:35:54 GMT x-hubspot-correlation-id 11878a97-83c2-4b65-a17d-dc5f40e48642 content-type text/javascript last-modified Tue, 22 Oct 2024 20:38:12 GMT vary origin, Accept-Encoding x-amz-id-2 bc2FLXt5pFBFEMLKtdwHRkTudUbHImosVWo57jtn7MfXUXIRQDnZwuOifWYrjoZ+bxGvu8vHabM= x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ds2fh x-envoy-upstream-service-time 32 access-control-allow-credentials false x-amz-request-id TQEQSRX3SNPRBBAY cf-ray 8f4039b25af194ae-LHR x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	banner.js Show response js.hs-banner.com/v2/277648/	72 KB 27 KB	92ms 38ms	Script text/javascript	2606:4700:4400::ac40:9310 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/277648/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2f75f2bba428b256fdf85b78ba38e3c88c372433d6b484faf4da9c7780102494 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-evy-trace-virtual-host all access-control-max-age 604800 x-request-id 3a19b3f7-d48b-488f-9825-cf42f213b70a access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing content-encoding gzip cf-cache-status HIT etag W/"0d348277da23f2965a1392e91a7fa6aa" x-amz-version-id 9rYQwXAh7p3RpE9mplC_EqLSRKBCDaOM age 138 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD expires Wed, 18 Dec 2024 15:37:46 GMT x-evy-trace-listener listener_https date Wed, 18 Dec 2024 15:35:53 GMT x-hubspot-correlation-id 3a19b3f7-d48b-488f-9825-cf42f213b70a content-type text/javascript; charset=UTF-8 last-modified Fri, 23 Aug 2024 14:30:47 GMT vary origin, Accept-Encoding x-amz-id-2 qS2rU+0pFmhL5kGHFWyD9Awg8GJXUgNhoIZG/zehEw6uGH1j4jbcUkIr6Kp1A6gmEZvK8wca5CA= access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public timing-allow-origin * x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-wgwsj x-envoy-upstream-service-time 23 access-control-allow-credentials true x-amz-request-id ZAJPJESK9NEG2HW3 cf-ray 8f4039b24f8ef65f-LHR access-control-allow-origin https://www.bitsight.com x-evy-trace-route-configuration listener_https/all server cloudflare x-amz-server-side-encryption AES256
GET H2	200	leadflows.js Show response js.hsleadflows.net/	550 KB 92 KB	122ms 57ms	Script application/javascript	2606:4700::6812:8d11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/277648.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id 3b2bb04d-35aa-4f9d-9882-28cd1499f613 content-encoding gzip cf-cache-status HIT x-amz-version-id PqQn.3x38ZWRmSYb9J2u1wYA9Etnh36Z etag W/"e9829c28fae41e369bd948323746cc37" cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod age 83714 x-content-type-options nosniff x-cache RefreshHit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id DS9667BNp3Ktt5KWDF0TC1tYp4F875doUf6Ga7ZmiFWNbhKHHSxD6g== x-hubspot-correlation-id 3b2bb04d-35aa-4f9d-9882-28cd1499f613 content-type application/javascript; charset=utf-8 last-modified Thu, 12 Dec 2024 15:49:15 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=86400, max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-4wq5t x-envoy-upstream-service-time 18 x-hs-target-asset lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET x-hs-cache-status MISS date Wed, 18 Dec 2024 15:35:54 GMT vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js&cfRay=8f12a23a38ec5bc1-AMS via 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront) cf-ray 8f4039b26f21cdb9-LHR access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	64fa38cc287519aad2798b3c Show response go.affec.tv/j/	663 B 800 B	115ms 36ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/j/64fa38cc287519aad2798b3c? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 7bdbe2296fe0d69cb54f75f8634242db65c3b02af117019e4575c0ee90871851 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 431 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript vary Accept-Encoding
POST H2	200	collect Show response www.google-analytics.com/j/	3 B 422 B	46ms 45ms	XHR text/plain	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1954294848&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&ul=en-gb&de=UTF-8&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1030739012&gjid=6102419&cid=828521282.1734536154&tid=UA-36272386-4&_gid=1701039805.1734536154&_r=1&_slc=1&gtm=45He4cc1n81MZ2J8ZGv76025611za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1201972895 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],} x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:53 GMT last-modified Sun, 17 May 1998 03:00:00 GMT content-type text/plain cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0 access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 3 server Golfe2
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	42ms 42ms	Script application/javascript	2a02:26f0:780::210:ca40 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:ca40 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=75059 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 14628 date Wed, 18 Dec 2024 15:35:53 GMT last-modified Mon, 02 Dec 2024 10:13:56 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	__utm.gif ssl.google-analytics.com/r/	35 B 410 B	45ms 44ms	Image image/gif	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=384332953&utmhn=www.bitsight.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-gb&utmje=0&utmfl=-&utmdt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&utmhid=1954294848&utmr=-&utmp=%2Fblog%2Fbadbox-botnet-back&utmht=1734536153922&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D15825701.828521282.1734536154.1734536154.1734536154.1%3B%2B__utmz%3D15825701.1734536154.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1297415109&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAABAAAE~ Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],} x-content-type-options nosniff content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0 expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 35 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:53 GMT last-modified Sun, 17 May 1998 03:00:00 GMT content-type image/gif server Golfe2
