www.forescout.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Submission: On July 24 via api (July 24th 2024, 7:34:03 am UTC) from IN — Scanned from DE

Summary HTTP 109 Redirects Behaviour Indicators

Summary

This website contacted 35 IPs in 5 countries across 29 domains to perform 109 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.forescout.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 17th 2023. Valid for: a year.

This is the only time www.forescout.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	35.201.125.192 35.201.125.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2600:1f18:e8a... 2600:1f18:e8a:cd08:3437:aff5:50c:d298	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
7	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
5	104.16.93.80 104.16.93.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:710... 2a02:26f0:7100::1720:ee10	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	34.223.194.102 34.223.194.102	16509 (AMAZON-02) (AMAZON-02)
7	95.101.111.178 95.101.111.178	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
1	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a04:4e42::644 2a04:4e42::644	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1d::9b	15169 (GOOGLE) (GOOGLE)
1	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
2	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
4	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:310... 2a02:26f0:3100::1735:2aa1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	157.240.0.35 157.240.0.35	32934 (FACEBOOK) (FACEBOOK)
2	18.196.57.203 18.196.57.203	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
109	35

30 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.forescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.125.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.125.201.35.bc.googleusercontent.com

marvel-b2-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:e8a:cd08:3437:aff5:50c:d298 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.esnchocco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.93.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-sj01.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::1720:ee10 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.223.194.102 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-223-194-102.us-west-2.compute.amazonaws.com

app.hushly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 95.101.111.178 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-178.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f6.1e100.net

9940596.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.ripe8book.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::644 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.116 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:2aa1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.57.203 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-57-203.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

privacyportal.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	forescout.com www.forescout.com	2 MB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	25 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	116 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 34577 ws.zoominfo.com — Cisco Umbrella Rank: 10891	30 KB
5	marketo.com app-sj01.marketo.com — Cisco Umbrella Rank: 414789	163 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	3 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	78 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 15834	4 KB
3	doubleclick.net 1 redirects 9940596.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	839 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 17231	26 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	345 KB
3	esnchocco.com obs.esnchocco.com — Cisco Umbrella Rank: 243942	40 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	721 B
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019 privacyportal.onetrust.com — Cisco Umbrella Rank: 4226	493 B
2	gstatic.com fonts.gstatic.com	80 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	3 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 764	702 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 26454	205 B
1	google.de www.google.de — Cisco Umbrella Rank: 6716	63 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3773
1	wistia.net fast.wistia.net — Cisco Umbrella Rank: 22069	134 KB
1	ripe8book.com secure.ripe8book.com	321 B
1	hushly.com app.hushly.com — Cisco Umbrella Rank: 182655	677 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	bc0a.com marvel-b2-cdn.bc0a.com — Cisco Umbrella Rank: 54378	4 KB
0	mimecast.com Failed security-us.mimecast.com Failed
109	29

	Domain	Requested by
30	www.forescout.com	www.forescout.com cdn.bizible.com
7	cdn.cookielaw.org	www.forescout.com cdn.cookielaw.org
6	www.facebook.com	www.forescout.com
5	app-sj01.marketo.com	www.forescout.com app-sj01.marketo.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	b.6sc.co	www.forescout.com
4	connect.facebook.net	www.forescout.com connect.facebook.net
3	js.zi-scripts.com	obs.esnchocco.com js.zi-scripts.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.forescout.com
3	cdn.bizible.com	www.googletagmanager.com www.forescout.com cdn.bizible.com
3	www.googletagmanager.com	www.forescout.com www.googletagmanager.com
3	obs.esnchocco.com	www.forescout.com obs.esnchocco.com cdn.bizible.com
2	epsilon.6sense.com	cdn.bizible.com
2	9940596.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	www.forescout.com
1	privacyportal.onetrust.com	cdn.cookielaw.org
1	ws-assets.zoominfo.com	obs.esnchocco.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	secure.adnxs.com	cdn.bizible.com
1	cdn.bizibly.com	www.forescout.com
1	www.google.de	www.forescout.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.forescout.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	fast.wistia.net	www.forescout.com
1	secure.ripe8book.com	www.googletagmanager.com
1	app.hushly.com	www.forescout.com
1	static.ads-twitter.com	www.forescout.com
1	snap.licdn.com	www.googletagmanager.com
1	marvel-b2-cdn.bc0a.com	www.forescout.com
0	security-us.mimecast.com Failed	www.forescout.com
109	36

This site contains no links.

Subject Issuer	Validity	Valid
www.forescout.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-17` - `2024-08-16`	a year	crt.sh
cdn.bc0a.com WR3	`2024-07-11` - `2024-10-09`	3 months	crt.sh
*.esnchocco.com ZeroSSL ECC Domain Secure Site CA	`2024-06-25` - `2024-09-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.google-analytics.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
app-sj01.marketo.com Cloudflare Inc ECC CA-3	`2024-03-08` - `2024-12-31`	10 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-07` - `2025-07-08`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-02` - `2024-07-31`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.hushly.com Amazon RSA 2048 M03	`2024-06-13` - `2025-07-11`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
*.doubleclick.net WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-06` - `2025-08-05`	a year	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-04` - `2025-05-06`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.google.de WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
zoominfo.com E5	`2024-07-18` - `2024-10-16`	3 months	crt.sh

This page contains 3 frames:

Frame: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/?clickcease=block
Frame ID: D19EB2E1E371F9C25AF0E98DF16E6A40
Requests: 116 HTTP requests in this frame

Frame: https://9940596.fls.doubleclick.net/activityi;dc_pre=CIDh--eUv4cDFZwbdgYdHF84LQ;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204
Frame ID: ADDDC51A1095884C59ABD8369E5231A2
Requests: 1 HTTP requests in this frame

Frame: https://app-sj01.marketo.com/index.php/form/XDFrame
Frame ID: 23BDF6547826D8494488DDDA4C7619D9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

www.forescout.com

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

109
Requests

94 %
HTTPS

47 %
IPv6

29
Domains

36
Subdomains

35
IPs

5
Countries

2944 kB
Transfer

6517 kB
Size

37
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://9940596.fls.doubleclick.net/activityi;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204 HTTP 302
https://9940596.fls.doubleclick.net/activityi;dc_pre=CIDh--eUv4cDFZwbdgYdHF84LQ;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204

Request Chain 55

https://protect-us.mimecast.com/s/gvF1C0RyxJhrQ4pAsws30K?domain=snap.licdn.com HTTP 307
https://protect-us.mimecast.com/r/NoiBeoG5AGCCbGajV72lu6W4DzpdUZWki14uqadsRs0SY7HAYpxuow-ltSEcTdnnYOoKzWAWpWHPSIe8yhm2UOR1t3I-MIT8XXccuTEklLS-aYcJ8lj10pVzNe544c9QGSyGV-uX4BOQE9IdaYVk5O8h8FtTl3pTYOW7d1bg4Cy3IVmvERpnMGdP0SjCp4SFi6XHycq_77Y-N3MWPhfadhG-aQ0iJiIubHMTOwZgMv-JkNX-Tq3Crdu9XWgGHo9Lxryc3vapQlH78WUJcIUsFxQVmkiW4xnZkwk496RGOGfueIWg0AdnYhZcqFqdFBHWUFAuhY5l6nrUwLfbESrgUf37VxPpcLl7T2XMOOM4PNLkUqG60H2S2bY8HT9gmVCqvKCAjMS93CJAAlSOgAzSfRzACBX0etza2cKtlnVDouD4MO2SHv7q3z-dxWIDU0RPu10ogHNid_grxPG0NzLX-HuPz063GI84d3GOhBtw0Y_DjaY0NvAgpIRt9dhLleDhbYejE1-g1I6zXfp_O-SVB26JWGigBhKMQp1fnIzWcOdbyUNSuBWn9uiQ5eBkNiyjgYDxR4S9sCHmfJNaH9RTQ10wfQojd7nooP-GWWezOQSQe5B0jMoCxKZCiV-XnndtDC6jryhlSe0-qMNqAQT9Dcoko0tc_v-I2g8EhTKDuUCiaBMcNINIBArwHwGVjhKngaE20tmpkVIi5Kz9tJq0xhBbSnuff4dQxfBmTdk07OJ6EAlcP8O2wwBnKLBZZpvYwWUr_rHGXQP8lxrLRuMudUFRdWc1NlQNSwpE1EaJS2CtK8QeXpSAK7UK2LcjxonlhS4LWpZPtneA29Vkwd6WTHN5-3d42qu5sLchpBuOjDPvTaRO92HrcWLLn8aagei98HpjT7zHri3g1s3xJDABnMGKlNnos2bWUbXaEJjfp6VLmGO9HksihOZC1P0ZKJLxIwPT_yt5s5v0InRl0Is9jXNxvx36VPk57Bnu2XtcB7sEnS4Ui-mEGo3No4XJirIb3ZPUOpjBu_3r26hYE4-i0FOYlKuSkTBRI3pXlmYg1YTnU5NQNLmBbvhk4AlDol36wrjUPUxwryvmSm-Z0HnBGEUjxT-hBZj_DXC2xem54gtBQQCGlx7R4q5mthEjs5kr69Ormhwd67QzNkGoFG5CIDrc6ce6mWHDx8WYtwwNpaAF68yu1Rp_DIOUJ35xMi6xjjZXYpVUlDMgLGZEFmNJIljMJNUukwlL1nE2PPeWkHdtxjAriOpLxvG_l_AYjPYQgSOVT5GrVDKt2f4JcVB2ANd9dcnfZMr820feV5a3b9WZ7_xTWdVn7D64kpEI-AiwHTWi0lUNsHVjtXomVzkxum81SeaHVj8J3pkMZT76kXhotrOOkdUZeV1qhDYmRmjqAllxT8dA9zstVveciZIs4FOP0kyPMyB9g06UpmL75ZUc3zYdpgJzHhVS3nxlyaMO_uNiP2WGugcWTWtojZi_MUeDK_L2ILKV20YibECM-xhbiuC6fF4g2sVDmAoO6FMwZMYG4uzHADrbtYmSLkrJNF1doJVWFIll_akfmm39mrNXJmEixi944EpjGgQTYNssFvVqASxT5D-kGhkLcW7YbKNKy_KTp8fUjZOa8DcDt0mgXVMGxCy_IGrIjSkGo1HBajY3lv4Xbjhf4x8Uy5WHzeWwmXYUzVytjuXBMnKrVjFC7c0O-iL_1Vb06JSgPsJyXTZNH3ClpE4A2rM0-Af7tlnzmdPyjBQVHJJwpPPS0--5jF5IhZAxY3geYfnueDFiIBTmK4MwoYZOy6vZ5CZViFY_bM2axre00SQC2kfNES61SO3HE4NxMClY7TG0Pg4y1OSesd6eV3PjBJ_PR3eR5ibXa6UhV3z7ZJi1VOOLnToVZqpCgQFxdbFygQoC1iOsfOzYjg7-2ZkxOTiSwcmuTTBGC1-knN6BalZWK8_wm2XUs0VFlJDlT2BWlrN8XIuSO3-AK7LbKUlrvtBFfVA9DhoHHek5iSHHOd1kqG6Oo8tOpDmnc59_RNEg4cobJuVfXC1haGVXUb6qodIywFF8PgU2w-veWtnBvAWhjv4G6Pl9IHsDmUdx-Xi1kO6NPiy6JOMHBCrq4JH-4beRtnriQS6B_8GiHfsekCzCAwnzwQdPcan7pE1oXPNtF_BYnsJ31Yxu87QzCDhPvtry_U7UtxtvZMw0VXbDsOQaOHL56jOoZZjYACs0dGFHw1DxooBWdQF3QuZ3ieeVFOQr_2RQZ90t0qwh3Vox7HHTpcSD2XeDSdjAYyUb3h9kjufZpz23_3qV8it2fC84VxygwHkLtRBJhdkK8OZLaKuEx_ixuQX0Fw_01IM4LBhBx0nQHx7I_kS3muSMSdZbM2e6mmDDnqVPKQoXZCg7BnTaKi4d_13E8xIHO3JPZft9IvMyiU-wy4jGUp_MNz14dJwo7Nlen7B8S5uXSEN-NEcqBAOejPVfJE5kdYi4gHwGEEMjHAU8mL8p2Wjlq6tQuzjCizlWRLejqK1h-QNFSXbxKGmGtyEwQGRrKjJgCaTJ2ura0WgLTV0JT533ISmnk687EN9IBeRAwSwiic874WkJaJzyD_5pJIng8fJuL4Eb7m7ZVuKWKAw6_tflbZgH4HcjARYXPCSxDbCK99Y2JNSqpOKTBL36FaIO0xLCb4Ju-UufvhbS HTTP 307
https://security-us.mimecast.com/ttpwp

