www.bitdefender.com Open in urlscan Pro
2606:4700::6812:1a9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-thr...
Submission: On September 27 via api (September 27th 2024, 2:13:06 am UTC) from TR — Scanned from CA

Summary HTTP 190 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 63 IPs in 3 countries across 44 domains to perform 190 HTTP transactions. The main IP is 2606:4700::6812:1a9, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bitdefender.com. The Cisco Umbrella rank of the primary domain is 90916.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on October 16th 2023. Valid for: a year.

This is the only time www.bitdefender.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	2606:4700::68... 2606:4700::6812:1a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700::68... 2606:4700::6812:a8de	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:1408:ec0... 2600:1408:ec00:b::1730:cba7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	2600:1408:ec0... 2600:1408:ec00:b8e::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1408:ec0... 2600:1408:ec00:288::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	44.196.169.18 44.196.169.18	14618 (AMAZON-AES) (AMAZON-AES)
10	2600:1901:0:5... 2600:1901:0:5987::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	13.226.34.79 13.226.34.79	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:8a11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4d8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:2141:2000:d:199b:f700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.153.87.206 35.153.87.206	14618 (AMAZON-AES) (AMAZON-AES)
2	63.140.39.194 63.140.39.194	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.83.67.3 35.83.67.3	16509 (AMAZON-02) (AMAZON-02)
4	63.140.39.35 63.140.39.35	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6813:afbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1408:c40... 2600:1408:c400:26::17da:d920	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	2a05:d018:56f... 2a05:d018:56f:b802:834:8d0e:be2f:5ebe	16509 (AMAZON-02) (AMAZON-02)
8	2600:1901:0:c... 2600:1901:0:c07c::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:1408:20:... 2600:1408:20:6a0::294d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:1408:ec0... 2600:1408:ec00:286::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a03:2880:f00... 2a03:2880:f003:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:1403:9c0... 2600:1403:9c00:34::6859:aad3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a03:2880:f10... 2a03:2880:f103:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
1 2	172.217.197.156 172.217.197.156	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c0f::9b	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:1... 2600:1901:0:1e38::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2607:f8b0:400... 2607:f8b0:400d:c04::9d	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:400d:c01::9c	15169 (GOOGLE) (GOOGLE)
1 7	2607:f8b0:400... 2607:f8b0:400d:c01::93	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c08::8a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c0f::9c	15169 (GOOGLE) (GOOGLE)
2 3	172.253.122.149 172.253.122.149	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c07::9b	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:400d:c02::5e	15169 (GOOGLE) (GOOGLE)
1	52.84.18.67 52.84.18.67	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
1	18.173.219.84 18.173.219.84	16509 (AMAZON-02) (AMAZON-02)
3	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
1	18.160.10.89 18.160.10.89	16509 (AMAZON-02) (AMAZON-02)
5	152.199.2.76 152.199.2.76	15133 (EDGECAST) (EDGECAST)
1	18.164.96.90 18.164.96.90	16509 (AMAZON-02) (AMAZON-02)
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	2620:1ec:bdf::38 2620:1ec:bdf::38	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	54.220.48.221 54.220.48.221	16509 (AMAZON-02) (AMAZON-02)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:251... 2600:9000:2511:8200:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	20.110.205.119 20.110.205.119	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.122.63.128 20.122.63.128	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
190	63

30 2606:4700::6812:1a9 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:a8de (United States)

ASN13335 (CLOUDFLARENET, US)

blogapp.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:ec00:b::1730:cba7 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:1408:ec00:b8e::1e80 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:ec00:288::f09 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.196.169.18 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-169-18.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:1901:0:5987:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

app.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.226.34.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-34-79.ewr53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8a11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4d8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

2.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2141:2000:d:199b:f700:93a1 (United States)

ASN16509 (AMAZON-02, US)

euob.ofgreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.153.87.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-153-87-206.compute-1.amazonaws.com

bitdefender.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.39.194 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-194.data.adobedc.net

sstats.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.83.67.3 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-83-67-3.us-west-2.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 63.140.39.35 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-35.data.adobedc.net

starget.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:afbc (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:26::17da:d920 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a05:d018:56f:b802:834:8d0e:be2f:5ebe (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

obseu.ofgreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1901:0:c07c:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

api.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:20:6a0::294d (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobetarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:ec00:286::f09 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1403:9c00:34::6859:aad3 (Miami, United States)

ASN20940 (AKAMAI-ASN1, NL)

download.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f103:181:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.197.156 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qa-in-f156.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c0f::9b (Morganton, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:1e38:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

consent-api.service.consent.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400d:c04::9d (Morganton, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:400d:c01::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400d:c01::93 (Morganton, United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::8a (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c0f::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.122.149 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bh-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c07::9b (Morganton, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400d:c02::5e (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.18.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-18-67.ord53.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.219.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-219-84.jfk52.r.cloudfront.net

cdn.scarabresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.10.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-89.iad12.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 152.199.2.76 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-90.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::38 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.220.48.221 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-48-221.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2511:8200:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.205.119 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.122.63.128 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