GET H2	200	ipv cdn.bizible.com/	43 B 305 B	25ms 25ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=a11894c70c8b4822b1d45649404b7c9b&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&_biz_t=1734536153925&_biz_i=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&_biz_n=0&rnd=559623&cdn_o=a&_biz_z=1734536153925 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (lhd/370A) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 411631 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Wed, 18 Dec 2024 15:35:53 GMT content-type Image/GIF last-modified Fri, 13 Dec 2024 21:15:22 GMT server ECS (lhd/370A)
GET H2	200	u cdn.bizibly.com/	43 B 205 B	49ms 25ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=a11894c70c8b4822b1d45649404b7c9b&_biz_l=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&_biz_t=1734536153926&_biz_i=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&rnd=505332&cdn_o=a&_biz_z=1734536153926 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (lhd/35B4) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 411623 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Wed, 18 Dec 2024 15:35:53 GMT content-type Image/GIF last-modified Fri, 13 Dec 2024 21:15:30 GMT server ECS (lhd/35B4)
GET H2	200	sync s.company-target.com/s/ Frame 89D4	0 0	174ms 105ms	Document text/html	34.96.71.22 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://s.company-target.com/s/sync?exc=lr Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/7127e84810857c8d.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 22.71.96.34.bc.googleusercontent.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.bitsight.com/blog/badbox-botnet-back Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-methods GET,OPTIONS alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 634 content-type text/html; charset=UTF-8 date Wed, 18 Dec 2024 15:35:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	103ms 35ms	Image text/plain	35.244.174.68 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Wed, 18 Dec 2024 15:35:54 GMT
POST H2	200	ip.json Show response api.company-target.com/api/v3/	460 B 1015 B	194ms 96ms	XHR application/json	18.66.102.127 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&page_title=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.127 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-127.fra56.r.cloudfront.net Software nginx / Resource Hash ed18f2600dba553139a6e5f0db9e91fb28637a6af8dbfec605bf000c40799e1e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-max-age 7200 access-control-expose-headers x-amz-cf-id content-encoding gzip identification-source CENTRAL access-control-allow-methods GET, POST, OPTIONS request-id 4fb09bae-26c8-4b93-a4f6-43c0fd781528 expires Tue, 17 Dec 2024 15:35:54 GMT x-cache Miss from cloudfront x-amz-cf-id gmYPGqVdUnNUNe9XL--8og1Ba3ErjtBSQqT04NeQuDIYi1HiMWz0iA== date Wed, 18 Dec 2024 15:35:54 GMT content-type application/json;charset=utf-8 vary Accept-Encoding, Origin access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache api-version v3 access-control-allow-credentials true via 1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront) access-control-allow-origin https://www.bitsight.com x-amz-cf-pop FRA56-P2 server nginx
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 348 B	123ms 123ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=a11894c70c8b4822b1d45649404b7c9b&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.12.12 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (lhd/3718) / Resource Hash 8880b4ca9bca915dd7d1d02b822db42dcd1047ad7777b187e5add8c2343f4761 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSub cache-control private, must-revalidate, max-age=21600 content-encoding gzip etag 370BB376 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 218 date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding server ECS (lhd/3718)
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 816 B	228ms 173ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-li-pop afd-prod-ltx1-x content-encoding gzip x-fs-uuid 0006298d2b50a280c24cb4960a512e2c x-msedge-ref Ref A: C264E69290904368B96E882CEDF9E318 Ref B: LON04EDGE0813 Ref C: 2024-12-18T15:35:54Z x-li-fabric prod-ltx1 x-restli-protocol-version 1.0.0 access-control-allow-methods GET, OPTIONS x-li-uuid AAYpjStQooDCTLSWClEuLA== x-li-proto http/2 access-control-allow-origin * x-cache CONFIG_NOCACHE date Wed, 18 Dec 2024 15:35:53 GMT content-type application/json access-control-allow-headers *
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQLUhjRvN_vn2gAAAZPaaUwpdS2olYgMMBwO7OpMEzv3zFHcRG...	0 266 B	265ms 188ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQLUhjRvN_vn2gAAAZPaaUwpdS2olYgMMBwO7OpMEzv3zFHcRG4KE7_751_jLG2vsHXK2P8 Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers linkedin-action 1 x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: CEFC59DB64234679B0982F21450B2793 Ref B: LON04EDGE0616 Ref C: 2024-12-18T15:35:54Z x-li-fabric prod-lor1 x-li-uuid AAYpjStVfygARG3t5tWI5A== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Wed, 18 Dec 2024 15:35:53 GMT content-type application/javascript Redirect headers linkedin-action 1 x-li-pop afd-prod-lor1-x location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26304&time=1734536153965&url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&e_ipv6=AQLUhjRvN_vn2gAAAZPaaUwpdS2olYgMMBwO7OpMEzv3zFHcRG4KE7_751_jLG2vsHXK2P8 x-msedge-ref Ref A: 73B30F3AB5E6478FAF6DF2C901CBCF17 Ref B: LON04EDGE0720 Ref C: 2024-12-18T15:35:54Z x-li-fabric prod-lor1 x-li-uuid AAYpjStRZiJDONIQtnUukA== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Wed, 18 Dec 2024 15:35:53 GMT
GET H2	200	bannermsg consent.trustarc.com/	43 B 427 B	123ms 123ms	Image image/gif	18.66.122.49 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://consent.trustarc.com/bannermsg?action=views&domain=bitsighttech.com&behavior=implied&country=gb&language=en&rand=0.3012585858293002&session=da2c0779-949d-4d6b-89a5-456816e8d3fa&userType=NEW&referer=https://www.bitsight.com Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.49 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-49.fra60.r.cloudfront.net Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache via 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront) expires Mon, 26 Jul 1997 05:00:00 GMT x-cache Miss from cloudfront content-length 43 x-amz-cf-id K2sc6_7TWrlqac4qbmWOQikeptSl9tLoBlF4C86XfghQv10aqP8zfA== date Wed, 18 Dec 2024 15:35:54 GMT content-type image/gif x-amz-cf-pop FRA60-P2 vary Origin