Request Chain 59

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gtmv2&e_ipv6=AQIy4Gkwo8KxTgAAAZDjqTcqGe6pa5gn0Xdco3jS3XGJwyzNj_VGkcNQerUnZifX1Eenw-p1gg

109 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/ 153 KB
31 KB 212ms
167ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

9094547471d6e199531434f3c82b74a11121f660c5737146f2c6f80ab893ee1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8a82398d69d73723-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 24 Jul 2024 07:33:55 GMT
link: <https://www.forescout.com/wp-json/>; rel="https://api.w.org/" <https://www.forescout.com/wp-json/wp/v2/posts/88926>; rel="alternate"; title="JSON"; type="application/json" <https://www.forescout.com/?p=88926>; rel=shortlink
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding, Accept-Language
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-elasticpress-query: true
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 marvel.js Show response
marvel-b2-cdn.bc0a.com/ 9 KB
4 KB 65ms
15ms Script
application/javascript 35.201.125.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://marvel-b2-cdn.bc0a.com/marvel.js

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.125.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

192.125.201.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

190db2ea37186511e3cdfaeb6e37e68830c90647a9c18840f33ce00c03a05bd0

Security Headers

Name	Value
Content-Security-Policy	default-src self; script-src self; style-src self;
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 06:56:14 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
content-security-policy: default-src self; script-src self; style-src self;
age: 2261
x-guploader-uploadid: AHxI1nPq4hZ8RDrrcHtm3xTsTForxhUZbzuIyBKbHqXDmE-6oTMTEmYM6m_CJFZmBo-MzGIwgjM
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3142
last-modified: Wed, 12 Apr 2023 17:03:33 GMT
server: UploadServer
etag: "0b57832ab47cd1fea51ee8a2dfa4f649"
vary: Accept-Encoding
x-goog-hash: crc32c=EF0vLQ==, md5=C1eDKrR80f6lHuii36T2SQ==
x-goog-generation: 1681319013677342
access-control-allow-origin: *
content-language: en
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 3142
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 24 Jul 2024 07:56:14 GMT

GET
H2 200 8942af96335f957151c4c716450e5422.js Show response
obs.esnchocco.com/i/ 104 KB
38 KB 673ms
442ms Script
text/javascript 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.esnchocco.com/i/8942af96335f957151c4c716450e5422.js
Requested by: Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 8cd31ca57096d401d12c95d5e83a6eb2d0ec09a78fd82992c8de75947034ac59

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type: text/javascript; charset=utf-8
date: Wed, 24 Jul 2024 07:33:56 GMT
cache-control: max-age=43200
content-encoding: gzip
etag: "19fc4-fKxv+k82NQZJEXk3XD+hGAi1ym8"
content-length: 38892
expires: Wed, 24 Jul 2024 19:33:56 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 61ms
23ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40400%3B500%3B600%3B700&display=swap&ver=3447332038

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

156d6126d329168667f3fc9fd67a12202eae1ac3619318e0fff058fb74944c1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 07:26:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Jul 2024 07:33:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 17 KB
2 KB 67ms
30ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans%3Awght%40300%3B400%3B700&display=swap&ver=3105287073

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 05:45:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Jul 2024 07:33:55 GMT

GET
H2 200 app.css
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/stylesheets/ 585 KB
69 KB 78ms
76ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/stylesheets/app.css?ver=2921653230

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7e8c32b92b154d7823924d6b3caa582a01938ee390e11739f9e65c7f1afc270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 7517
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 Jul 2024 04:52:31 GMT
server: cloudflare
etag: W/"66a0888f-925aa"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398e8b493723-FRA

GET
H3 200 jquery.min.js Show response
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/ 85 KB
31 KB 63ms
63ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/jquery.min.js?ver=3590494476

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

236c0856fb6c12078ce3e1a44657999dc482b1a4176d9a1bcb7a2405dd74175e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56053
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:05 GMT
server: cloudflare
etag: W/"669f15ad-152f7"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f0b8b9f1b-FRA

GET
H2 200 front-end.js Show response
www.forescout.com/wp-content/plugins/cheq-essentials-go-to-market-security/includes/assets/js/ 2 KB
994 B 76ms
76ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/plugins/cheq-essentials-go-to-market-security/includes/assets/js/front-end.js?ver=2454696372

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ff790a17c7e80011c1a3481ccfe3640f5f90bd981574fda88509ca9f22850d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56054
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:06 GMT
server: cloudflare
etag: W/"669f15ae-97a"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398e8b4b3723-FRA

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 51ms
31ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PzcU3Ivp6w0l3AsetHXgNw==
age: 85887
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 22 Jul 2024 16:52:22 GMT
server: cloudflare
etag: 0x8DCAA6EA7FD79D6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 84d5a425-501e-00d8-5667-dc345b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a82398f4c304d84-FRA
expires: Wed, 24 Jul 2024 07:42:28 GMT

GET
H3 200 Network-Security-icon-color.svg
www.forescout.com/wp-content/uploads/2023/07/ 4 KB
1 KB 37ms
36ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/07/Network-Security-icon-color.svg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

93416923a616aa13392203b53d605fa48fbf12996f5b1484a0be2c14202ab134

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56053
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: W/"669f15a8-10f5"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f2b959f1b-FRA

GET
H3 200 REM-icon-color.svg
www.forescout.com/wp-content/uploads/2023/07/ 2 KB
1 KB 38ms
37ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/07/REM-icon-color.svg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

95a3b21bc32ac4af1bbd071621c6a90fc7c6d471add0616cf3512887aafa7644

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56053
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: W/"669f15a8-850"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f2b979f1b-FRA

GET
H3 200 XDR-icon-color.svg
www.forescout.com/wp-content/uploads/2023/07/ 2 KB
1 KB 29ms
28ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/07/XDR-icon-color.svg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

710a58566f74d9f057ca5d14c3814aad250102d4c769c017365dc9d696e1e286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56053
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: W/"669f15a8-9c9"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f2b989f1b-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 518 KB
156 KB 97ms
59ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bee32dd68e31a03df791791a3131aec7675efc0e1c1af8ca6c6d1a3107c55cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 158990
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 07:33:55 GMT

GET
H3 200 icons.svg
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/images/ 15 KB
5 KB 36ms
35ms Other
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/images/icons.svg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a078b02ab15f52a28e893c4453caecdf3903fd1a9030b618a2c2408747cefc3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56053
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:05 GMT
server: cloudflare
etag: W/"669f15ad-3da7"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f2b9b9f1b-FRA

GET
DATA 200
OK truncated
/ 301 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8c15b17fb4a453701606ae8c7a859dde61d891731369b3c9b8599d445669f90

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
32 KB 67ms
29ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40400%3B500%3B600%3B700&display=swap&ver=3447332038

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 21:09:13 GMT
x-content-type-options: nosniff
age: 123882
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Jul 2025 21:09:13 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 52ms
14ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans%3Awght%40300%3B400%3B700&display=swap&ver=3105287073

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 14:56:39 GMT
x-content-type-options: nosniff
age: 59836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 14:56:39 GMT

GET
H3 200 platform-diagram-in-screen.webp
www.forescout.com/wp-content/uploads/2023/04/ 25 KB
25 KB 30ms
29ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/04/platform-diagram-in-screen.webp

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60064a40159e3b0a55cdc4cfbcd2956f36571a121ea5907b53a4518efac951c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
alt-svc: h3=":443"; ma=86400
content-length: 25774
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: "669f15a8-64ae"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f5bd09f1b-FRA

GET
H3 200 FS-2024-VL-Riskiest-Connected-Devices-Report-Share-v2.jpg
www.forescout.com/wp-content/uploads/2024/05/ 91 KB
91 KB 43ms
41ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/05/FS-2024-VL-Riskiest-Connected-Devices-Report-Share-v2.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c458529c16df1000d89d13f37236105167f076e089f489037141f5bf1b2b1701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
cf-polished: origSize=96128, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 92841
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Jul 2024 02:29:59 GMT
server: cloudflare
etag: "669f15a7-17780"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f5bd29f1b-FRA

GET
H3 200 Customer-login-350x175-1.jpg
www.forescout.com/wp-content/uploads/2023/04/ 15 KB
16 KB 52ms
50ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/04/Customer-login-350x175-1.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f567af8fb69c5f42d9431e5e3c851bc0b14aadf85a3f248c37a8160f63f3e45a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
cf-polished: origSize=32625, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 15786
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: "669f15a8-7f71"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f5bd39f1b-FRA

GET
H3 200 RemoveTMP-function-from-yet-another-Mirai-botnet-variant.jpg
www.forescout.com/wp-content/uploads/2024/07/ 69 KB
70 KB 170ms
169ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/07/RemoveTMP-function-from-yet-another-Mirai-botnet-variant.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7238a945f16e9c4866ea5ced254db4ed00058168c91a094913f5a2275385053

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 71071
last-modified: Wed, 24 Jul 2024 04:52:25 GMT
server: cloudflare
etag: "66a08889-1159f"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f8bfe9f1b-FRA

GET
H3 200 KillDevice.png
www.forescout.com/wp-content/uploads/2024/07/ 110 KB
110 KB 165ms
164ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/07/KillDevice.png