p.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	bitdefender.com www.bitdefender.com — Cisco Umbrella Rank: 90916 blogapp.bitdefender.com — Cisco Umbrella Rank: 983084 sstats.bitdefender.com — Cisco Umbrella Rank: 181936 starget.bitdefender.com — Cisco Umbrella Rank: 542522 download.bitdefender.com — Cisco Umbrella Rank: 26411	1 MB
20	usercentrics.eu app.usercentrics.eu — Cisco Umbrella Rank: 8845 api.usercentrics.eu — Cisco Umbrella Rank: 6169 consent-api.service.consent.usercentrics.eu — Cisco Umbrella Rank: 15462	144 KB
15	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 53 td.doubleclick.net — Cisco Umbrella Rank: 216 stats.g.doubleclick.net — Cisco Umbrella Rank: 152 ad.doubleclick.net — Cisco Umbrella Rank: 155	15 KB
13	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 450	175 KB
11	ofgreencolumn.com euob.ofgreencolumn.com — Cisco Umbrella Rank: 320632 obseu.ofgreencolumn.com — Cisco Umbrella Rank: 239633	42 KB
9	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 158 adservice.google.com — Cisco Umbrella Rank: 389	471 B
7	google.ca www.google.ca — Cisco Umbrella Rank: 10961	447 B
6	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4150 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4335 api.hubspot.com — Cisco Umbrella Rank: 5645 track.hubspot.com — Cisco Umbrella Rank: 2877 forms.hubspot.com — Cisco Umbrella Rank: 6754	29 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 715 c.clarity.ms — Cisco Umbrella Rank: 1434 p.clarity.ms — Cisco Umbrella Rank: 7405	29 KB
4	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 10421	26 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 378 c.bing.com — Cisco Umbrella Rank: 225	17 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 112	6 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 358 px4.ads.linkedin.com — Cisco Umbrella Rank: 6989	2 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	360 KB
4	company-target.com api.company-target.com — Cisco Umbrella Rank: 4976 s.company-target.com — Cisco Umbrella Rank: 1696	5 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 271 bitdefender.demdex.net — Cisco Umbrella Rank: 436035	2 KB
4	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4997 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5703 imgsct.cookiebot.com — Cisco Umbrella Rank: 5805	35 KB
3	googlesyndication.com 1 redirects ade.googlesyndication.com — Cisco Umbrella Rank: 335 pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	1 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 196	76 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2277 alb.reddit.com — Cisco Umbrella Rank: 1488	761 B
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 6838 tag-logger.demandbase.com — Cisco Umbrella Rank: 6070	18 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1249	13 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 957 script.hotjar.com — Cisco Umbrella Rank: 1386	63 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2991 js-na1.hs-scripts.com — Cisco Umbrella Rank: 7447	2 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 13820	182 B
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 7195	171 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1133	601 B
1	t.co t.co — Cisco Umbrella Rank: 857	629 B
1	scarabresearch.com cdn.scarabresearch.com — Cisco Umbrella Rank: 15414	23 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 989	15 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52
1	adobetarget.com assets.adobetarget.com — Cisco Umbrella Rank: 32418	32 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 906	14 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 4463	911 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1572	490 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 4084	1 KB
1	gravatar.com 2.gravatar.com — Cisco Umbrella Rank: 14435	9 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2752	25 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5683	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3701	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2719	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 6402	92 KB
0	impactcdn.com Failed utt.impactcdn.com Failed
0	tiktok.com Failed analytics.tiktok.com Failed
190	44

	Domain	Requested by
30	www.bitdefender.com	www.bitdefender.com
13	assets.adobedtm.com	www.bitdefender.com assets.adobedtm.com
10	obseu.ofgreencolumn.com	euob.ofgreencolumn.com www.bitdefender.com cdn.bizible.com
10	app.usercentrics.eu	assets.adobedtm.com app.usercentrics.eu www.bitdefender.com
8	api.usercentrics.eu	app.usercentrics.eu
8	blogapp.bitdefender.com	www.bitdefender.com
7	www.google.ca
7	www.google.com	1 redirects
7	googleads.g.doubleclick.net	www.googletagmanager.com
4	cdn.bizible.com	assets.adobedtm.com cdn.bizible.com
4	td.doubleclick.net	www.googletagmanager.com
4	www.facebook.com
4	starget.bitdefender.com	assets.adobedtm.com
4	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com
3	bat.bing.com	assets.adobedtm.com bat.bing.com
3	ad.doubleclick.net	2 redirects
3	connect.facebook.net	js.hsadspixel.net connect.facebook.net
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	api.company-target.com	assets.adobedtm.com cdn.bizible.com
3	dpm.demdex.net	1 redirects www.bitdefender.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	www.redditstatic.com	www.bitdefender.com www.redditstatic.com
2	consent-api.service.consent.usercentrics.eu	app.usercentrics.eu
2	ade.googlesyndication.com	1 redirects
2	api.hubspot.com	js.usemessages.com
2	sstats.bitdefender.com	assets.adobedtm.com www.bitdefender.com
2	consent.cookiebot.com	www.bitdefender.com consent.cookiebot.com
1	p.clarity.ms	cdn.bizible.com
1	c.bing.com	1 redirects
1	tag-logger.demandbase.com	cdn.bizible.com
1	s.company-target.com	tag.demandbase.com
1	cdn.bizibly.com
1	content.hotjar.io	script.hotjar.com
1	alb.reddit.com
1	pixel-config.reddit.com	www.redditstatic.com
1	analytics.twitter.com
1	t.co
1	script.hotjar.com	static.hotjar.com
1	tag.demandbase.com	www.bitdefender.com
1	cdn.scarabresearch.com	www.bitdefender.com
1	static.ads-twitter.com	www.bitdefender.com
1	static.hotjar.com	www.bitdefender.com
1	adservice.google.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	www.google-analytics.com	www.googletagmanager.com
1	forms.hubspot.com	js.hsleadflows.net
1	download.bitdefender.com
1	track.hubspot.com
1	js-na1.hs-scripts.com	js.hs-analytics.net
1	imgsct.cookiebot.com
1	px4.ads.linkedin.com	www.bitdefender.com
1	assets.adobetarget.com	assets.adobedtm.com
1	snap.licdn.com	js.hsadspixel.net
1	perf-na1.hsforms.com	www.bitdefender.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	cm.everesttech.net	1 redirects
1	bitdefender.demdex.net	assets.adobedtm.com
1	api.hubapi.com	js.hsadspixel.net
1	euob.ofgreencolumn.com	assets.adobedtm.com
1	2.gravatar.com	www.bitdefender.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	js.hs-scripts.com	www.bitdefender.com
0	utt.impactcdn.com Failed	www.bitdefender.com
0	analytics.tiktok.com Failed	www.bitdefender.com
190	73

This site contains links to these domains. Also see Links.