GET H2	200	bounce Show response secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718952&order_id=%5BORDER_ID%5D&seg=34797513&t=1&value=%5BREVENUE%5D https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D	0 1 KB	41ms 41ms	Script application/javascript	185.89.210.212 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Server 185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 5.187.21.109; 5.187.21.109; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin * an-x-request-uuid 51791c44-4b75-4f74-a87e-406f6815cbe5 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Wed, 18 Dec 2024 15:35:54 GMT x-xss-protection 0 content-type application/javascript; charset=utf-8 server nginx/1.23.4 Redirect headers cache-control no-store, no-cache, private location https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718952%26order_id%3D%255BORDER_ID%255D%26seg%3D34797513%26t%3D1%26value%3D%255BREVENUE%255D pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness x-proxy-origin 5.187.21.109; 5.187.21.109; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT an-x-request-uuid bc64cb58-41cd-4725-9e9c-8073d2bccc04 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Wed, 18 Dec 2024 15:35:54 GMT x-xss-protection 0 content-type text/html; charset=utf-8 server nginx/1.23.4
GET H2	200	/ Show response go.affec.tv/per/	846 B 917 B	36ms 36ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8 Requested by Host: go.affec.tv URL: https://go.affec.tv/j/64fa38cc287519aad2798b3c? Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 788a31bd9571e06e6335a5b2ec903f3099f20f33505a5c0b19750fc1c7e15f70 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 549 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	generic match.adsrvr.org/track/cmf/ Redirect Chain https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent= https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D6762ebda7b48c00001493fce%26chc%3Daf%26redirect_url%3D%26gdpr%3D%26gdpr_consent%3D&gdpr=&gdpr_consent= https://map.go.affec.tv/map/an/7922062215203395630?ch=6762ebda7b48c00001493fce&chc=af&redirect_url=&gdpr=&gdpr_consent=&gdpr=&gdpr_consent= https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent=	70 B 149 B	131ms 38ms	Image image/gif	15.197.193.217 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Server 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS a12b7a488abeaa9e4.awsglobalaccelerator.com Software Kestrel / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-length 70 date Wed, 18 Dec 2024 15:35:54 GMT content-type image/gif server Kestrel Redirect headers location https://match.adsrvr.org/track/cmf/generic?ttd_pid=mssm115&ttd_tpi=1&gdpr=&gdpr_consent= content-length 134 content-encoding gzip date Wed, 18 Dec 2024 15:35:54 GMT content-type text/html; charset=utf-8 vary Accept-Encoding
GET H2	200	64fa38cd287519aad2798b3d Show response go.affec.tv/j/	523 B 727 B	36ms 36ms	Script application/javascript	52.211.65.65 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://go.affec.tv/j/64fa38cd287519aad2798b3d? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.65.65 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-65-65.eu-west-1.compute.amazonaws.com Software / Resource Hash 5e5c216cafaeb16e22017cd601cc51d40a986fa637ea66eadf476494777053e7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate content-encoding gzip expires Wed, 04 Apr 1990 00:00:00 GMT content-length 359 p3p CP="CAO DSP COR PSAo CONo HISo OTPo OUR IND NAV INT CNT OTC" date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Show response cdn.permutive.com/	279 KB 80 KB	107ms 45ms	Script application/javascript	2606:4700::6811:6d13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.permutive.com/6a844cb1-30bc-4723-8446-2cd9d1f839b8-async.js Requested by Host: go.affec.tv URL: https://go.affec.tv/per/?gdpr=&gdpr_consent=&k=94d55f4b-7357-46e7-b587-ffb343195048&p=6a844cb1-30bc-4723-8446-2cd9d1f839b8 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:6d13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 47d39f00710c4fbe03d22868a85668d61f69cbef3f194e751fe35b3c11535820 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-goog-metageneration 1 content-encoding gzip x-goog-hash crc32c=OD+e0A==, md5=Pmn62h2zlhYTKmf1Str1pA== x-goog-meta-oid 6a844cb1-30bc-4723-8446-2cd9d1f839b8 etag "3e69fada1db39616132a67f54adaf5a4" cf-cache-status HIT age 0 x-goog-stored-content-encoding gzip expires Wed, 18 Dec 2024 15:50:54 GMT x-goog-stored-content-length 81473 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript last-modified Fri, 22 Sep 2023 17:01:24 GMT vary Accept-Encoding x-guploader-uploadid ABPtcPqeSA8Hpcb-PrgvEpdLsObBqpGSNgYufd6BzeNnrooFlXJsV9IRwnJ6XYwSnduey3kSC35uG8lvIw cache-control public, max-age=900 timing-allow-origin * x-goog-storage-class REGIONAL cf-ray 8f4039b378b5d1fa-LHR accept-ranges bytes x-goog-generation 1695402084169978 content-length 81473 server cloudflare
GET H2	200	bounce Show response secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?gdpr=&gdpr_consent=&id=1718953&order_id=%5BORDER_ID%5D&seg=34797516&t=1&value=%5BREVENUE%5D https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D	0 1 KB	35ms 35ms	Script application/javascript	185.89.210.212 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Server 185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 5.187.21.109; 5.187.21.109; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin * an-x-request-uuid 4da66706-f324-46d3-81b6-3415b8125ebc content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Wed, 18 Dec 2024 15:35:54 GMT x-xss-protection 0 content-type application/javascript; charset=utf-8 server nginx/1.23.4 Redirect headers cache-control no-store, no-cache, private location https://secure.adnxs.com/bounce?%2Fpx%3Fgdpr%3D%26gdpr_consent%3D%26id%3D1718953%26order_id%3D%255BORDER_ID%255D%26seg%3D34797516%26t%3D1%26value%3D%255BREVENUE%255D pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness x-proxy-origin 5.187.21.109; 5.187.21.109; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT an-x-request-uuid 22cf9cac-f2bf-4080-9084-d9543b90dd26 content-length 0 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Wed, 18 Dec 2024 15:35:54 GMT x-xss-protection 0 content-type text/html; charset=utf-8 server nginx/1.23.4