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54e3908ce9a39d0a24874b29662238b06c7e431123a0e148baa818f92a12fcf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 112628
last-modified: Wed, 24 Jul 2024 04:52:25 GMT
server: cloudflare
etag: "66a08889-1b7f4"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f8c049f1b-FRA

GET
H3 200 Kaden-Botnet-2048x919.png
www.forescout.com/wp-content/uploads/2024/07/ 634 KB
634 KB 147ms
147ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/07/Kaden-Botnet-2048x919.png

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bba547a407cc8332d1002b0034f1814f296b79a85b536228863550f4ae97ba2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 649258
last-modified: Wed, 24 Jul 2024 04:52:25 GMT
server: cloudflare
etag: "66a08889-9e82a"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f8c069f1b-FRA

GET
H3 200 KadenTehGod.png
www.forescout.com/wp-content/uploads/2024/07/ 506 KB
507 KB 174ms
173ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/07/KadenTehGod.png

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b53561b145f2051ebfa51c5a70e05958aee689b7bca136322b64be7068b00c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 518652
last-modified: Wed, 24 Jul 2024 04:52:25 GMT
server: cloudflare
etag: "66a08889-7e9fc"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398f8c089f1b-FRA

GET
H3 200 element-in-view.css
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/stylesheets/ 16 KB
1 KB 33ms
32ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/stylesheets/element-in-view.css?ver=1655842644

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4af034de67d286232edba410c8cf34ec000ac621272865083613d89d88dbb303

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56054
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:05 GMT
server: cloudflare
etag: W/"669f15ad-4159"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f8c099f1b-FRA

GET
H2 200 forms2.js Show response
app-sj01.marketo.com/js/forms2/js/ 573 KB
158 KB 492ms
291ms Script
application/x-javascript 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj01.marketo.com/js/forms2/js/forms2.js?ver=1769859849

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73372651c533d2264e2be483feee4c78c043a17359e8ecb68ec62a76d209eded

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
cf-cache-status: HIT
age: 2950
etag: "ee0dee-8f4ff-619b21e0856c0"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8a823990cd6c3a61-FRA
expires: Wed, 24 Jul 2024 11:33:56 GMT

GET
H3 200 marketo-load-forms.js Show response
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/ 3 KB
1 KB 44ms
43ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/marketo-load-forms.js?ver=1360513116

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

320d4f66b56464552e61184aaf03cf97c9cb6116fd320a4b2787ccd7e6d9fe8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 7517
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 Jul 2024 04:52:31 GMT
server: cloudflare
etag: W/"66a0888f-a85"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f8c0b9f1b-FRA

GET
H3 200 new-tab.js Show response
www.forescout.com/wp-content/plugins/page-links-to/dist/ 34 KB
13 KB 35ms
34ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=174228161

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 56053
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:30:06 GMT
server: cloudflare
etag: W/"669f15ae-8687"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f8c0c9f1b-FRA

GET
H3 200 app-blog.js Show response
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/ 58 KB
16 KB 36ms
36ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/app-blog.js?ver=3461553758

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1cb60049221cb2783962f6f9134eec7294f9d33df4e2d2c3e0e844f8cff312c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 585
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 Jul 2024 04:52:31 GMT
server: cloudflare
etag: W/"66a0888f-e92f"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f8c0f9f1b-FRA

GET
H3 200 element-in-view.js Show response
www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/ 2 KB
1 KB 37ms
37ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-content/themes/forescout_custom_theme2021/public/javascripts/element-in-view.js?ver=3429016016

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d80b81de472417fe2ab9a98633c9cd7c53d93a700120ae4da5bb8b2c9f9ccb00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 7516
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 Jul 2024 04:52:31 GMT
server: cloudflare
etag: W/"66a0888f-877"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a82398f8c109f1b-FRA

GET
DATA 200
OK truncated
/ 579 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c477b75e32af1e53db77f93431e14ba372ef9404de3b624870a0965c832727e2

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 524 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3014c4240df6e8db9016c59c4c365f9d144873ac7c53e301a06dacaf81005364

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 167 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68510cbd133aba21c2e52f7705d6f5ec4af166b56d368d8b82a7e6990caeb67c

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 379 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: afa34783a07b64f1939359e6217cdb6ad1aa343812037ca68ecf70edeb215874

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 215 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92af99028ad2fc250a5076da11f8330976f362fe18fdc5da0c2fd08c2bb861ce

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 252 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44686d2762b49c818295f06d78de248ee59470f2013d9ecd52b43364c0c024fc

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 534 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 472824931b4905caa2bf4d0fdfdfe5b09f26ed17b2c02786b79842ba5cdf0305

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8032160fc5998b9c2ad191f310dc94bda46781463e2405abbb447d80d8a1e30

Request headers

Referer
Origin: https://www.forescout.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 FS-2024-REM-Blog-Social-v1c-1200x628-1.jpg
www.forescout.com/wp-content/uploads/2024/05/ 71 KB
71 KB 34ms
33ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/05/FS-2024-REM-Blog-Social-v1c-1200x628-1.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1cf8ed077a89dce0b2d3dc52a7ab91affab721cb85a3c526950b1863c1abf63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
cf-polished: origSize=77210, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 72726
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Jul 2024 02:29:59 GMT
server: cloudflare
etag: "669f15a7-12d9a"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398fec799f1b-FRA

GET
H3 200 marketplace_350x175-5.jpg
www.forescout.com/wp-content/uploads/2023/12/ 24 KB
25 KB 44ms
43ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/12/marketplace_350x175-5.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9bc5c6f91a6fe05823fc19edf5c518222730110ec54ae66dbec6d27497ff515

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
cf-polished: origSize=54415, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 24927
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: "669f15a8-d48f"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398fec7c9f1b-FRA

GET
H3 200 plano-office-350x175-1.jpg
www.forescout.com/wp-content/uploads/2023/07/ 43 KB
43 KB 33ms
32ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/07/plano-office-350x175-1.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5e0d047d8ed1c78d0e99edd8ed484520f56ede45ac770274be99da28373c6fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
cf-polished: origSize=65279, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 44105
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: "669f15a8-feff"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398fec7e9f1b-FRA

GET
H3 200 news-on-computer-featured-300x150-1.jpg
www.forescout.com/wp-content/uploads/2023/12/ 19 KB
19 KB 42ms
41ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2023/12/news-on-computer-featured-300x150-1.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf3fe64b9f9c0e21583c48a711e86ba125805171ca45fb76562041307656daae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56053
cf-polished: origSize=58573, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 19379
cf-bgj: imgq:100,h2pri
last-modified: Tue, 23 Jul 2024 02:30:00 GMT
server: cloudflare
etag: "669f15a8-e4cd"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398fec7f9f1b-FRA

GET
H3 200 IoT-malware-with-wiping-capabilities.jpg
www.forescout.com/wp-content/uploads/2024/07/ 54 KB
54 KB 187ms
186ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forescout.com/wp-content/uploads/2024/07/IoT-malware-with-wiping-capabilities.jpg

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f014628db0c899fa7560c53f7e6d944e05e4db842e2dda1c9d03822d739ac5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 54966
last-modified: Wed, 24 Jul 2024 04:52:25 GMT
server: cloudflare
etag: "66a08889-d6b6"
vary: Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8a82398fec839f1b-FRA

GET
H2 200 17fed17f-6520-4e49-a80d-9164973aeb71.json Show response
cdn.cookielaw.org/consent/17fed17f-6520-4e49-a80d-9164973aeb71/ 3 KB
2 KB 44ms
28ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/17fed17f-6520-4e49-a80d-9164973aeb71/17fed17f-6520-4e49-a80d-9164973aeb71.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

832e751168b5677b468c2d0296693ee4cef1667d8f170c052ca71dccd999ba82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 47006
content-md5: oAtx+KDXm+KkadRjAycfDw==
content-length: 1426
x-ms-lease-status: unlocked
last-modified: Fri, 03 Sep 2021 19:14:35 GMT
server: cloudflare
etag: 0x8D96F0F1181FDBC
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 964c80bd-301e-008d-2458-790e51000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a823990892f1d8c-FRA
expires: Thu, 25 Jul 2024 07:33:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 331 KB
106 KB 39ms
37ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BHGTEMXR2E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ed68b61f587b95b07789571b8edaa847cc898f8420d0369f8f1cc6c2aa0c1f02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108204
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 07:33:55 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 231 KB
83 KB 46ms
46ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-960263100&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c611bdef638a6f443e9618b84ff2c6db62b773b8220efcccd73ae9640065cac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84864
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 07:33:55 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 75ms
8ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67D4) /

Resource Hash

eb071f3429c047426154145f7ad18ce941c38bf886d1d6d0834196150f1eb13d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
last-modified: Thu, 18 Jul 2024 21:29:37 GMT
server: ECS (frb/67D4)
age: 37109
etag: "30aae9759d9da1:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25393

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 47ms
10ms Script
application/javascript 2a02:26f0:7100::1720:ee10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ee10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 09:19:33 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=17360
accept-ranges: bytes
content-length: 14011

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 110ms
34ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 24 Jul 2024 07:33:55 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BA9EBF51188846CD9C8436F57C8E3832 Ref B: AMS04EDGE2706 Ref C: 2024-07-24T07:33:56Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 224 KB
60 KB 58ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 07:33:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58677
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1297, tbw=2806, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: kEdHs0YPm3rypOtHTaEPzQ6Bh+wFSSuniA8PBtFzKYiuhFYT3PtuHtFsfsQtWoGLV4G9TwtluumgtWRVG/DYZA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 54ms
8ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kjyo7100146-IAD, cache-fra-etou8220133-FRA

GET
H2 200 widget.js Show response
app.hushly.com/runtime/ 32 B
677 B 575ms
179ms Script
text/javascript 34.223.194.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hushly.com/runtime/widget.js?aid=11835

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.223.194.102 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-223-194-102.us-west-2.compute.amazonaws.com

Software

Resource Hash

a7d92992008b46515578762b3e72bbdc96c2f577bf7eeb20e46027eb90ce458e

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
cache-control: max-age=0, private, must-revalidate
content-security-policy
content-type: text/javascript;charset=utf-8

GET
H2 200 ea1795a9-211c-419b-a382-2306e2eab031.js Show response
j.6sc.co/j/ 4 KB
5 KB 526ms
462ms Script
application/javascript 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/ea1795a9-211c-419b-a382-2306e2eab031.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-178.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d866788fb557fbd079080fcf781dbbc84961216f672e8ee38caf5b42411df513

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Mvvpuy0paN7k7sPbedQmQE5mAfY14YEh
date: Wed, 24 Jul 2024 07:33:56 GMT
last-modified: Tue, 25 Jul 2023 18:10:05 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256
etag: "70f7c8a46c654de96a73c3886cf8dd51"
vary: Accept-Encoding
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
accept-ranges: bytes
content-length: 4524
x-amz-cf-id: 02KOcjAupj7nOpT0oqdcQht9f9TwWSCao_CZtcLiu92TRw26Hqmknw==
expires: Wed, 24 Jul 2024 08:03:56 GMT

GET
H2

200

activityi;dc_pre=CIDh--eUv4cDFZwbdgYdHF84LQ;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204
9940596.fls.doubleclick.net/ Frame ADDD
Redirect Chain

https://9940596.fls.doubleclick.net/activityi;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204?
https://9940596.fls.doubleclick.net/activityi;dc_pre=CIDh--eUv4cDFZwbdgYdHF84LQ;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204?