Domain
login.bitdefender.com
www.messenger.com
api.whatsapp.com
www.bitdefender.fr
www.bitdefender.de
www.bitdefender.es
www.bitdefender.it
www.bitdefender.ro
www.bitdefender.au
www.bitdefender.co.uk
facebook.com
twitter.com
instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
*.bitdefender.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-16` - `2024-11-07`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh
app.usercentrics.eu WR3	`2024-08-02` - `2024-10-31`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
hsleadflows.net WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
hubspot.com E5	`2024-09-18` - `2024-12-17`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
usemessages.com WE1	`2024-08-08` - `2024-11-06`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.ofgreencolumn.com Amazon RSA 2048 M03	`2024-06-18` - `2025-07-17`	a year	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-25` - `2025-10-26`	a year	crt.sh
sstats.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-07` - `2025-04-07`	a year	crt.sh
starget.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-30` - `2024-11-30`	a year	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
api.usercentrics.eu WR3	`2024-08-01` - `2024-10-30`	3 months	crt.sh
assets.adobetarget.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-18` - `2025-02-17`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-06` - `2024-10-04`	3 months	crt.sh
download.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-20` - `2025-05-19`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
consent-api.service.consent.usercentrics.eu WR3	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.google.ca WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.scarabresearch.com Amazon RSA 2048 M03	`2024-07-23` - `2025-08-20`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-27` - `2025-09-28`	a year	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-07` - `2025-07-08`	a year	crt.sh
t.co E6	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
*.company-target.com R11	`2024-08-15` - `2024-11-13`	3 months	crt.sh
*.demandbase.com Amazon RSA 2048 M02	`2024-06-10` - `2025-07-08`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Frame ID: CC14E1D5CDBA3FB0E3E287BAD1EAF86E
Requests: 176 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: E0FC4FEE8788E4E6CD30A7187F216FC7
Requests: 1 HTTP requests in this frame

Frame: https://bitdefender.demdex.net/dest5.html?d_nsid=0
Frame ID: 23CBC3F86B55E8FB036F675A38A44546
Requests: 1 HTTP requests in this frame

Frame: https://app.usercentrics.eu/browser-sdk/4.38.4/cross-domain-bridge.html
Frame ID: DA91FC2EE5CCF0879D057AE469DD7BBE
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1040562098?random=1727403178683&cv=11&fst=1727403178683&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view
Frame ID: 2078C98CB51BA119DDE8B38DF5F1FE08
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1040562098?random=1727403178687&cv=11&fst=1727403178687&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view
Frame ID: 061EA538E5C18404B9FB975F82E69855
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=755731020.1727403179;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F
Frame ID: 0E56F5AB38E9651F0C077F2CBE1E3BA5
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-6M0GWNLLWF&gacid=1019379328.1727403179&gtm=45je49p0v869430580za200zb9190968901&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=1189962478
Frame ID: 447EC11CC5A83BCF88B456B28737BDE4
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 72A0A9898247828B68951A74F7319D7B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lumma Stealer Campaign Targets League of Legends World Championship Fans Through Social Media Ads

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

190
Requests

95 %
HTTPS

66 %
IPv6

44
Domains

73
Subdomains

63
IPs

3
Countries

2639 kB
Transfer

6566 kB
Size

80
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://login.bitdefender.com/central/signup.html?redirect_url=https%253A%252F%252Fscamio.bitdefender.com%252Fcallback%253Fadobe_mc%253DMCMID%25253D49606298742567270904132196912617774088%25257CMCORGID%25253D0E920C0F53DA9E9B0A490D45%25252540AdobeOrg%25257CTS%25253D1712675265&lang=en_US&terms_pref=all&partner_id=com.bitdefender&adobe_mc_ref=https%3A%2F%2Fscamio.bitdefender.com%2Fchat&ref=blogapp.bitdefender.com
Title: web browser

Search URL Search Domain Scan URL

URL: https://www.messenger.com/login.php?next=https%3A%2F%2Fwww.messenger.com%2Ft%2F102488646283695&ref=blogapp.bitdefender.com
Title: Facebook Messenger

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?phone=19548585275&ref=blogapp.bitdefender.com
Title: WhatsApp

Search URL Search Domain Scan URL

URL: https://www.bitdefender.fr/solutions/scamio.html?ref=blogapp.bitdefender.com&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&__hsfp=2022627939
Title: France

Search URL Search Domain Scan URL

URL: https://www.bitdefender.de/solutions/scamio.html?ref=blogapp.bitdefender.com&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&__hsfp=2022627939
Title: Germany

Search URL Search Domain Scan URL

URL: https://www.bitdefender.es/solutions/scamio.html?ref=blogapp.bitdefender.com&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&__hsfp=2022627939
Title: Spain

Search URL Search Domain Scan URL

URL: https://www.bitdefender.it/solutions/scamio.html?ref=blogapp.bitdefender.com&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&__hsfp=2022627939
Title: Italy

Search URL Search Domain Scan URL

URL: https://www.bitdefender.ro/solutions/scamio.html?ref=blogapp.bitdefender.com&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&__hsfp=2022627939
Title: Romania

Search URL Search Domain Scan URL

URL: https://www.bitdefender.au/solutions/scamio.html?ref=blogapp.bitdefender.com
Title: Australia

Search URL Search Domain Scan URL

URL: https://www.bitdefender.co.uk/solutions/scamio.html?ref=blogapp.bitdefender.com&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&__hsfp=2022627939
Title: UK