GET H2	200	sa.css tags.srv.stackadapt.com/	65 B 203 B	132ms 132ms	Stylesheet text/css	35.157.57.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.css Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-157-57-152.eu-central-1.compute.amazonaws.com Software / Resource Hash 5064864ec230538caa1e15612892be717a53351dd54d3531cb46b7261b7cfb2c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-allow-origin * cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 65 date Wed, 18 Dec 2024 15:35:54 GMT content-type text/css
GET H2	200	sa.jpeg Show response tags.srv.stackadapt.com/	0 2 KB	207ms 130ms	Fetch image/jpeg	35.157.57.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-157-57-152.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-allow-origin * cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 651 date Wed, 18 Dec 2024 15:35:54 GMT content-type image/jpeg
GET H2	200	bg9s Show response tag-logger.demandbase.com/	0 443 B	440ms 348ms	XHR text/html	2600:9000:2724:fe00:1d:8d6d:3b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=gmYPGqVdUnNUNe9XL--8og1Ba3ErjtBSQqT04NeQuDIYi1HiMWz0iA==&api-version=v3 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2724:fe00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-amz-version-id 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH etag "d41d8cd98f00b204e9800998ecf8427e" age 25908 alt-svc h3=":443"; ma=86400 x-cache Error from cloudfront x-amz-cf-id EbSgfaq7he6PmLzxKV2BKTKubv-mwhH7mlRZOkvdIybzPcSB6Yb2sw== date Wed, 18 Dec 2024 08:39:53 GMT content-type text/html vary accept-encoding last-modified Tue, 07 Mar 2023 20:47:02 GMT via 1.1 1270eda8f49e8826b43258fcc9ef44d2.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 0 x-amz-cf-pop FRA56-P12 server AmazonS3 x-amz-server-side-encryption AES256
GET H3	200	destination Show response www.googletagmanager.com/gtag/	400 KB 129 KB	64ms 64ms	Script application/javascript	142.250.74.200 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZ2J8ZG Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.74.200 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s02-in-f8.1e100.net Software Google Tag Manager / Resource Hash 6876993c0dd49744467fb266ea396ffd9474b2d65c605735a11a49d1708fa482 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],} expires Wed, 18 Dec 2024 15:35:54 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 132492 x-xss-protection 0 server Google Tag Manager
GET		a862b826-d33d-4edd-9a95-a9320156cd3e https://www.bitsight.com/ Frame	0 0
GET		5aea512b-2903-44a1-b620-5fd97c2c24f9 https://www.bitsight.com/ Frame	0 0
GET H2	200	getuidj Show response ib.adnxs.com/	29 B 1 KB	153ms 58ms	XHR application/json	37.252.171.52 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/getuidj Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash b5c96a51f923c10130eb615c5339d9f7060cc7849d442c0670e56d1decb80fab Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 5.187.21.109; 5.187.21.109; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin https://www.bitsight.com an-x-request-uuid 28b1cf29-f08f-4a3f-aec1-2eba6f3ff8e4 content-length 29 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Wed, 18 Dec 2024 15:35:54 GMT x-xss-protection 0 content-type application/json; charset=utf-8 server nginx/1.23.4
GET H2	200	geoip Show response api.permutive.com/v2.0/	242 B 346 B	100ms 35ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 14634539dcfd49aa7372e4ebf0630942251dd57aa012becf193596f10a20864a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 159 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/json vary Origin server Permutive
GET H2	200	saq_pxl Show response tags.srv.stackadapt.com/	116 B 311 B	130ms 129ms	XHR text/plain	35.157.57.152 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=oeyzgkQ7R8piwGBmS0lgBg&is_js=true&landing_url=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&t=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&tip=SC-yglJBYikKoiYGNt2EbobgFNqsmXVbYMm4VgUOvs0&host=https%3A%2F%2Fwww.bitsight.com&sa_conv_data_css_value=%270-f9081004-5595-57d0-6094-d1559e34b262%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9f9081004559557d06094d1559e34b26205bb156d&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIM3k4a-b3glZFSHwgnb7QiQKnQ7cSqNPFdc9QN2ce-prENYBGAQg2teLuwYwAToExbdv9kIEo5opcg.Wy4vaP5VtvTkE5g1LU0shH6kDBYhKIFjAhwV6tJvQqw&sa-user-id-v2=s%253A-QgQBFWVV9BglNFVnjSyYgW7FW0.zPTcWFdtFqpbOpGQCDboZP9b7DutIKnpO%252BAV10t87ks&sa-user-id=s%253A0-f9081004-5595-57d0-6094-d1559e34b262.ceBEyq4s7%252BevxpvTgJzz6PGloh%252Bp1Cek9Ocq0AGVK9E Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.157.57.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-157-57-152.eu-central-1.compute.amazonaws.com Software / Resource Hash 64ae2ac91d9fd9325a866ccae4fb1118c46e1ccc2ffe8ce6c07c02d61d2e38a1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-allow-methods GET access-control-allow-origin https://www.bitsight.com content-length 116 date Wed, 18 Dec 2024 15:35:54 GMT content-type text/plain; charset=utf-8 access-control-allow-credentials true access-control-allow-headers *
POST H3	200	identify Show response api.permutive.com/v2.0/	50 B 88 B	62ms 33ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/identify?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash b962601068e9a83110324f50638cea007d1a57d82efd0702f3e690c829b4a641 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 70 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/json vary Origin server Permutive
POST H2	200	audiences Show response api.permutive.com/audience-matching/v1/id/c165da18-101c-4ed0-967c-907b75318106/	12 B 66 B	114ms 113ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/audience-matching/v1/id/c165da18-101c-4ed0-967c-907b75318106/audiences?k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software / Resource Hash 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/json