0
0

165ms
164ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9940596.fls.doubleclick.net/activityi;dc_pre=CIDh--eUv4cDFZwbdgYdHF84LQ;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1083
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 07:33:56 GMT
expires: Wed, 24 Jul 2024 07:33:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 07:33:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9940596.fls.doubleclick.net/activityi;dc_pre=CIDh--eUv4cDFZwbdgYdHF84LQ;src=9940596;type=sitew0;cat=allpa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=582579623529.0204?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK 192507.js Show response
secure.ripe8book.com/js/ 16 B
321 B 216ms
30ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.ripe8book.com/js/192507.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSX3W
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d2edc6ec24ab87f2f5ad01632fc9a52599624847ff2c5a1aa8279a86cb790419

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 07:33:56 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=86400
Connection: keep-alive
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 792 KB
134 KB 125ms
33ms Script
text/javascript 2a04:4e42::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a27f4a65c7bc7f84027fb7f059d2035865604688212d914c777b07c905eeaf2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 1531
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 136983
x-served-by: cache-iad-kjyo7100146-IAD, cache-mad22044-MAD
x-browser-version: 126
last-modified: Mon, 22 Jul 2024 13:10:00 GMT
server: AmazonS3
x-timer: S1721806436.100828,VS0,VE0
etag: "ab240aa5c1377de3f68b0deb03158e6a"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: 3ba4d2888b0ab50fc9f5a6a3f7a8c6cd48080fea
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 35, 32

GET

ttpwp
security-us.mimecast.com/
Redirect Chain

https://protect-us.mimecast.com/s/gvF1C0RyxJhrQ4pAsws30K?domain=snap.licdn.com
https://protect-us.mimecast.com/r/NoiBeoG5AGCCbGajV72lu6W4DzpdUZWki14uqadsRs0SY7HAYpxuow-ltSEcTdnnYOoKzWAWpWHPSIe8yhm2UOR1t3I-MIT8XXccuTEklLS-aYcJ8lj10pVzNe544c9QGSyGV-uX4BOQE9IdaYVk5O8h8FtTl3pTYOW...
https://security-us.mimecast.com/ttpwp

0
0

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
305 B 68ms
31ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a823990fc682bb5-FRA
access-control-allow-headers: Content-Type

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
706 B 157ms
112ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 245A94A446C74F6D9CE9A3AE0D03BF30 Ref B: AMS04EDGE2222 Ref C: 2024-07-24T07:33:56Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.forescout.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYd+Uz+0JZi61JPmwSscw==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
816 B 158ms
115ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:55 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6801DD1B1D25404FAA330AD126B5E26B Ref B: AMS04EDGE1516 Ref C: 2024-07-24T07:33:56Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYd+Uz+5UZ0xNnYLfjSTA==
x-fs-uuid: 00061df94cfee54674c4d9d82df8d24c

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gt...

0
266 B

209ms
179ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gtmv2&e_ipv6=AQIy4Gkwo8KxTgAAAZDjqTcqGe6pa5gn0Xdco3jS3XGJwyzNj_VGkcNQerUnZifX1Eenw-p1gg
Requested by: Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DF0F7243B3724C73B55283C99BC82367 Ref B: FRAEDGE1607 Ref C: 2024-07-24T07:33:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYd+U0C5FMNdggRIW9zpw==

Redirect headers

date: Wed, 24 Jul 2024 07:33:55 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A4F268AB94C04E7AB78A1C83D78F0D5A Ref B: AMS04EDGE2222 Ref C: 2024-07-24T07:33:56Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2739372%2C4096249&time=1721806436005&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&tm=gtmv2&e_ipv6=AQIy4Gkwo8KxTgAAAZDjqTcqGe6pa5gn0Xdco3jS3XGJwyzNj_VGkcNQerUnZifX1Eenw-p1gg
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYd+Uz/YwROFkl2VfxvvA==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 312 KB
75 KB 24ms
23ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 9081
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 80748953-a01e-009f-3baa-377581000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8239913ece4d84-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 62ms
18ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-BHGTEMXR2E&gtm=45je47h0v893703719z871429852za200zb71429852&_p=1721806435700&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1428542212.1721806436&ul=de-de&sr=1600x1200&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1721806436&sct=1&seg=0&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&dt=Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=695&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BHGTEMXR2E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.forescout.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 68ms
19ms Ping
text/plain 2a00:1450:400c:c1d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-BHGTEMXR2E&cid=1428542212.1721806436&gtm=45je47h0v893703719z871429852za200zb71429852&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BHGTEMXR2E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.forescout.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 65ms
40ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-BHGTEMXR2E&cid=1428542212.1721806436&gtm=45je47h0v893703719z871429852za200zb71429852&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&z=672488910

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/ 43 B
329 B 8ms
8ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=4829f80446e84ae58ac6963099206bf6&_biz_l=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&_biz_t=1721806436089&_biz_i=Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout&_biz_n=0&rnd=11096&cdn_o=a&_biz_z=1721806436090

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BA) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Fri, 19 Jul 2024 21:15:25 GMT
server: ECS (frb/67BA)
age: 382711
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
205 B 26ms
8ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=4829f80446e84ae58ac6963099206bf6&_biz_l=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&_biz_t=1721806436092&_biz_i=Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout&rnd=186235&cdn_o=a&_biz_z=1721806436093

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6752) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Fri, 19 Jul 2024 21:15:27 GMT
server: ECS (frb/6752)
age: 382709
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 425737231229928 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 10ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/425737231229928?v=2.9.162&r=stable&domain=www.forescout.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dea95f388ae550daf7541f423a0e1d30e6b02bc1c51249290690eb26560d0f1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 07:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14156
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=65, mss=1297, tbw=64219, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: Y7e7POOp0rmN7Dyc8cxfi+4v8hWqX2C9BDnkz3V/3oJ0sGqgwnOzYJD5RfsIHj4+0zQAqrrCH4Vvu6OTWEKjxA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
326 B 118ms
117ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=4829f80446e84ae58ac6963099206bf6&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.07.18

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6711) /

Resource Hash

75d0999ea670709013cf2ce0d189f74f99951bc8713ae3b763e3b0c5c94fe4a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
server: ECS (frb/6711)
etag: 5B83AAC0
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 219

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/17fed17f-6520-4e49-a80d-9164973aeb71/8e2ad537-8152-4bc8-be48-587a37faad46/ 56 KB
13 KB 37ms
37ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/17fed17f-6520-4e49-a80d-9164973aeb71/8e2ad537-8152-4bc8-be48-587a37faad46/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df2ed3309e39b95892f3d7147eb0b17ade8456bc3c6366ea09dc18892e195fec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3775
content-md5: RwCRTm78lQ9Jua6LHWu0Hw==
content-length: 13474
x-ms-lease-status: unlocked
last-modified: Fri, 03 Sep 2021 19:14:38 GMT
server: cloudflare
etag: 0x8D96F0F1359100F
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3a32b454-001e-0010-100d-15fceb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a823991cb461d8c-FRA
expires: Thu, 25 Jul 2024 07:33:56 GMT

GET
H2 200 148025104.js Show response
bat.bing.com/p/action/ 335 B
403 B 34ms
33ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148025104.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e6eae0251ff9d9602e618bd779c3c7234b243fb71da5afa4e502443e9c007bd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 24 Jul 2024 07:33:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B130CD2812F4548B124AE17B4E86D32 Ref B: AMS04EDGE2706 Ref C: 2024-07-24T07:33:56Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H3 200 290472891371552 Show response
connect.facebook.net/signals/config/ 2 KB
1 KB 128ms
127ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/290472891371552?v=2.9.162&r=stable&domain=www.forescout.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108%2C190%2C189%2C191%2C196%2C197%2C198%2C194%2C186%2C125%2C127%2C155%2C185%2C187%2C116%2C149%2C138%2C143%2C180%2C122%2C222%2C109%2C120%2C121%2C223%2C157%2C113%2C129%2C117%2C146

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

8a56b1371b07d26e45fb33aae9ed3d2414e184b99e3932a673fc6e3eef2dc19a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 07:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=23, mss=1232, tbw=4619, tp=11, tpl=0, uplat=117, ullat=0
pragma: public
x-fb-debug: Vejaa9IEmwi4mTlz6suDlCiMJ82slQbZ8zDgvHo5+sw5vgVHRDosC95dEHYczXCormywUEhVfU4RMnKfjbxnMA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 33ms
8ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=425737231229928&ev=PageView&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&rl=&if=false&ts=1721806436172&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721806436169.209206040934266696&cs_est=true&ler=empty&cdl=API_unavailable&it=1721806436119&coo=false&rqm=GET

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2831, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 24 Jul 2024 07:33:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 187ms
163ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=425737231229928&ev=PageView&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&rl=&if=false&ts=1721806436172&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721806436169.209206040934266696&cs_est=true&ler=empty&cdl=API_unavailable&it=1721806436119&coo=false&rqm=FGET

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Wed, 24 Jul 2024 07:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395102334337583434", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=14, mss=1297, tbw=3149, tp=-1, tpl=-1, uplat=154, ullat=0
pragma: no-cache
x-fb-debug: bo1A3jMzIlgVYnuFuIePnGqIS/Wf3YMkMuVH4cBtev6aGgo+TPNahLmfJMBhoYStApUkCdxTW+XU6Q9Sr+gGuQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395102334337583434"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 13 KB
3 KB 24ms
23ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: r7t3xbAZ3QK/7lQuu5X7ww==
age: 22704
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:51 GMT
server: cloudflare
etag: 0x8D96DBF68EC8D5B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 565b80e3-001e-00ab-3ad1-9b493d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8239923be61d8c-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ 47 KB
11 KB 22ms
21ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +0xPzL52AeUkZsqLfWvieg==
age: 44386
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11387
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF69F1D28E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 6baaa45f-c01e-0032-53d1-9b3680000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8239923bea1d8c-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 20 KB
4 KB 23ms
23ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 07:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 44386
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 3b46c62e-501e-0099-57d1-9b494a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8a8239923bec1d8c-FRA

GET
H2 204 0
bat.bing.com/action/ 0
288 B 34ms
34ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148025104&tm=gtm002&Ver=2&mid=69659019-0051-4bcf-8f3a-2546d70a9940&sid=15847850498f11efa79d35d2c199e72b&vid=15849930498f11ef98150b7cc27261e0&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout&p=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&r=&evt=pageLoad&sv=1&cdb=AQET&rn=287722