Search URL Search Domain Scan URL

URL: https://facebook.com/Bitdefender/

Search URL Search Domain Scan URL

URL: https://twitter.com/bitdefender/

Search URL Search Domain Scan URL

URL: https://instagram.com/bitdefender/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/Bitdefender/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1727403175478 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1727403175478

Request Chain 51

https://cm.everesttech.net/cm/dd?d_uuid=00946041214244135400978854005461703151 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvYUqAAAAF-cXQNx

Request Chain 78

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1727403176632&li_adsId=040faf29-c662-4b4e-ab30-0792886010d4&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1727403176632&li_adsId=040faf29-c662-4b4e-ab30-0792886010d4&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&e_ipv6=AQJXZPHh-1VmzgAAAZIxQLOrVxXDRlUNQy-v4A4SL4IaJYhu2tfF9DczgvFYQAYLNLAegWtCg5M

Request Chain 108

https://ade.googlesyndication.com/ddm/activity/src=5165113;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G100;gcd=13p3p3p3p5l1;dma_cps=-;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CJTN-aaG4ogDFZzU_QUdRuEoCw;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G100;gcd=13p3p3p3p5l1;dma_cps=-;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F

Request Chain 121

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&dma=0&npa=0&gtm=45fe49p0v9190968901za200&auid=755731020.1727403179&gdid=dMWZhNz&frm=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&dma=0&npa=0&gtm=45fe49p0v9190968901za200&auid=755731020.1727403179&gdid=dMWZhNz&frm=0

Request Chain 125

https://ad.doubleclick.net/activity;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=755731020.1727403179;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F HTTP 302
https://ad.doubleclick.net/activity;dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=755731020.1727403179;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=*;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F

Request Chain 185

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F7C3994CEF884DABB2C18BFEBEDEB4A5&RedC=c.clarity.ms&MXFR=17D402AF10596E4F0A7517A8145960E1 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F7C3994CEF884DABB2C18BFEBEDEB4A5&MUID=2CC25E1E2E3165B50AB54B192F9B64FD

190 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/ 215 KB
49 KB 904ms
550ms Document
text/html 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71c2d59bf0903617a90130e5a67411c1c737b7b8d2d09785a065a60000f8a3aa

Security Headers

Name

Value

Content-Security-Policy

default-src 'self'; img-src https: http: data:; style-src 'self' 'unsafe-inline' *.bitdefender.com fonts.googleapis.com www.gartner.com; script-src 'self' 'self' *.emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com *.google.com www.gstatic.com *.hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com *.googleadservices.com tag.demandbase.com *.doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com *.hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com *.bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net *.clarity.ms *.bitdefender.com *.scarabresearch.com www.dwin1.com *.taboola.com *.outbrain.com retrack-kupona.kuponacdn.de ad4m.at *.google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.criteo.com *.googletagservices.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.ofgreencolumn.com; frame-ancestors 'self' https: explore.bitdefender.com; object-src 'none'; frame-src www.gartner.com *.facebook.com *.google.com consentcdn.cookiebot.com bitdefender.demdex.net 5165113.fls.doubleclick.net vars.hotjar.com www.youtube.com hal9000.redintelligence.net ad.ad-srv.net forms.hsforms.com ad4m.at ws.hotjar.com s.company-target.com td.doubleclick.net *.criteo.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu; connect-src wss: ws.hotjar.com metrics.hotjar.io content.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.emarsys.net *.hubapi.com *.hubspot.com *.facebook.com assets.adobetarget.com sentry.nmbapp.net api.company-target.com *.bitdefender.com geolocation-db.com dpm.demdex.net consent.cookiebot.com *.google.com google.com *.scarabresearch.com rs.fullstory.com googleads.g.doubleclick.net consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com analytics.google.com *.clarity.ms *.doubleclick.net *.taboola.com cdn.linkedin.oribi.io vc.hotjar.io 'self' localhost blog.bitdefender-com.nmbapp.net tag-logger.demandbase.com *.bizible.com *.bizible.net px.ads.linkedin.com *.redditstatic.com *.googlesyndication.com *.cookielaw.org *.onetrust.com *.onetrust.io *.criteo.com *.reddit.com *.googleadservices.com *.usercentrics.eu *.bing.com *.ofgreencolumn.com; font-src 'self' data: www.bitdefender.com fonts.googleapis.com fonts.gstatic.com www.gartner.com; base-uri *.bitdefender.com *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.ro *.bitdefender.fr *.bitdefender.de

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c97f8ad4cdd3a09-YYZ
content-encoding: gzip
content-security-policy: default-src 'self'; img-src https: http: data:; style-src 'self' 'unsafe-inline' *.bitdefender.com fonts.googleapis.com www.gartner.com; script-src 'self' 'self' *.emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com *.google.com www.gstatic.com *.hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com *.googleadservices.com tag.demandbase.com *.doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com *.hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com *.bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net *.clarity.ms *.bitdefender.com *.scarabresearch.com www.dwin1.com *.taboola.com *.outbrain.com retrack-kupona.kuponacdn.de ad4m.at *.google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.criteo.com *.googletagservices.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.ofgreencolumn.com; frame-ancestors 'self' https: explore.bitdefender.com; object-src 'none'; frame-src www.gartner.com *.facebook.com *.google.com consentcdn.cookiebot.com bitdefender.demdex.net 5165113.fls.doubleclick.net vars.hotjar.com www.youtube.com hal9000.redintelligence.net ad.ad-srv.net forms.hsforms.com ad4m.at ws.hotjar.com s.company-target.com td.doubleclick.net *.criteo.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu; connect-src wss: ws.hotjar.com metrics.hotjar.io content.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.emarsys.net *.hubapi.com *.hubspot.com *.facebook.com assets.adobetarget.com sentry.nmbapp.net api.company-target.com *.bitdefender.com geolocation-db.com dpm.demdex.net consent.cookiebot.com *.google.com google.com *.scarabresearch.com rs.fullstory.com googleads.g.doubleclick.net consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com analytics.google.com *.clarity.ms *.doubleclick.net *.taboola.com cdn.linkedin.oribi.io vc.hotjar.io 'self' localhost blog.bitdefender-com.nmbapp.net tag-logger.demandbase.com *.bizible.com *.bizible.net px.ads.linkedin.com *.redditstatic.com *.googlesyndication.com *.cookielaw.org *.onetrust.com *.onetrust.io *.criteo.com *.reddit.com *.googleadservices.com *.usercentrics.eu *.bing.com *.ofgreencolumn.com; font-src 'self' data: www.bitdefender.com fonts.googleapis.com fonts.gstatic.com www.gartner.com; base-uri *.bitdefender.com *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.ro *.bitdefender.fr *.bitdefender.de
content-type: text/html; charset=utf-8
date: Fri, 27 Sep 2024 02:12:54 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: User-Agent, Accept-Encoding