POST H2	204	events Show response logx.optimizely.com/v1/	0 387 B	171ms 112ms	XHR text/plain	34.49.241.189 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 189.241.49.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id cc6d9de3-83ca-4489-a8ed-9982c6f09122 access-control-expose-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id timing-allow-origin * access-control-allow-credentials true access-control-allow-methods POST,OPTIONS via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:54 GMT content-type text/plain access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 198 B	203ms 202ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.bitsight.com/blog/badbox-botnet-back User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Content-Type text/plain;charset=UTF-8 Response headers linkedin-action 1 x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: E8E965D167634B31ADAEBAF682E57E2A Ref B: LON04EDGE0720 Ref C: 2024-12-18T15:35:54Z x-li-fabric prod-lor1 access-control-allow-credentials true x-li-uuid AAYpjStYYuiaML+HlP3KFg== x-li-proto http/2 access-control-allow-origin https://www.bitsight.com x-cache CONFIG_NOCACHE date Wed, 18 Dec 2024 15:35:53 GMT vary Origin
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	206ms 150ms	Image image/gif	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3511443875&v=1.1&a=277648&rcu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&pu=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&t=BADBOX+Botnet+Is+Back+%7C+Bitsight&cts=1734536154517&vi=d3a1c71f89c18f60128d166761fcb4ea&nc=true&u=208292109.d3a1c71f89c18f60128d166761fcb4ea.1734536154516.1734536154516.1734536154516.1&b=208292109.1.1734536154516&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-robots-tag none x-request-id 549e4340-41a2-4c76-a2b8-ed54703f2605 cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRjlvRVcZXXeFoEEpDuK38QknVyiPbwT2bVUHL98kW9DRGnR5TrqxqXxLu0h6XGjqYwO%2B0ieNGf7NexUTrVd1uXgAE01Reyedlws%2BREExehLpgeVYY5Udn5YlCbi0d8Fvz3qNYd%2FQsv1TI1Ldhmt"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Wed, 18 Dec 2024 15:35:54 GMT x-hubspot-correlation-id 549e4340-41a2-4c76-a2b8-ed54703f2605 content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-cvxr8 x-envoy-upstream-service-time 5 access-control-allow-credentials false cf-ray 8f4039b62f8c03b9-LHR x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H2	200	aem.js Show response wsmcdn.audioeye.com/	1 KB 685 B	103ms 46ms	Script application/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsmcdn.audioeye.com/aem.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 21ce02759d64e769ea019147538ea0e16ed158b5227892e712d0aa170094bdd2 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=120 content-encoding br cf-cache-status HIT etag W/"09bce93342ee26a0f93a6636adad9b46" age 113 cf-ray 8f4039b62f65cda2-LHR date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript vary Accept-Encoding surrogate-keys server cloudflare
GET H2	200	favicon.ico www.bitsight.com/sites/default/files/	4 KB 673 B	379ms 379ms	Other image/vnd.microsoft.icon	2606:4700:10::ac43:60f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitsight.com/sites/default/files/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:60f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 77cddbf66be2b35d501d2c904c7fdf17ac528af69096fa9acd0e8a9eddd0c336 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id v-63bd8a40-500a-11ef-8fe5-4bafd4e77667 content-encoding br cf-cache-status REVALIDATED x-content-type-options nosniff expires Tue, 16 Dec 2025 06:59:09 GMT x-cache HIT date Wed, 18 Dec 2024 15:35:54 GMT content-type image/vnd.microsoft.icon last-modified Thu, 20 Apr 2023 01:16:14 GMT x-cache-hits 20093 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 x-ah-environment prod via varnish cf-ray 8f4039b5dfcf63e4-LHR server cloudflare
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	178 B 1 KB	223ms 167ms	XHR application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=277648&utk=d3a1c71f89c18f60128d166761fcb4ea&__hstc=208292109.d3a1c71f89c18f60128d166761fcb4ea.1734536154516.1734536154516.1734536154516.1&__hssc=208292109.1.1734536154516&currentUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5788fee898811fbcf6ec402c9252aa013b68a876ff25c7ac7fb9f2e17f06de80 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-robots-tag none access-control-max-age 180 x-request-id e38df098-993a-42dd-8c32-619efce4b8e0 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6awmdlWmUaEYFDr3RDE0nPoc%2FqmwPCnLc9v9DGm7jcqx0ONdCcjKXXvVG%2FAsbAuSC3TD5lYKt4isWC74LcrLau5pojGXHMRd%2FXCjmt%2BYXciV%2Fm3vFgPRXntLxV4ipvf6A%2FJRA9e8DUV6C06JJQdN"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-evy-trace-listener listener_https date Wed, 18 Dec 2024 15:35:54 GMT x-hubspot-correlation-id e38df098-993a-42dd-8c32-619efce4b8e0 content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x x-envoy-upstream-service-time 31 access-control-allow-credentials false cf-ray 8f4039b67fe594d8-LHR access-control-allow-origin https://www.bitsight.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	bootstrap.js Show response wsv3cdn.audioeye.com/	61 KB 21 KB	100ms 47ms	Script application/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=c86474f97 Requested by Host: wsmcdn.audioeye.com URL: https://wsmcdn.audioeye.com/aem.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a7d7318113d6d9a89318cb484186ec9d89b67bc4612c8056a5735ecfcca1f78a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=3600, s-maxage=21600 content-encoding br cf-cache-status HIT etag W/"105c8b0f1b8839d1f9d820a8ede23f1e" age 8533 cf-ray 8f4039b6ccbcef23-LHR date Wed, 18 Dec 2024 15:35:54 GMT content-type application/javascript vary Accept-Encoding surrogate-keys 95c39350d8f4b765016b0e58199c2f8b server cloudflare
GET H2	200	loader.js Show response wsv3cdn.audioeye.com/v2/scripts/	31 KB 10 KB	91ms 38ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=c86474f97 Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=95c39350d8f4b765016b0e58199c2f8b&cb=c86474f97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37cd9266dc272a94497ed77dc9e591e4e330a9be86a238ec297390ba78a723f1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public surrogate-key prod 95c39350d8f4b765016b0e58199c2f8b c86474f97 cf-cache-status HIT age 2299 content-encoding br cf-ray 8f4039b77cd6ed06-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript;charset=UTF-8 vary Accept-Encoding server cloudflare last-modified Wed, 18 Dec 2024 14:18:49 GMT