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 07:33:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 446A580E6DBF48D4B7D793AD0C66773F Ref B: AMS04EDGE2706 Ref C: 2024-07-24T07:33:56Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 getForm Show response
app-sj01.marketo.com/index.php/form/ 4 KB
2 KB 111ms
110ms Script
application/javascript 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-sj01.marketo.com/index.php/form/getForm?munchkinId=124-WUR-613&form=11980&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&callback=jQuery37106270931457535507_1721806436329&_=1721806436330
Requested by: Host: app-sj01.marketo.com
URL: https://app-sj01.marketo.com/js/forms2/js/forms2.js?ver=1769859849
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e67b5013d20b13a30d842f3ca64fe0146ec0ac03ffc13259b3e7b445631ae1d2

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8a8239932fd83a61-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H3 500 b5b91e6909cbbd3733a825ec558006e0b8cb42b3 Show response
www.forescout.com/wp-json/forescout/is-link-to-resource/88926/ 126 B
541 B 446ms
445ms XHR
application/json 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-json/forescout/is-link-to-resource/88926/b5b91e6909cbbd3733a825ec558006e0b8cb42b3

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

f81e9f3794f0f3f5bb9746b8e053d9db171c3b21ac2c977fc8552a01e5a19228

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
x-cache-group: normal
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: YES:briefly:500
x-powered-by: WP Engine
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 126
server: cloudflare
allow: GET
vary: Origin
content-type: application/json; charset=UTF-8
x-frame-options: SAMEORIGIN
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=10, must-revalidate
x-robots-tag: noindex
link: <https://www.forescout.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 8a823993889e9f1b-FRA

GET
H3 200 1092406491327818 Show response
connect.facebook.net/signals/config/ 22 KB
3 KB 142ms
141ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1092406491327818?v=2.9.162&r=stable&domain=www.forescout.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108%2C190%2C189%2C191%2C196%2C197%2C198%2C194%2C186%2C125%2C127%2C155%2C185%2C187%2C116%2C149%2C138%2C143%2C180%2C122%2C222%2C109%2C120%2C121%2C223%2C157%2C113%2C129%2C117%2C146

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

79041f2a2d44034962f337b41e6b56e3c13f41eeecb9bf3121d6828e665affed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 07:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=26, mss=1232, tbw=8347, tp=16, tpl=0, uplat=132, ullat=0
pragma: public
x-fb-debug: JB+KlW3cvz3gzTandUZ3Ha1cnUYZ+KMaU9jhnVAAtYJjZ1L3/vZt3z+puqLLqIMUp+DL/+gtEWTXaAKQRRqcIg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 10ms
9ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=290472891371552&ev=PageView&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&rl=&if=false&ts=1721806436405&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=28&ler=empty&cdl=API_unavailable&it=1721806436119&coo=false&rqm=GET

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=14, mss=1297, tbw=5984, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 24 Jul 2024 07:33:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
846 B 44ms
43ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=290472891371552&ev=PageView&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&rl=&if=false&ts=1721806436405&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=28&ler=empty&cdl=API_unavailable&it=1721806436119&coo=false&rqm=FGET

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Wed, 24 Jul 2024 07:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395102334095510770", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1297, tbw=6130, tp=-1, tpl=-1, uplat=34, ullat=0
pragma: no-cache
x-fb-debug: Bu5KOBBSXARmEVn7C/QQhjha1RR06fE/Ukd6dNPGAmp6BrdyM+mk1B4j68iQML55DqzKpp59SmAOuff0rDpYOw==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395102334095510770"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 forms2.css
app-sj01.marketo.com/js/forms2/css/ 13 KB
3 KB 26ms
25ms Stylesheet
text/css 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj01.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-sj01.marketo.com
URL: https://app-sj01.marketo.com/js/forms2/js/forms2.js?ver=1769859849

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 3566
content-length: 2623
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
etag: "3301100-3437-619b21e0856c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8a823993d8c23a61-FRA
expires: Wed, 24 Jul 2024 11:33:56 GMT

GET
H2 200 forms2-theme-round.css
app-sj01.marketo.com/js/forms2/css/ 4 KB
1 KB 26ms
26ms Stylesheet
text/css 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj01.marketo.com/js/forms2/css/forms2-theme-round.css

Requested by

Host: app-sj01.marketo.com
URL: https://app-sj01.marketo.com/js/forms2/js/forms2.js?ver=1769859849

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 2949
content-length: 968
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
etag: "3301106-e46-619b21e0856c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8a823993d8c43a61-FRA
expires: Wed, 24 Jul 2024 11:33:56 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
18 KB 8ms
8ms Script
application/javascript 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/ea1795a9-211c-419b-a382-2306e2eab031.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-178.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 19:23:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "669182a0-10e5e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=1800
accept-ranges: bytes
content-length: 18671
expires: Wed, 24 Jul 2024 08:03:56 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
702 B 65ms
19ms XHR
application/json 185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
an-x-request-uuid: 14c6af2c-fcf6-41a7-b636-26379a54ac8b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.forescout.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 78.159.108.28; 78.159.108.28; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 45ms
9ms XHR
text/html 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-178.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:56 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.forescout.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 21 B
314 B 55ms
8ms XHR
text/html 2a02:26f0:3100::1735:2aa1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:2aa1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cab5e5b6d7b98d223cafd2ec95a3132238a2b309cceefeb0cf0bc3c3c471f080

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.forescout.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2f00:20:a::3
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721806436530_389360285_138603648_21_841_6_12_219";dur=1
content-length: 21
expires: Wed, 24 Jul 2024 07:33:56 GMT

GET
H2 200 XDFrame
app-sj01.marketo.com/index.php/form/ Frame 23BD 0
0 470ms
445ms Document
text/html 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj01.marketo.com/index.php/form/XDFrame

Requested by

Host: app-sj01.marketo.com
URL: https://app-sj01.marketo.com/js/forms2/js/forms2.js?ver=1769859849

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8a8239948ddb65c0-FRA
content-encoding: gzip
content-length: 652
content-type: text/html; charset=utf-8
date: Wed, 24 Jul 2024 07:33:57 GMT
server: cloudflare
strict-transport-security: max-age=63113904
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 10ms
10ms Image
text/plain 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1092406491327818&ev=PageView&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&rl=&if=false&ts=1721806436552&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721806436169.209206040934266696&ler=empty&cdl=API_unavailable&it=1721806436119&coo=false&rqm=GET

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4666, tp=12, tpl=0, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 24 Jul 2024 07:33:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
192 B 191ms
191ms Image
image/png 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1092406491327818&ev=PageView&dl=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&rl=&if=false&ts=1721806436552&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721806436169.209206040934266696&ler=empty&cdl=API_unavailable&it=1721806436119&coo=false&rqm=FGET

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Wed, 24 Jul 2024 07:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395102332731117800", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=5057, tp=16, tpl=0, uplat=183, ullat=0
pragma: no-cache
x-fb-debug: lLbxjcXnOSU93FEVhyqS0JGSnjD3uz1QXnOWMt7IPtaivwzCR3O2s1yaVdn23JqTQjH4Ue07eOWsNVdeSxpi7g==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395102332731117800"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 162ms
132ms Image
image/gif 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cffa8c167e0843d794a958dc13b0c823&svisitor=null&visitor=e59203c1-1c59-46af-84b9-33d61958ce6f&session=6aa8528b-f031-4c2f-8988-038f406cb8f1&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2f00%3A20%3Aa%3A%3A3%22%7D&isIframe=false&m=%7B%22description%22%3A%22Forescout%20Research%20Vedere%20Labs%20discovers%20brand%20new%20IoT%20wiper%20malware%20botnets.%20Learn%20all%20about%20the%20latest%20wiper%20variants%20and%20how%20they%20work.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&pageViewId=ca329ef3-c205-4378-81f3-15ba6f8fa43f&webTagId=ea1795a9-211c-419b-a382-2306e2eab031&ipv6=2a00%3Ac98%3A2f00%3A20%3Aa%3A%3A3&v=1.1.22

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-178.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 07:33:56 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 130ms
109ms Image
image/gif 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cffa8c167e0843d794a958dc13b0c823&svisitor=null&visitor=e59203c1-1c59-46af-84b9-33d61958ce6f&session=6aa8528b-f031-4c2f-8988-038f406cb8f1&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Forescout%20Research%20Vedere%20Labs%20discovers%20brand%20new%20IoT%20wiper%20malware%20botnets.%20Learn%20all%20about%20the%20latest%20wiper%20variants%20and%20how%20they%20work.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&pageViewId=ca329ef3-c205-4378-81f3-15ba6f8fa43f&an_uid=0&webTagId=ea1795a9-211c-419b-a382-2306e2eab031&ipv6=2a00%3Ac98%3A2f00%3A20%3Aa%3A%3A3&v=1.1.22

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-178.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 07:33:56 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 126ms
105ms Image
image/gif 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cffa8c167e0843d794a958dc13b0c823&svisitor=null&visitor=e59203c1-1c59-46af-84b9-33d61958ce6f&session=6aa8528b-f031-4c2f-8988-038f406cb8f1&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cffa8c167e0843d794a958dc13b0c823%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22024abd389523da79bfdf112191f19decef22847a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22ea1795a9-211c-419b-a382-2306e2eab031%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Forescout%20Research%20Vedere%20Labs%20discovers%20brand%20new%20IoT%20wiper%20malware%20botnets.%20Learn%20all%20about%20the%20latest%20wiper%20variants%20and%20how%20they%20work.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&pageViewId=ca329ef3-c205-4378-81f3-15ba6f8fa43f&an_uid=0&webTagId=ea1795a9-211c-419b-a382-2306e2eab031&ipv6=2a00%3Ac98%3A2f00%3A20%3Aa%3A%3A3&v=1.1.22

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-178.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:56 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 07:33:56 GMT