GET
H2 200 Lumma-Stealer-Campaign-Targets-League-of-Legends-World-Championship-Fans-Through-Social-Media-Ads.jpg
blogapp.bitdefender.com/hotforsecurity/content/images/size/w600/2024/09/ 41 KB
41 KB 473ms
89ms Image
image/jpeg 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/size/w600/2024/09/Lumma-Stealer-Campaign-Targets-League-of-Legends-World-Championship-Fans-Through-Social-Media-Ads.jpg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

5824d80dcd7df09800b4965aee062d34e166ebb5fe5f27eb83cb94f8e797825b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"a2d2-19229caa1a4"
age: 124725
cf-cache-status: HIT
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 15:26:38 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b32d27a23a-YYZ
accept-ranges: bytes
content-length: 41682
x-powered-by: Express
server: cloudflare

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 110 KB
34 KB 473ms
94ms Script
application/javascript 2600:1408:ec00:b::1730:cba7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b::1730:cba7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: bfe65bab8e75348f8db2acda2e6ae0a7cebc05814e1f37044f861e01711c3fe3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-expose-headers: Request-Context
cache-control: public, max-age=168
content-encoding: gzip
etag: "36e8edb062edb1:0"
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires: Fri, 27 Sep 2024 02:15:42 GMT
accept-ranges: bytes
content-length: 34534
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript
last-modified: Tue, 24 Sep 2024 09:18:17 GMT
vary: Accept-Encoding

GET
H2 200 TagIT.v1.min.js Show response
www.bitdefender.com/scripts/ 15 KB
4 KB 209ms
206ms Script
application/x-javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

cache-control: public, must-revalidate, proxy-revalidate, max-age=0
content-encoding: gzip
cf-cache-status: MISS
etag: W/"5c8b8d2d-3b83"
pragma: public
cf-ray: 8c97f8b0c8453a09-YYZ
access-control-allow-origin: *
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/x-javascript
last-modified: Fri, 15 Mar 2019 11:31:57 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 launch-b77a56f2d5f1.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/ 543 KB
153 KB 417ms
132ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 25f82b0775d468ef51478c9a5aa42a28b077dbfe94d9fa0c3ac5f1ba72975eb5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "19a705835f3a0ae72bb75bcf91d2f1f8:1726835526.609658"
expires: Fri, 27 Sep 2024 03:12:55 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 156215
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:06 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 341979.js Show response
js.hs-scripts.com/ 3 KB
1 KB 388ms
119ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/341979.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79424b62a60fe46e235aa144113253aa0a3c4a74b08ba9a9c3b8a12a33625945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 3600
x-request-id: 1bf77205-3bee-4690-b11e-febe6e0434a2
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 78
x-content-type-options: nosniff
expires: Fri, 27 Sep 2024 02:14:25 GMT
cf-polished: origSize=2950
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:55 GMT
x-hubspot-correlation-id: 1bf77205-3bee-4690-b11e-febe6e0434a2
content-type: application/javascript;charset=utf-8
last-modified: Fri, 27 Sep 2024 02:11:15 GMT
vary: origin, Accept-Encoding
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7b8c5dd88-5vqg4
cache-control: public, max-age=90
x-envoy-upstream-service-time: 5
access-control-allow-credentials: true
cf-ray: 8c97f8b3d83b5497-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 service-worker.js Show response
www.bitdefender.com/content/dam/workers/ 132 B
574 B 571ms
570ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/content/dam/workers/service-worker.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4edd782df9a9f91a556f6334dc586c1e867e35bb47697387dd3939dff706e4ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

x-vhost: bitdefender.com
service-worker-allowed: /
etag: W/"0x8DCB15252F8A0FE"
content-encoding: gzip
cf-cache-status: MISS
x-content-type-options: nosniff
x-cache: MISS
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript
last-modified: Wed, 31 Jul 2024 11:17:11 GMT
x-served-by: cache-iad-kiad7000113-IAD
content-disposition: attachment; filename="service-worker.js"; filename*=UTF-8''service-worker.js
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: private, max-age=600, immutable
x-timer: S1727403175.790594,VS0,VS0,VE395
referrer-policy: no-referrer-when-downgrade
cf-ray: 8c97f8b249bf3a09-YYZ
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 ba6b7d7.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 5 KB
2 KB 197ms
194ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9643928ad6e50ace7659e68d135a3345b599b7aec17dda1c278f83db94cca033