GET H2	200	trends.min.js Show response assets.trendemon.com/tag/	301 KB 60 KB	168ms 45ms	Script application/javascript	2600:9000:26e8:ee00:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/tag/trends.min.js Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26e8:ee00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip etag "b7e260e47980a9ada3906def2be7dcda" age 38849 via 1.1 e161fd49d3d858d9f9d1d337fc91ce8e.cloudfront.net (CloudFront) accept-ranges bytes x-cache Hit from cloudfront content-length 61292 x-amz-cf-id 6ANeHNXUcTTBsbMKR45GPzIb-cgqNeFUAsBq-HrEeCDntgG0JvYUKg== date Wed, 18 Dec 2024 04:48:26 GMT content-type application/javascript last-modified Mon, 18 Nov 2024 12:10:10 GMT server AmazonS3 x-amz-cf-pop FRA56-P10 x-amz-server-side-encryption AES256
GET H2	204	https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back Show response tracking.intentsify.io/page-tracking/intentsify-bitsight/	0 214 B	542ms 162ms	Script text/plain	52.8.65.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.intentsify.io/page-tracking/intentsify-bitsight/https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back Requested by Host: www.bitsight.com URL: https://www.bitsight.com/blog/badbox-botnet-back Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.8.65.43 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-8-65-43.us-west-1.compute.amazonaws.com Software / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers expires -1 cache-control private, no-cache, no-store, must-revalidate date Wed, 18 Dec 2024 15:35:55 GMT pragma no-cache x-powered-by Express
POST H2	204	collect region1.google-analytics.com/g/	0 0	101ms 33ms	Fetch text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-RJ4RWVVWH4&gtm=45je4cc1v882142918za200zb76025611&_p=1734536153493&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dNTIxZG&cid=273308322.1734536155&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1734536154&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&dt=BADBOX%20Botnet%20Is%20Back%20%7C%20Bitsight&en=Demandbase_Event&_fv=1&_nsi=1&_ss=1&_ee=1&ep.demandbase_company_name=(Non-Company%20Visitor)&ep.demandbase_audience=Bot&ep.demandbase_audience_segment=(Non-Company%20Visitor)&ep.demandbase_city=(Non-Company%20Visitor)&ep.demandbase_country_name=(Non-Company%20Visitor)&ep.demandbase_company_id=(Non-Company%20Visitor)&ep.demandbase_employee_range=(Non-Company%20Visitor)&ep.demandbase_industry=(Non-Company%20Visitor)&ep.demandbase_web_site=(Non-Company%20Visitor)&ep.demandbase_revenue_range=(Non-Company%20Visitor)&ep.demandbase_state=(Non-Company%20Visitor)&ep.demandbase_sub_industry=(Non-Company%20Visitor)&tfd=2023 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=G-RJ4RWVVWH4&l=dataLayer&cx=c&gtm=45He4cc1v76025611za200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitsight.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:54 GMT content-type text/plain server Golfe2
GET H2	200	startup.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/	391 KB 118 KB	42ms 42ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=95c39350d8f4b765016b0e58199c2f8b&lang=en&cb=c86474f97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 44339852d3638346c691143ce83c8a920132d365e4965f5cd5406f15aeaf5dc8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"cecae4e0ff2011bea208787f42ad3e09" age 1516 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b7b82eef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript last-modified Fri, 13 Dec 2024 22:23:21 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
POST H3	200	events Show response api.permutive.com/v2.0/batch/	101 B 130 B	36ms 35ms	XHR application/json	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash 0cd4eab65a71c3b1226520231f57b55f16cfe592d763139474eca6fe9f6f9cee Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers content-encoding gzip access-control-allow-credentials true via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 112 date Wed, 18 Dec 2024 15:35:54 GMT content-type application/json vary Origin server Permutive
GET H2	200	tangoEngine.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/	54 KB 20 KB	38ms 38ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5303f73ee46cc9e63f025425eecbf1ef107b63596e1c2fbff43ee6f630915fd4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"77be324ff083a2475d5e9459640d03b9" age 5956 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b84a56ef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript last-modified Fri, 13 Dec 2024 22:23:21 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	cookieStorage.html wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ Frame 3740	0 0	115ms 60ms	Document text/html	2606:4700::6812:1c9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/cookieStorage.html Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1c9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bitsight.com/blog/badbox-botnet-back Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Length,Content-Range age 5962 cf-cache-status HIT cf-ray 8f4039b8ccb06519-LHR content-encoding br content-type text/html date Wed, 18 Dec 2024 15:35:55 GMT last-modified Fri, 13 Dec 2024 22:23:20 GMT server cloudflare vary Accept-Encoding
POST H2	200	send analytics.audioeye.com/air/v0/	0 61 B	525ms 170ms	Ping text/plain	54.148.32.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://analytics.audioeye.com/air/v0/send Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.148.32.82 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-148-32-82.us-west-2.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers date Wed, 18 Dec 2024 15:35:55 GMT access-control-allow-origin * content-length 0