GET
H2 200 ct Show response
obs.esnchocco.com/ 4 KB
2 KB 459ms
459ms Script
text/javascript 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.esnchocco.com/ct?id=52173&url=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&sf=0&tpi=&ch=&uvid=&tsf=0&tsfmi=&tsfu=&cb=1721806436624&hl=2&op=0&ag=589913651&rand=931120871529192120180957128960115312703902176717601516807220740276915271575522100262&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDM1MTZdLFsiYWJuY2giLDFdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTksIisiXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCJdfSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiMTIiXSxbLTE5LCJbMTAsMTAsMTAsMTAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwXSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTYyLCI4MCJdLFstNjQsIlswLFwiXCIsW11dIl0sWy0xMiwibnVsbCJdLFstMjYsIntcInRqaHNcIjoyNjgzNjM0MSxcInVqaHNcIjoyMTMyNDg0NSxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstMjgsImVuLVVTLGVuIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDUsdHJ1ZSx0cnVlLG51bGwsMCx0cnVlLHRydWVdIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDksIi0iXSxbLTYsIi0iXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTIwLCIxNDI4NTQyMjEyLjE3MjE4MDY0MzYiXSxbLTIzLCIrIl0sWy0yNCwiW1wic2F5c3dob1wiLDAsMSwxLDFdIl0sWy0zNCwiLSJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwMTAxMTAxMDAwMDAxIl0sWy01NCwie1wiaFwiOltcIl8zXCIsXCIzMjk5OTEzNjlcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTY5LCItIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xMCwiLSJdLFstMzIsIi0iXSxbLTMzLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstNDgsIjAsMCJdLFstNTEsIi0iXSxbLTU5LCJkZWZhdWx0Il0sWy0xLCItIl0sWy0yOSwiLSJdLFstMzEsImZhbHNlIl0sWy00MSwiLSJdLFstNDYsIjAiXSxbLTU4LCItIl0sWy02MCwiLSJdLFstNjcsIi0iXSxbLTEzLCItIl0sWy0yNywiWzUwLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy00NCwiMCwwLDAsNSJdLFstNDUsIi0iXSxbLTU1LCIxIl0sWy02MywiMSJdLFstNjgsIi0iXSxbLTUsIi0iXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTM4LCJpLC0xLC0xLDAsMCwyMywwLDAsMjIsMjgwLC0xLDAsMzcwLDM3MCwxMjM1LDEyMzYiXSxbLTUwLCItIl0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRmWEJrUlVVMU5TVW9ERmhaV1cwb1hYRXBYV2xGV1dscFdGMXBXVkJaUUZnRUFEUXRZWHdBUENnb01Yd0FNRGdnTUNGb05XZzRJRHcwTUNWd01EUXNMRjFOS0F3Z0REdzRQRGdzUUZWaE5HVXNaRVZGTlRVbEtBeFlXVmx0S0YxeEtWMXBSVmxwYVZoZGFWbFFXVUJZQkFBMExXRjhBRHdvS0RGOEFEQTRJREFoYURWb09DQThOREFsY0RBMExDeGRUU2dNSUF3NEpBQThLRUE9PSJdLFstNjEsIntcIndnc2xcIjpcIjQ7cmVhZG9ubHlfYW5kX3JlYWR3cml0ZV9zdG9yYWdlX3RleHR1cmVzO3BhY2tlZF80eDhfaW50ZWdlcl9kb3RfcHJvZHVjdDt1bnJlc3RyaWN0ZWRfcG9pbnRlcl9wYXJhbWV0ZXJzO3BvaW50ZXJfY29tcG9zaXRlX2FjY2VzcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstMzAsIltcInZcIiwwXSJdLFstMzUsIlsxNzIxODA2NDM2NjIwLC0yXSJdLFstNDcsIi0iXSxbLTY1LCItIl0sWy0yLCItIl0sWy00LCItIl0sWy0xNCwiLSJdLFstNDAsIjMzIl0sWy01MiwiLSJdLFstNTMsIjEwMCJdLFstNjYsImdlb2xvY2F0aW9uLHN0b3JhZ2VhY2Nlc3MsZ2FtZXBhZCxjaGVjdCxtaWRpLGRpc3BsYXljYXB0dXJlLHVzYixicm93c2luZ3RvcGljcyxwaWN0dXJlaW5waWN0dXJlLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LGxvY2FsZm9udHMsb3RwY3JlZGVudGlhbHMsZW5jcnlwdGVkbWVkaWEsY2hzYXZlZGF0YSxjaHVhZnVsbHZlcnNpb25saXN0LGNodWF3b3c2NCxzaGFyZWRzdG9yYWdlLGNoZG93bmxpbmssY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHVhbW9kZWwsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSxzZXJpYWwsY2FtZXJhLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24scHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LGNodWEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGNodWFmb3JtZmFjdG9ycyxpZGxlZGV0ZWN0aW9uLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h3aWR0aCxjbGlwYm9hcmRyZWFkLGNodmlld3BvcnR3aWR0aCxjb21wdXRlcHJlc3N1cmUscGF5bWVudCxjaHZpZXdwb3J0aGVpZ2h0LGNocnR0LGF1dG9wbGF5LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsaGlkLGNodWFiaXRuZXNzLHNjcmVlbndha2Vsb2NrLHByaXZhdGVhZ2dyZWdhdGlvbixjbGlwYm9hcmR3cml0ZSxhdHRyaWJ1dGlvbnJlcG9ydGluZyxjaGRldmljZW1lbW9yeSxtaWNyb3Bob25lIl0sWyJibmNoIiwyOF0sWy0yMSwiLSJdLFstMjUsIi0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbImRkYiIsIjAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwxLDEsMCwwLDAsMCwwLDEsMywwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMywwIl1d&dep=0&pre=0&sdd=%7B%7D&cri=qQOMSHip7Z&pto=1243&ver=61&gac=1428542212.1721806436&mei=&ap=&fe=1&duid=1.1721806436.xCG149ZI5MHLBBsb&suid=1.1721806436.BXYbgyuYPbqHG4fK&tuid=1.1721806436.KEBUVODHurYbf5hR&fbc=1.1721806436169.209206040934266696&gtm=WyJPbmVUcnVzdExvYWRlZCIsIk9wdGFub25Mb2FkZWQiLCJPbmVUcnVzdEdyb3Vwc1VwZGF0ZWQiXQ%3D%3D&it=102%2C218%2C990&fbcl=-&gacl=-&gacsd=-&rtic=udQJWpguYB%2FFGxG2faji%2FLO04F8%3DVnziqmCPFoXSscb%2FeNqp65OctCRJaG3NRUjwdfI3ApZpStXWzUz4WeIkUiZ0BloPjyLcG7JMnLSYYAUF5hZLRA0NJD%2BG01N1RRjwvldAS3Y%2FOzxVV7YV%2BCf6Uxl%2B1ST0HA4y&bgc=15849930498f11ef98150b7cc27261e0&spa=1&urid=0&ab=&sck=-&io=Ojk2Oi0%2BOTY6LSY5NjstJj8%2BNjstJj88NjstJj8yNjstJj46NjstaGA2Oi1uc2hKeHJlaDY6LWVkbXk2Oi17c2w2Lj5JZGlhbmh%2FLjk7RGlhbmh%2FLj5P
Requested by: Host: obs.esnchocco.com
URL: https://obs.esnchocco.com/i/8942af96335f957151c4c716450e5422.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 7addfc15edcadb6b73d620431891ec67e124c5f86601b2beb1bdd86fb223dda9

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:57 GMT
content-encoding: gzip
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.forescout.com
content-length: 1348
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 745 B
721 B 30ms
14ms XHR
application/json 18.196.57.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.57.203 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-57-203.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4160094e8e7a55a3dd60c62de930a81375ddce09c11dc6d7b28332da6dbbdf14

Request headers

Referer: https://www.forescout.com/
Authorization: Token 024abd389523da79bfdf112191f19decef22847a
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag ea1795a9-211c-419b-a382-2306e2eab031

Response headers

x-trace-id: 1783216165800822644
date: Wed, 24 Jul 2024 07:33:56 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.forescout.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 399

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 45ms
9ms Preflight 18.196.57.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.57.203 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-57-203.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.forescout.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.forescout.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 24 Jul 2024 07:33:56 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 2719370129288061150

POST
H3 200 88926
www.forescout.com/wp-json/forescout/is-link-to-resource/ 851 B
784 B 1509ms
1501ms XHR
application/json 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-json/forescout/is-link-to-resource/88926

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Jul 2024 07:33:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-powered-by: WP Engine
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Language
allow: POST
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
x-robots-tag: noindex
link: <https://www.forescout.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 8a8239965c5e9f1b-FRA

POST
H3 200 admin-ajax.php
www.forescout.com/wp-admin/ 47 B
438 B 941ms
940ms XHR
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/wp-admin/admin-ajax.php

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 24 Jul 2024 07:33:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
cf-ray: 8a823997deb89f1b-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 tc_imp.gif
obs.esnchocco.com/tracker/ 43 B
79 B 283ms
283ms Image
image/gif 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.esnchocco.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268efcf35ec43899a9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5b138c6a2417071a10acf9f29f671f838380022c6d1dfb7f750cd53edb669152630726c55a035a360d5ac4ba394977be26bb25cb43e2916af05265ac5e24721bd805ec46f497d7dd3dbb2807ff2fcaa8556d8e0e3143714493d60264f660b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7288ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82d4e16f903158d9fbc1781813a26268acc11d60b889ae73d901fe46bbd71ac24cd9d36d9a6d279c9821d96496cefab6cdb3f11338ae6bf2fbb9234e2bfb94248ee21df110055288181e9b838ec78cfc8b3dcd67d791b2987de5707e7b8f753ddb819a5c20c0a77ca80ff2905d9138a67e444c588335b30b93cba96af78935c918e88893db6a9855437bb01e5a13784e3e9fff2df455d3cf9629a9de3dacc17794c2e8be25cf96c01f283e88a9061795f71e5942acbfac74e66fccbf1eadb56ca076b2238941874cc5a22ed50635baffd43f686e245a75554e1db8bf9e70c055e636121a7ca6f0368b8a121effbcddb2b968c0efe5fe98f9a8f34a473cfd4385b04b72911537688b3a082f288f2fbd7c0bc3f5c0648861df258daf2fcbb90b90650d2129007c159cc4e4d23f7f579c1e439cd5cba7a2880f1794dbbe7e9fd37079dece1b3c69f88dd85621b727995e9f1ae33c8713dbc813fea633e29b88d5844662efe33b7f8376a68eb1b7179c6c30101997745e53b9a04392ef13c38586c957cf9b9a350e362aa22fff40f301a08b7b94354222153c7c77e752ddd76652b96e94aef7328ac618852171ab147b2fceedc31648ad34acda02d015301e4bbb392d8aafd16cc85120e8ed7af38894bae922881c2d5511a40c374e8ed44905ee2eedecc0338ed4ee0f557ca46e230e1ab4622283ff916c69d5201881c18219abc6a6dd1b62ec22b16c074ade0c6726c7da055d9982b292b3ce4cb26be2378a7ba3da559db2a6393ded9a5296cbfca0cef0d5c42850ccbb7447913e8e18dd03b4a639a2cccedc6da0c688bae94c7b88f3b9bd10904682530a704d2b99c57b24d666e954c99869ee446af0675ed222ead82a66af666c0314dfe6d22f8ddc5b2165557593a69dc8ce77c54ee2f2652c9cd44754481424&cri=qQOMSHip7Z&ts=466&cb=1721806437090
Requested by: Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
date: Wed, 24 Jul 2024 07:33:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
BLOB 200
OK 544d7822-0345-4a5f-8e49-8e2e94e201d6
https://www.forescout.com/ 529 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.forescout.com/544d7822-0345-4a5f-8e49-8e2e94e201d6
Requested by: Host: www.forescout.com
URL: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89f7ef83c990c72e48cf4b4e3351fb7f1b67a7e343b775b65ae1f116d0d87ab1

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 529
Content-Type

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 59ms
36ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: obs.esnchocco.com
URL: https://obs.esnchocco.com/i/8942af96335f957151c4c716450e5422.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:57 GMT
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 43070
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
server: cloudflare
etag: W/"b2877da906a3216c4f3fc4030b205e54"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8a823999be0018f3-FRA
x-amz-cf-id: LtyiAp3cmZN5QTanw9BdKzUz8xC_7-ZuXnriSeB81FXWvZmpd-lekQ==