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1418-1922def1440"
age: 49540
cf-ray: 8c97f8b0c8463a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 28cd59d.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 218 KB
76 KB 151ms
148ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/28cd59d.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25e217b2259bcde9a182c8f8770937cae0f7652e64ff16e17c1b9d0f3d878c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"36663-1922def1440"
age: 49540
cf-ray: 8c97f8b0c8483a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 2cdcce1.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 12 KB
4 KB 187ms
185ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/2cdcce1.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54664d1bfb3f482d78a612bee78172bb2d909d9101f792ef2e467418c7ea3efe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3089-1922def1440"
age: 49540
cf-ray: 8c97f8b0c84a3a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5e10850.css
www.bitdefender.com/blog/_nuxt/css/ 64 KB
12 KB 109ms
107ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/css/5e10850.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

452cb4fbd8dfb6bb17e8c2ed477cb19f693c4f77cfc4e9bccf09c06b73fe5888

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"10046-1922def1440"
age: 49540
cf-ray: 8c97f8b0c8393a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: text/css; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 a6188aa.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 86 KB
27 KB 197ms
196ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/a6188aa.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a88111bbff6ef6807fcc354c4c451e9dbd3902d3e477a49de2e320b997588247

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1577b-1922def1440"
age: 49540
cf-ray: 8c97f8b0c84b3a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 a948464.css
www.bitdefender.com/blog/_nuxt/css/ 1 KB
552 B 108ms
106ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/css/a948464.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

831b25d2cf0066937657444e6d8366c0e51af9ac0989def0613358d48bd45b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"432-191b8116b38"
age: 63612
cf-ray: 8c97f8b0c8413a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 03 Sep 2024 13:27:15 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 a5a86e9.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 49 KB
14 KB 125ms
123ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/a5a86e9.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aacbfd672d7ca0d1f238b54afd64661a3b1daab59b51d38dfca6341e8a67674

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"c469-1922def1440"
age: 49540
cf-ray: 8c97f8b0c84d3a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 6e55ef7.css
www.bitdefender.com/blog/_nuxt/css/ 114 B
169 B 149ms
148ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/css/6e55ef7.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6692354a1d9a4d531832e922f7e86a9e80f24562572c9dc7614a71fe5145b266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"72-191b8116b38"
age: 63612
cf-ray: 8c97f8b0c8433a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 03 Sep 2024 13:27:15 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5bdba9f.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 767 B
552 B 195ms
194ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/5bdba9f.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e3c40f3d35690d65d169ddecaec7f584850a2a89fc958c85b9cc1128df58b5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2ff-1922def1440"
age: 49540
cf-ray: 8c97f8b0c84e3a09-YYZ
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 / Show response
www.bitdefender.com/site/Main/TagIT/newsessioninit/ 33 B
677 B 672ms
671ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/site/Main/TagIT/newsessioninit/?callback=&l=en&ch=1727403176

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
cf-ray: 8c97f8b249c03a09-YYZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI ADM DEV COM NAV OUR STP"
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript
server: cloudflare

GET
H2 200 LOL.png
blogapp.bitdefender.com/hotforsecurity/content/images/2024/09/ 723 KB
724 KB 249ms
136ms Image
image/png 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/2024/09/LOL.png

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

c4129a4a7fdd00c7a0ec3e3a9da9e5a44808e5c06e9aba821e00dfe5a9363240

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-cache-status: HIT
etag: W/"b4be6-19229c5cdce"
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 15:21:22 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b32d28a23a-YYZ
accept-ranges: bytes
content-length: 740326
x-powered-by: Express
server: cloudflare

GET
H2 200 LOL-malicious-ad.png
blogapp.bitdefender.com/hotforsecurity/content/images/2024/09/ 143 KB
143 KB 679ms
566ms Image
image/png 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/2024/09/LOL-malicious-ad.png

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

98b232e09d6c21b2417ea5c3478d8fd7d316351da33eae941bb518e8c4510eaf

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-cache-status: HIT
etag: W/"23a9c-19229c5fdd6"
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:54 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 15:21:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b32d29a23a-YYZ
accept-ranges: bytes
content-length: 146076
x-powered-by: Express
server: cloudflare

GET
H2 200 bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame E0FC 0
0 492ms
158ms Document
text/html 2600:1408:ec00:288::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:288::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=29558534
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 27 Sep 2024 02:12:55 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Thu, 04 Sep 2025 04:55:09 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1727403175381_389047436_994751825_14_552_63_82_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cc.js Show response
consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/ 375 B
601 B 506ms
505ms Script
application/x-javascript 2600:1408:ec00:b::1730:cba7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/cc.js?renew=false&referer=www.bitdefender.com&dnt=false&init=false&culture=en_US
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b::1730:cba7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 018f9e1aaada6e0c449d70167f3609fd5e8d028715e9ddf56cd5e6886d5ab140

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: private, max-age=60
access-control-expose-headers: Request-Context
content-encoding: gzip
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
content-length: 364
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 / Show response
www.bitdefender.com/site/Main/TagIT/getparams/ 53 B
134 B 623ms
622ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/site/Main/TagIT/getparams/?callback=TagIT_getParams_callback&callback2=&l=en&ch=1727403177

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
cf-ray: 8c97f8b66e7e3a09-YYZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI ADM DEV COM NAV OUR STP"
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript
server: cloudflare

GET
H2

200

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1727403175478
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1727403175478

965 B
1 KB

93ms
92ms

XHR
application/json

44.196.169.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1727403175478

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Server

44.196.169.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-169-18.compute-1.amazonaws.com

Software

Resource Hash

2c39572fa12042fa16d1c80d75d08256b501aadd421d91d9c66699a2ea384a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-va6-1-v064-0fb970f5e.edge-va6.demdex.com 3 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: AULEVpteQLk=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.bitdefender.com
content-length: 552
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/json;charset=utf-8
vary: Origin

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location: https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1727403175478
dcs: dcs-prod-va6-1-v064-0200d14d8.edge-va6.demdex.com 0 ms
pragma: no-cache
access-control-allow-credentials: true
x-tid: 6KAaPa7fQR8=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.bitdefender.com
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Fri, 27 Sep 2024 02:12:55 GMT
vary: Origin