GET H2	200	launcher.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/	11 KB 4 KB	37ms 37ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/launcher.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0ca7b24eed0f4a2b07471901a20b6e8825c6aa4242574a647563a8cdec38b08c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"b51dc529f7b414ac2aa1db366eda0ff2" age 5954 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b86b14ef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript last-modified Fri, 13 Dec 2024 22:23:20 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	compliance.css wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/	2 KB 717 B	34ms 34ms	Stylesheet text/css	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/compliance.css Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"21190dc484113930ea0a8022dabce414" age 5954 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b86b19ef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/css last-modified Fri, 13 Dec 2024 22:23:20 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	compliance.bundle.js Show response wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/	56 KB 20 KB	39ms 39ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/compliance.bundle.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bd58514bd6a84dc726da96beb4e7a87b310bcbfeeb509117b4f3963d78eb4cb2 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"9672531013673cbcd35c813ada022f44" age 1515 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b86b1cef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/javascript last-modified Fri, 13 Dec 2024 22:23:20 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	fullCSS.bundle.css wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/	57 KB 12 KB	35ms 35ms	Stylesheet text/css	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/launcher.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3c7719e1df0498984ff2c45f950b216687d87747feb8f5496c41e69ad13f0738 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"beb8032c6badf6ae39e2eff29f7872c3" age 1515 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b8abefef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:54 GMT content-type text/css last-modified Fri, 13 Dec 2024 22:23:20 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	audioeye-scanner.js Show response wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.5/	335 KB 78 KB	40ms 39ms	Script text/javascript	2606:4700::6812:1d9b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.5/audioeye-scanner.js Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d9b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 68ff4707a08cd2b00384783f26e3ce2559fc65adc1fa5e0c348484092831709d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers access-control-expose-headers Content-Length,Content-Range content-encoding br cf-cache-status HIT etag W/"7ca8f1e83694fce29e87363ffdccac01" age 2079 access-control-allow-methods GET, POST, OPTIONS cf-ray 8f4039b8bc11ef23-LHR access-control-allow-origin * date Wed, 18 Dec 2024 15:35:55 GMT content-type text/javascript last-modified Thu, 12 Dec 2024 14:54:37 GMT vary Accept-Encoding server cloudflare access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	2423 Show response trackingapi.trendemon.com/api/settings/	614 B 805 B	329ms 100ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/settings/2423?callback=jsonp768935&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash 3c60266b054ef9423e379570e2ec5a603297fa1cbb49b26770a9ed07966e9f69 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 614 date Wed, 18 Dec 2024 15:35:55 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	css2 fonts.googleapis.com/	2 KB 895 B	187ms 46ms	Stylesheet text/css	2a00:1450:4001:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap Requested by Host: wsv3cdn.audioeye.com URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css Response headers content-encoding gzip x-content-type-options nosniff expires Wed, 18 Dec 2024 15:35:55 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:55 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Wed, 18 Dec 2024 14:28:03 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET DATA	200 OK	truncated /	2 KB 2 KB		Font font/truetype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer Response headers Content-Type font/truetype
GET H3	200	Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2 fonts.gstatic.com/s/schibstedgrotesk/v3/	46 KB 46 KB	47ms 46ms	Font font/woff2	142.250.185.195 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f3.1e100.net Software sffe / Resource Hash 6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://www.bitsight.com Referer https://fonts.googleapis.com/ Response headers age 149559 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Tue, 16 Dec 2025 22:03:16 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 16 Dec 2024 22:03:16 GMT last-modified Tue, 02 May 2023 14:49:56 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 46764 x-xss-protection 0 server sffe
GET H2	200	identity.min.js Show response assets.trendemon.com/global/	18 KB 6 KB	41ms 41ms	Script application/javascript	2600:9000:26e8:ee00:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/global/identity.min.js Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26e8:ee00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-amz-cf-pop FRA56-P10 content-encoding br etag W/"3f44b799c727cbac65d90f0779b8eb4e" age 55684 via 1.1 e161fd49d3d858d9f9d1d337fc91ce8e.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id Q4DQ2omdS1vqa3Jpo_WNjevETOLuVNWj6cP0reWEOcB7RhhimAkPsQ== date Wed, 18 Dec 2024 00:07:52 GMT content-type application/javascript vary accept-encoding server AmazonS3 last-modified Mon, 18 Nov 2024 12:10:15 GMT x-amz-server-side-encryption AES256
POST H3	200	state Show response api.permutive.com/v1.0/	0 34 B	895ms 895ms	XHR text/plain	34.107.254.252 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.permutive.com/v1.0/state?fetch_unseen=true&k=94d55f4b-7357-46e7-b587-ffb343195048 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 252.254.107.34.bc.googleusercontent.com Software Permutive / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-encoding gzip content-length 20 date Wed, 18 Dec 2024 15:35:55 GMT server Permutive