GET
H3 200 favicon.ico
www.forescout.com/ 15 KB
3 KB 29ms
28ms Other
image/x-icon 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e250923d66f74ef35a758577c1177bbe42682cc84ec6c632948eeb05f67319cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 55691
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 02:41:43 GMT
server: cloudflare
etag: W/"669f1867-3aee"
vary: Accept-Encoding, Accept-Encoding, Accept-Language
x-frame-options: SAMEORIGIN
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a823999b8ff9f1b-FRA

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
586 B 173ms
172ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f16972361898db9c20cf86c88c0de14b193cbfeb65941b5b6c5a6d55f2c9aa43

Request headers

visited_url: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Referer: https://www.forescout.com/
Authorization: Bearer 9b03457e3b1670002925
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 24 Jul 2024 07:33:57 GMT
via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA56-C2
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: baAv8hlQPHcEMWA=
server: cloudflare
etag: W/"cb-A6OmvBYk3kkjiSV+blgHlatk1IQ"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.forescout.com
cf-ray: 8a82399b2ddb6ade-FRA
x-amz-cf-id: cxF0cpJr83dsMQ-KqBlwymGt7KXoNHf_etXS7izxEsQgt-OD22LL_g==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 189ms
172ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.forescout.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.forescout.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: baAv6hGmvHcEMnw=
cf-cache-status: DYNAMIC
cf-ray: 8a82399a1ce16ade-FRA
date: Wed, 24 Jul 2024 07:33:57 GMT
server: cloudflare
vary: Origin
via: 1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
x-amz-cf-id: eFWYITM7h7eA7iEk-KgjiYDu3uBr3jPvotBBogR2GiSqYdD3lZlArQ==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 125ms
125ms Image
image/gif 95.101.111.178
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=cffa8c167e0843d794a958dc13b0c823&svisitor=null&visitor=e59203c1-1c59-46af-84b9-33d61958ce6f&session=6aa8528b-f031-4c2f-8988-038f406cb8f1&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2007%3A33%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2007%3A33%3A56%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Forescout%20Research%20Vedere%20Labs%20discovers%20brand%20new%20IoT%20wiper%20malware%20botnets.%20Learn%20all%20about%20the%20latest%20wiper%20variants%20and%20how%20they%20work.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emerging%20IoT%20Wiper%20Malware%3A%20Kaden%20and%20New%20LOLFME%20Botnet%20Variants%20-%20Forescout%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&pageViewId=ca329ef3-c205-4378-81f3-15ba6f8fa43f&an_uid=0&webTagId=ea1795a9-211c-419b-a382-2306e2eab031&ipv6=2a00%3Ac98%3A2f00%3A20%3Aa%3A%3A3&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-178.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 07:33:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 07:33:57 GMT

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 85ms
62ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: obs.esnchocco.com
URL: https://obs.esnchocco.com/i/8942af96335f957151c4c716450e5422.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 07:33:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 864
x-guploader-uploadid: ACJd0NpA6g6grJxT6sP4b9Lk1DdSLXrlrLUG6qoXrAMaGTaivu3ziDiih6oBWZ-bDXUNAWA87DC_dBuTjA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8a82399c6bc49256-FRA
expires: Wed, 24 Jul 2024 08:19:33 GMT

GET
H3 200 /
ws.zoominfo.com/pixel/651dcbac39971f76c49f0033/ 3 KB
2 KB 209ms
197ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/651dcbac39971f76c49f0033/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
_vtok: NzguMTU5LjEwOC4yOA==
_zitok: d03a83574523656d50ea1721806437
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

date: Wed, 24 Jul 2024 07:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.forescout.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8a82399d7897691f-FRA

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/651dcbac39971f76c49f0033/ Frame 0
0 179ms
156ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/651dcbac39971f76c49f0033/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.forescout.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.forescout.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a82399c6b4d9229-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 24 Jul 2024 07:33:57 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ 319 B
616 B 166ms
163ms Fetch
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forescout.com/
Authorization: bearer 2b10cfec995706ca500ae5d0607dc3
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 24 Jul 2024 07:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"13f-P/iEmLQUMDlX4ql8MokSLfjih6A"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.forescout.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8a82399dd933691f-FRA

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 149ms
149ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.forescout.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.forescout.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a82399cebd79229-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 24 Jul 2024 07:33:58 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 403 /
www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/ 0
0 496ms
496ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/?clickcease=block

Requested by

Host: www.forescout.com
URL: https://www.forescout.com/wp-content/plugins/cheq-essentials-go-to-market-security/includes/assets/js/front-end.js?ver=2454696372

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forescout.com/blog/emerging-iot-wiper-malware-kaden-and-new-lolfme-botnet/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, must-revalidate, private
cf-cache-status: DYNAMIC
cf-ray: 8a82399dcd7a9f1b-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 24 Jul 2024 07:33:58 GMT
server: cloudflare
status: 403 Forbidden
x-cache: MISS
x-cache-group: normal
x-cacheable: NO:403
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

POST
H2 201 consentreceipts
privacyportal.onetrust.com/request/v1/ 0
188 B 217ms
183ms Ping
text/plain 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://privacyportal.onetrust.com/request/v1/consentreceipts

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.forescout.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Jul 2024 07:33:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
cf-ray: 8a82399dff432c65-FRA
content-length: 0

POST mon
obs.esnchocco.com/ 0
0

GET
BLOB 200
OK 198fe8f7-97bd-4b4c-ae9d-ff1a03d5227f
https://www.forescout.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.forescout.com/198fe8f7-97bd-4b4c-ae9d-ff1a03d5227f
Requested by: Host: obs.esnchocco.com
URL: https://obs.esnchocco.com/i/8942af96335f957151c4c716450e5422.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 3033
Content-Type: text/javascript

GET img.gif
b.6sc.co/v1/beacon/ 0
0

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 155 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: security-us.mimecast.com
URL: https://security-us.mimecast.com/ttpwp

Domain: obs.esnchocco.com
URL: https://obs.esnchocco.com/mon

Domain: obs.esnchocco.com
URL: https://obs.esnchocco.com/mon

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=cffa8c167e0843d794a958dc13b0c823&svisitor=null&visitor=e59203c1-1c59-46af-84b9-33d61958ce6f&session=6aa8528b-f031-4c2f-8988-038f406cb8f1&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2007%3A33%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2007%3A33%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&pageViewId=ca329ef3-c205-4378-81f3-15ba6f8fa43f&an_uid=0&webTagId=ea1795a9-211c-419b-a382-2306e2eab031&ipv6=2a00%3Ac98%3A2f00%3A20%3Aa%3A%3A3&v=1.1.22

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.forescout.com/	1970-01-21 00:26:22	Name: _gcl_au Value: 1.1.1200153959.1721806436
.forescout.com/	1970-01-21 07:52:46	Name: _ga Value: GA1.1.1428542212.1721806436
.forescout.com/	1970-01-21 07:02:22	Name: _biz_uid Value: 4829f80446e84ae58ac6963099206bf6
.forescout.com/	1970-01-21 07:02:22	Name: _biz_nA Value: 1
.bizible.com/	1970-01-21 07:02:22	Name: _BUID Value: 4829f80446e84ae58ac6963099206bf6
.forescout.com/	1970-01-21 07:02:22	Name: _biz_pendingA Value: %5B%5D
.forescout.com/	1970-01-21 00:26:22	Name: _fbp Value: fb.1.1721806436169.209206040934266696
.bizibly.com/	1970-01-21 07:02:22	Name: _BUID Value: 0ebd07ba04a93a7d36f95556608d577a
.forescout.com/	1970-01-20 22:18:12	Name: _uetsid Value: 15847850498f11efa79d35d2c199e72b
.forescout.com/	1970-01-21 07:38:22	Name: _uetvid Value: 15849930498f11ef98150b7cc27261e0
.bing.com/	1970-01-21 07:38:22	Name: MUID Value: 2D29AB6C37D96720301BBFAA365A6692
.linkedin.com/	1970-01-21 07:02:22	Name: bcookie Value: "v=2&a472d3dd-96bf-458c-8758-ee0b75c333cc"
.linkedin.com/	1970-01-21 02:35:58	Name: li_gc Value: MTswOzE3MjE4MDY0MzY7MjswMjHS8KeswrRVFUa7+JbkuGhxcJ59VGflj2jD3SCg4j9R2A==
.linkedin.com/	1970-01-20 22:18:12	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3296:u=1:x=1:i=1721806436:t=1721892836:v=2:sig=AQFOaqZsFYOfacBVVGqktmZXTLx1I6HX"
.forescout.com/	1970-01-21 07:02:22	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.doubleclick.net/	1970-01-21 02:35:58	Name: receive-cookie-deprecation Value: 1
app.hushly.com/	1970-01-20 22:26:51	Name: AWSALBCORS Value: dtfPENZfLghoqfxvBiyhJZ7g0Uepvkoyi7rAR6ERxb9J74cMDfTQmuqAIaPkpV9leBVzBFkZU6Rx7AU6mdBZvYPOeZDMC2vKzFmhc3IhuH06RRLXRwbSD2EAaRgj
app.hushly.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: EDE4AC0B14677BE8AC90C50A24906C36
www.forescout.com/	1970-01-21 07:52:46	Name: _gd_visitor Value: e59203c1-1c59-46af-84b9-33d61958ce6f
www.forescout.com/	1970-01-20 22:17:00	Name: _gd_session Value: 6aa8528b-f031-4c2f-8988-038f406cb8f1
.adnxs.com/	1970-01-21 07:52:46	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-20 22:59:58	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-21 07:38:22	Name: IDE Value: AHWqTUm34kDCG8WwkaieMYEvqa5ZFEk3atixl9QjBVqR6jjuW6ku4iyPPgCHfhaW
www.forescout.com/	1970-01-20 22:26:51	Name: _an_uid Value: 0
.forescout.com/	1970-01-21 00:28:10	Name: _cq_duid Value: 1.1721806436.xCG149ZI5MHLBBsb
.forescout.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1721806436.BXYbgyuYPbqHG4fK
.app-sj01.marketo.com/	1970-01-20 22:16:48	Name: __cf_bm Value: 7kFojLy2KKBcf5nrc41Ts6sKiqOYnIYGJjBh_zI.nEM-1721806437-1.0.1.1-2DAl5RiOCnnt9ak3kyHwO_kfbbAt_xZW_seZtbMlnqjIlplXGbtVYE4OEPh8J3Wv2lfAEsyoHZudNvETPoDXvg
obs.esnchocco.com/	1970-01-21 06:20:36	Name: cg_uuid Value: f10950b65728b544ffc25f83539524b6
.forescout.com/	1970-01-20 22:18:12	Name: _cq_pxg Value: 3\|26505
.www.forescout.com/	1970-01-21 07:02:22	Name: _zitok Value: d03a83574523656d50ea1721806437
.zoominfo.com/	1970-01-20 22:16:48	Name: __cf_bm Value: RX_5P3dGlnPGAnyknky7.xd7_6D6pXuXycn4yuK8S9U-1721806437-1.0.1.1-ogDsq.A5KNV91fUXIO6kJvNmL6AcXKNpQu492R.Tp2KTfCI6S2dom.8Jt3Le9.l6b6kWsFB5rmjGbamVL3JG2Q
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: m_hFLdIWYhkjQl7wCL7wdR9ZQALC1ceiD4doUsl6g00-1721806437877-0.0.1.1-604800000
.forescout.com/	1970-01-21 07:02:22	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Jul+24+2024+09%3A33%3A58+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=6.23.0&isIABGlobal=false&consentId=10b5e5f7-6077-49ec-8777-c11b531df0dc&interactionCount=1&landingPath=https%3A%2F%2Fwww.forescout.com%2Fblog%2Femerging-iot-wiper-malware-kaden-and-new-lolfme-botnet%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0&hosts=H39%3A1%2CH35%3A0%2CH36%3A0%2CH17%3A0%2CH46%3A0%2CH28%3A0%2CH1%3A0%2CH6%3A0%2CH8%3A0%2CH47%3A0%2CH22%3A0%2CH26%3A0%2CH48%3A0%2CH27%3A0%2CH49%3A0%2CH50%3A0
www.forescout.com/	1970-01-21 07:02:26	Name: _cheq_rti_en Value: etLdKPPfnRa62jycSUznvbX1gFk%3DBM4hSLZfMxc14dnYKCy3UCgOlRuCnNmyr3wcPsyjPD0WvWFcPtSyRZs5ag56mo4Dunr26w1hTFf3riroOraTteE7ovRV75V2wYWNAyhO33l0gJDCyta2a48PUUnCiMaVPaIh
www.forescout.com/	1970-01-21 07:02:26	Name: _cheq_rti Value: etLdKPPfnRa62jycSUznvbX1gFk=BM4hSLZfMxc14dnYKCy3UCgOlRuCnNmyr3wcPsyjPD0WvWFcPtSyRZs5ag56mo4Dunr26w1hTFf3riroOraTteE7ovRV75V2wYWNAyhO33l0gJDCyta2a48PUUnCiMaVPaIh
.forescout.com/	1970-01-21 07:52:46	Name: _ga_BHGTEMXR2E Value: GS1.1.1721806436.1.0.1721806438.58.0.0
.bing.com/	1970-01-21 07:38:22	Name: MSPTC Value: gnF_TLJYaoCcCgnkEAcxx9_O4iC4nQUsBsfQmPaHoDk