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 35 KB
13 KB 68ms
67ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
expires: Fri, 27 Sep 2024 03:12:55 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 13012
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 3 KB
2 KB 80ms
80ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
expires: Fri, 27 Sep 2024 03:12:55 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 1597
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 loader.js Show response
app.usercentrics.eu/browser-ui/latest/ 33 KB
9 KB 269ms
48ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/latest/loader.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ad29a345ff4e0d3d78a7c95c1e39c24a5e39ce0b1c36ce1f1ad9510382fefd44

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Type, Content-Length, Transfer-Encoding
content-encoding: gzip
x-goog-hash: crc32c=LoTiLg==, md5=2m/YaWSIIpsB7mg8hopp1A==
etag: "da6fd8696488229b01ee683c868a69d4"
age: 1909
x-goog-stored-content-encoding: gzip
expires: Fri, 27 Sep 2024 02:41:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 8553
date: Fri, 27 Sep 2024 01:41:06 GMT
last-modified: Tue, 17 Sep 2024 11:17:07 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljuSXrC54ATe9lUuQIohKgaaMDgF-kx8PcSNTMSdhX7YfOjI-ryCVZ6xAPJKMzR6lOOIS-lw1D1UcQ
strict-transport-security: max-age=7776000
cache-control: public, max-age=3600, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571827632279
content-length: 8553
server: UploadServer

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 2 KB
2 KB 343ms
116ms XHR
application/json 13.226.34.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?&page=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&referrer=&page_title=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.34.79 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-34-79.ewr53.r.cloudfront.net

Software

nginx /

Resource Hash

7b6a16679020f1bc0f124cc69c76997775687bef6efd1425a8da27b79434a34d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CENTRAL
access-control-allow-methods: GET, POST, OPTIONS
request-id: dc62143d-a6c0-424e-ae8e-700eaaffcb12
expires: Thu, 26 Sep 2024 02:12:55 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: -x_2pqwMET8qAouaVMhE_rxMiMhE-KLke8kPNKSW6P4Vj_-pI-YlUQ==
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 343d70dd2c23b73057116d47a342c588.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitdefender.com
x-amz-cf-pop: EWR53-C2
server: nginx

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 1338ms
61ms Script
application/javascript 2606:4700::6812:8a11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8a11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1233a49c4ecec12fed969bc83cd6ba59d8b2b88bef31988d9384f7e54c42e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/

Response headers

x-request-id: d7e684f6-907d-4dc6-8ff1-7e725b1e27f6
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7d65c542c3a53442feef1a0f44071183"
x-amz-version-id: WgPQEOT.QDI5zKnRYhaKsuHqDz44RIEz
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 53400
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Jf4LuAbCiuG-GRbneaMNCmugCTBShC8vq7DtgzNFQc4sQdanXp7bnQ==
x-hubspot-correlation-id: d7e684f6-907d-4dc6-8ff1-7e725b1e27f6
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Sep 2024 08:49:54 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-ncl8g
x-envoy-upstream-service-time: 2
x-hs-target-asset: lead-flows-js/static-1.1627/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
vary: Accept-Encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1627/bundle/main/lead-flows-release.js&cfRay=8c26e779e9db3943-IAD
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
cf-ray: 8c97f8bf3f9dab18-YYZ
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 341979.js Show response
js.hs-banner.com/ 70 KB
21 KB 285ms
68ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/341979.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e762dea4a25bf3b8c1fdae8951feaa2a41c8962e3a3145996efcfb78d79333cc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 7dfb8374-81a2-4c04-8d81-dcccbb8642ef
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"28538b58da5874462a53c5457bef88e7"
x-amz-version-id: 9nLDsADg80vL15QrNMBBb9toGslqVvQF
age: 30
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Fri, 27 Sep 2024 02:17:25 GMT
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:55 GMT
x-hubspot-correlation-id: 7dfb8374-81a2-4c04-8d81-dcccbb8642ef
content-type: text/javascript; charset=UTF-8
last-modified: Thu, 12 Sep 2024 08:44:46 GMT
vary: origin, Accept-Encoding
x-amz-id-2: OZ9DjK3n3Xwbxi283xdLfWflcvtQ/HuOrGy5KkuZCQTKX4cdapmOyuCkDlBRUbW1ru74Grney9g=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-qc5bs
x-envoy-upstream-service-time: 24
access-control-allow-credentials: true
x-amz-request-id: FF0D58F2RB87GM59
cf-ray: 8c97f8b898fcaad3-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
24 KB 285ms
69ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/