GET H2	200	me Show response trackingapi.trendemon.com/api/Identity/	95 B 562 B	106ms 106ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/Identity/me?accountId=2423&DomainCookie=17345361553256630&fingerPrint=e8c2eaa4f5ff191d7f0c353a0c69d4c1&callback=jsonp823155&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash 208ec8f0dd69b5d675ea5cdf407aef519ee8beb257b79f125a5d01f654ca99a0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 95 date Wed, 18 Dec 2024 15:35:55 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
POST H2	204	events Show response logx.optimizely.com/v1/	0 73 B	116ms 114ms	XHR text/plain	34.49.241.189 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://logx.optimizely.com/v1/events Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 189.241.49.34.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers x-request-id 4a7c23c8-f1f1-473c-9c09-c8552387b79a access-control-expose-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id timing-allow-origin * access-control-allow-credentials true access-control-allow-methods POST,OPTIONS via 1.1 google access-control-allow-origin https://www.bitsight.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:35:55 GMT content-type text/plain access-control-allow-headers X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
GET H2	200	marketingautomation Show response trackingapi.trendemon.com/api/	95 B 284 B	104ms 104ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2423&ClientUrl=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvYmFkYm94LWJvdG5ldC1iYWNr&CookieId=17345361553256630&MaCookie=ZDNhMWM3MWY4OWMxOGY2MDEyOGQxNjY3NjFmY2I0ZWE%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp153283&vid=2423:17345361553256630 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash 86af7b0f0e43bd5644924cc57d934c644280d007817071f4496495ec831f6236 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-store,no-cache content-length 95 date Wed, 18 Dec 2024 15:35:55 GMT pragma no-cache content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	ace-campaign Show response trackingapi.trendemon.com/api/experience/	16 B 167 B	105ms 105ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/ace-campaign?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&Referral=&callback=jsonp90993&vid=2423:17345361553256630 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash bc9345975cd1e809d2a8ddc43dd1126c8e2c1717e37c281de51419035ae2b70c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 16 date Wed, 18 Dec 2024 15:35:55 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	pageview trackingapi.trendemon.com/api/events/	43 B 286 B	271ms 271ms	Image image/gif	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://trackingapi.trendemon.com/api/events/pageview?accountId=2423&url=aHR0cHM6Ly93d3cuYml0c2lnaHQuY29tL2Jsb2cvYmFkYm94LWJvdG5ldC1iYWNr&cookie=17345361553256630&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2423:17345361553256630&r=1734536155644 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, must-revalidate pragma no-cache age 1691358 expires Mon, 01 Jan 1990 00:00:00 GMT content-length 43 date Wed, 18 Dec 2024 15:35:55 GMT content-type image/gif server Kestrel
GET H2	200	personal-stream Show response trackingapi.trendemon.com/api/experience/	15 B 166 B	100ms 100ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-stream?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&MarketingAutomationCookie=d3a1c71f89c18f60128d166761fcb4ea&ExcludedStreamsJson=%5B%5D&callback=jsonp7639&vid=2423:17345361553256630 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash 186b0fd7e1c65f0e36fd866b39eea4fab5adc467cf91f73d20821d5cda56cafe Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 15 date Wed, 18 Dec 2024 15:35:56 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	personal Show response trackingapi.trendemon.com/api/experience/	15 B 166 B	107ms 107ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&MarketingAutomationCookie=d3a1c71f89c18f60128d166761fcb4ea&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp603810&vid=2423:17345361553256630 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash 7b01f65ba52fa60db6acd3d2149be539cfea3d11a9a834d98045e7f4cb47d095 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 15 date Wed, 18 Dec 2024 15:35:56 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H2	200	personal-embedded Show response trackingapi.trendemon.com/api/experience/	2 KB 3 KB	146ms 146ms	Script application/x-javascript	52.86.43.26 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=2423&ClientUrl=https%3A%2F%2Fwww.bitsight.com%2Fblog%2Fbadbox-botnet-back&MarketingAutomationCookie=d3a1c71f89c18f60128d166761fcb4ea&Ids=%5B%5D&Groups=%5B%5D&StreamId=&callback=jsonp715117&vid=2423:17345361553256630 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.86.43.26 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-86-43-26.compute-1.amazonaws.com Software Kestrel / Resource Hash 0ae61446bb6c4897dedff8be15ae4e2d42b33890d8b976bfd72726ae4446f7cd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-length 2490 date Wed, 18 Dec 2024 15:35:56 GMT content-type application/x-javascript; charset=UTF-8 server Kestrel
GET H/1.1	200 OK	closex.png pic.trendemon.com/images/	386 B 848 B	164ms 37ms	Image image/png	65.9.66.118 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pic.trendemon.com/images/closex.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.66.118 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-66-118.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://www.bitsight.com/blog/badbox-botnet-back Response headers ETag "7da2ae17c3b671047838f7b78687a56f" Age 29653 Connection keep-alive Via 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront) Accept-Ranges bytes X-Cache Hit from cloudfront Content-Length 386 X-Amz-Cf-Id UXuoSDz_reww7hz7g53gn0FntHUDajJKGtuW4944G0_pfUkV8Ve5MA== Date Wed, 18 Dec 2024 07:21:44 GMT Content-Type image/png Last-Modified Tue, 16 Apr 2019 23:23:30 GMT Server AmazonS3 X-Amz-Cf-Pop FRA56-C1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.bitsight.com

URL

blob:https://www.bitsight.com/a862b826-d33d-4edd-9a95-a9320156cd3e

Domain

www.bitsight.com

URL

blob:https://www.bitsight.com/5aea512b-2903-44a1-b620-5fd97c2c24f9