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.forescout.com/wp-json/forescout/is-link-to-resource/88926/b5b91e6909cbbd3733a825ec558006e0b8cb42b3 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: chrome-error://chromewebdata/ Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9940596.fls.doubleclick.net
app-sj01.marketo.com
app.hushly.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
connect.facebook.net
epsilon.6sense.com
fast.wistia.net
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
js.zi-scripts.com
marvel-b2-cdn.bc0a.com
obs.esnchocco.com
privacyportal.onetrust.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
secure.adnxs.com
secure.ripe8book.com
security-us.mimecast.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.facebook.com
www.forescout.com
www.google.de
www.googletagmanager.com
b.6sc.co
obs.esnchocco.com
security-us.mimecast.com
104.16.117.43
104.16.118.43
104.16.93.80
13.107.42.14
141.193.213.21
146.75.120.157
152.195.15.58
157.240.0.35
157.240.251.9
172.217.18.3
172.64.150.44
18.196.57.203
185.89.211.116
2001:4860:4802:34::36
216.58.206.38
2600:1f18:e8a:cd08:3437:aff5:50c:d298
2606:4700:4400::6812:2089
2606:4700:4400::ac40:9b77
2606:4700::6813:b234
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:802::2003
2a00:1450:4001:828::2008
2a00:1450:4001:82f::200a
2a00:1450:400c:c1d::9b
2a02:26f0:3100::1735:2aa1
2a02:26f0:7100::1720:ee10
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42::644
34.223.194.102
35.201.125.192
51.11.20.152
95.101.111.178
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
12ff790a17c7e80011c1a3481ccfe3640f5f90bd981574fda88509ca9f22850d
156d6126d329168667f3fc9fd67a12202eae1ac3619318e0fff058fb74944c1d
190db2ea37186511e3cdfaeb6e37e68830c90647a9c18840f33ce00c03a05bd0
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
236c0856fb6c12078ce3e1a44657999dc482b1a4176d9a1bcb7a2405dd74175e
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2b53561b145f2051ebfa51c5a70e05958aee689b7bca136322b64be7068b00c0
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
3014c4240df6e8db9016c59c4c365f9d144873ac7c53e301a06dacaf81005364
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
320d4f66b56464552e61184aaf03cf97c9cb6116fd320a4b2787ccd7e6d9fe8b
3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4160094e8e7a55a3dd60c62de930a81375ddce09c11dc6d7b28332da6dbbdf14
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44686d2762b49c818295f06d78de248ee59470f2013d9ecd52b43364c0c024fc
472824931b4905caa2bf4d0fdfdfe5b09f26ed17b2c02786b79842ba5cdf0305
4af034de67d286232edba410c8cf34ec000ac621272865083613d89d88dbb303
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
54e3908ce9a39d0a24874b29662238b06c7e431123a0e148baa818f92a12fcf8
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
60064a40159e3b0a55cdc4cfbcd2956f36571a121ea5907b53a4518efac951c9
68510cbd133aba21c2e52f7705d6f5ec4af166b56d368d8b82a7e6990caeb67c
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
710a58566f74d9f057ca5d14c3814aad250102d4c769c017365dc9d696e1e286
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
73372651c533d2264e2be483feee4c78c043a17359e8ecb68ec62a76d209eded
75d0999ea670709013cf2ce0d189f74f99951bc8713ae3b763e3b0c5c94fe4a9
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521
79041f2a2d44034962f337b41e6b56e3c13f41eeecb9bf3121d6828e665affed
7addfc15edcadb6b73d620431891ec67e124c5f86601b2beb1bdd86fb223dda9
832e751168b5677b468c2d0296693ee4cef1667d8f170c052ca71dccd999ba82
89f7ef83c990c72e48cf4b4e3351fb7f1b67a7e343b775b65ae1f116d0d87ab1
8a56b1371b07d26e45fb33aae9ed3d2414e184b99e3932a673fc6e3eef2dc19a
8cd31ca57096d401d12c95d5e83a6eb2d0ec09a78fd82992c8de75947034ac59
9094547471d6e199531434f3c82b74a11121f660c5737146f2c6f80ab893ee1b
92af99028ad2fc250a5076da11f8330976f362fe18fdc5da0c2fd08c2bb861ce
93416923a616aa13392203b53d605fa48fbf12996f5b1484a0be2c14202ab134
95a3b21bc32ac4af1bbd071621c6a90fc7c6d471add0616cf3512887aafa7644
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
9f014628db0c899fa7560c53f7e6d944e05e4db842e2dda1c9d03822d739ac5d
a078b02ab15f52a28e893c4453caecdf3903fd1a9030b618a2c2408747cefc3d
a1cf8ed077a89dce0b2d3dc52a7ab91affab721cb85a3c526950b1863c1abf63
a27f4a65c7bc7f84027fb7f059d2035865604688212d914c777b07c905eeaf2a
a5e0d047d8ed1c78d0e99edd8ed484520f56ede45ac770274be99da28373c6fd
a7d92992008b46515578762b3e72bbdc96c2f577bf7eeb20e46027eb90ce458e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
afa34783a07b64f1939359e6217cdb6ad1aa343812037ca68ecf70edeb215874
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1cb60049221cb2783962f6f9134eec7294f9d33df4e2d2c3e0e844f8cff312c
b3489d8ddd967153384606a9a3445e5ce147f6d895ecff15576cc011c271d395
b7238a945f16e9c4866ea5ced254db4ed00058168c91a094913f5a2275385053
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
bba547a407cc8332d1002b0034f1814f296b79a85b536228863550f4ae97ba2d
bee32dd68e31a03df791791a3131aec7675efc0e1c1af8ca6c6d1a3107c55cea
bf3fe64b9f9c0e21583c48a711e86ba125805171ca45fb76562041307656daae
c458529c16df1000d89d13f37236105167f076e089f489037141f5bf1b2b1701
c477b75e32af1e53db77f93431e14ba372ef9404de3b624870a0965c832727e2
c611bdef638a6f443e9618b84ff2c6db62b773b8220efcccd73ae9640065cac9
c9bc5c6f91a6fe05823fc19edf5c518222730110ec54ae66dbec6d27497ff515
cab5e5b6d7b98d223cafd2ec95a3132238a2b309cceefeb0cf0bc3c3c471f080
d2edc6ec24ab87f2f5ad01632fc9a52599624847ff2c5a1aa8279a86cb790419
d80b81de472417fe2ab9a98633c9cd7c53d93a700120ae4da5bb8b2c9f9ccb00
d866788fb557fbd079080fcf781dbbc84961216f672e8ee38caf5b42411df513
d8c15b17fb4a453701606ae8c7a859dde61d891731369b3c9b8599d445669f90
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dea95f388ae550daf7541f423a0e1d30e6b02bc1c51249290690eb26560d0f1e
df2ed3309e39b95892f3d7147eb0b17ade8456bc3c6366ea09dc18892e195fec
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e250923d66f74ef35a758577c1177bbe42682cc84ec6c632948eeb05f67319cd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e67b5013d20b13a30d842f3ca64fe0146ec0ac03ffc13259b3e7b445631ae1d2
e6eae0251ff9d9602e618bd779c3c7234b243fb71da5afa4e502443e9c007bd4
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
eb071f3429c047426154145f7ad18ce941c38bf886d1d6d0834196150f1eb13d
ed68b61f587b95b07789571b8edaa847cc898f8420d0369f8f1cc6c2aa0c1f02
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f16972361898db9c20cf86c88c0de14b193cbfeb65941b5b6c5a6d55f2c9aa43
f567af8fb69c5f42d9431e5e3c851bc0b14aadf85a3f248c37a8160f63f3e45a
f7e8c32b92b154d7823924d6b3caa582a01938ee390e11739f9e65c7f1afc270
f8032160fc5998b9c2ad191f310dc94bda46781463e2405abbb447d80d8a1e30
f81e9f3794f0f3f5bb9746b8e053d9db171c3b21ac2c977fc8552a01e5a19228
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.forescout.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

109 Requests

94 %HTTPS

47 %IPv6

29 Domains

36 Subdomains

35 IPs

5 Countries

2944 kBTransfer

6517 kBSize

37 Cookies

0 Outgoing links

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.forescout.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

94 %
HTTPS

47 %
IPv6

29
Domains

36
Subdomains

35
IPs

5
Countries

2944 kB
Transfer

6517 kB
Size

37
Cookies

109 HTTP transactions
13 data transactions