Response headers

x-request-id: 8328ab2c-7b67-462b-a2cb-ae9268657b1f
content-encoding: gzip
cf-cache-status: HIT
etag: W/"edf91c1320ba2916398ed791b63187bc"
x-amz-version-id: 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
age: 30
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5POCweQNcTbC4vOqzBiDpT8ewvgqTkluUoGWCamTanTersSKCv4rhDL41gfMsVfJtusjsePG%2Fy%2BG9JnlSFNr%2BW0tXePG5mMI9N1cfkVT0Rg2fHZZc%2BSgWbYRSWp%2BsEsZ%2B0kZ%2BwLjpSq6nNQ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: mwzMhmMZ9MFudBGvy8iwejYO0iLO5s-wXjaN_f-Q0EaIqeG1k__f9w==
x-hubspot-correlation-id: 8328ab2c-7b67-462b-a2cb-ae9268657b1f
content-type: application/javascript; charset=utf-8
last-modified: Wed, 28 Aug 2024 20:01:26 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-ps9qc
x-envoy-upstream-service-time: 1
x-hs-target-asset: web-interactives-embed/static-2.1426/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Fri, 27 Sep 2024 02:12:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8c3e71395bab43c2-ATL
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
cf-ray: 8c97f8b89cddb405-YYZ
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 273ms
57ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b30932e8af07c0174672c55f4e3b294051d8e5b4c396d2af040be03e5ae5e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 94d0160a-8017-451a-84bc-9dad959ff37f
content-encoding: gzip
cf-cache-status: HIT
etag: W/"db51794095efbc70686cda079806d90d"
x-amz-version-id: lUGEKOASXX8DNc.TOnY7d8HqUvlLFzSm
age: 170
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: jMmDJHeZlOIOHKXazLmATD4LWVjZ_wDMLG1H9Zu9ECEAbA-tnLFyGA==
date: Fri, 27 Sep 2024 02:12:55 GMT
x-hubspot-correlation-id: 94d0160a-8017-451a-84bc-9dad959ff37f
content-type: application/javascript; charset=utf-8
last-modified: Thu, 26 Sep 2024 14:18:50 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-snphl
x-envoy-upstream-service-time: 5
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.600/bundles/pixels-release.js&cfRay=8c94bedfabe4ab36-YYZ
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-ray: 8c97f8b89ba6ac2e-YYZ
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.600/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 89 KB
25 KB 309ms
58ms Script
application/javascript 2606:4700::6810:4d8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4d8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c1a897ff5cd65689bc00765a26509b5815873afbe32ce7be33f80cfcba35fcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: f87a7980-c865-47aa-9d66-03ca6e6d8ab4
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: KEYEKh3SOKh2r8pezHQCyJb9PWnhzti.
etag: W/"e12fd1a05aa7be2b2e4c8ff50e7cb56d"
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
age: 484
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: I1d2Oafn080CbrxbYhBgOlRjCBkpg52zSx9tLjDejFXnAdIj5yrnMg==
date: Fri, 27 Sep 2024 02:12:55 GMT
x-hubspot-correlation-id: f87a7980-c865-47aa-9d66-03ca6e6d8ab4
content-type: application/javascript; charset=utf-8
last-modified: Wed, 18 Sep 2024 20:04:50 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-4qcrc
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.18050/bundles/project.js&cfRay=8c540162cd0381c9-IAD
via: 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
cf-ray: 8c97f8b8d83c36a3-YYZ
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.18050/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 341979.js Show response
js.hs-analytics.net/analytics/1727403000000/ 70 KB
25 KB 271ms
57ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1727403000000/341979.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b12fb0eeecdba5a2b18fef838397e958f82a33c7ab8e2697fac08d8e6f4946c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 908888bc-1bbf-4930-8fad-e2bd263f848f
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2d5b1b841c7ed3870a90c0d93cd05742"
x-amz-version-id: null
age: 30
expires: Fri, 27 Sep 2024 02:16:16 GMT
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:55 GMT
x-hubspot-correlation-id: 908888bc-1bbf-4930-8fad-e2bd263f848f
content-type: text/javascript
last-modified: Tue, 24 Sep 2024 15:12:48 GMT
vary: origin, Accept-Encoding
x-amz-id-2: +9KECnJqdkyc/2ACK3MFVYkEdVvCAcWgrEwsdmcZbEClkQrNKXF7dR44siQiVnVrvISteC1M5Jk=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-8t98f
x-envoy-upstream-service-time: 21
access-control-allow-credentials: false
x-amz-request-id: X3BHJ9F86WMVENWJ
cf-ray: 8c97f8b8990836ff-YYZ
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 7e0e565.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 16 KB
6 KB 66ms
65ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/7e0e565.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4307e7ad77600ee920b4b1acad26e955c666b533f813c02511a3474da019c6a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3fbe-1922def1440"
age: 49534
cf-ray: 8c97f8b778973a09-YYZ
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 eae19ae.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 37 KB
11 KB 67ms
67ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/eae19ae.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14b0c3562cb883c5800ba70ccafff751d7a1c75b0215a72da07d3eba825c874d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"924f-1922def1440"
age: 49534
cf-ray: 8c97f8b778983a09-YYZ
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 geoip Show response
www.bitdefender.com/ 64 B
157 B 62ms
61ms Fetch
application/json 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/geoip
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/a6188aa.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52f29f835d2a32bd817c28fbbfd75f607e410e09153503d4849fa9cac350c531

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

cf-ray: 8c97f8b7f9193a09-YYZ
content-encoding: gzip
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 8438d6e3076d0baf471aec1235424fcf
2.gravatar.com/avatar/ 9 KB
9 KB 363ms
64ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2.gravatar.com/avatar/8438d6e3076d0baf471aec1235424fcf?s=64&d=mm&r=g
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 617d763a44556f21e2fa86239bd209a0dd0b39b2c8061dd25883b139c67f03b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

link: <https://gravatar.com/avatar/8438d6e3076d0baf471aec1235424fcf?s=64&d=mm&r=g>; rel="canonical"
cache-control: max-age=300
x-nc: HIT mdw 2
expires: Fri, 27 Sep 2024 02:17:56 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 9041
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: image/png
last-modified: Fri, 10 Jan 2020 08:55:34 GMT
server: nginx
content-disposition: inline; filename="8438d6e3076d0baf471aec1235424fcf.png"

GET
H2 200 Lumma-Stealer-Campaign-Targets-League-of-Legends-World-Championship-Fans-Through-Social-Media-Ads.jpg
blogapp.bitdefender.com/hotforsecurity/content/images/size/w1000/2024/09/ 88 KB
88 KB 121ms
119ms Image
image/jpeg 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/size/w1000/2024/09/Lumma-Stealer-Campaign-Targets-League-of-Legends-World-Championship-Fans-Through-Social-Media-Ads.jpg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

10d0389d0c841c63a9ea8d40f078329fcac168da3089871c495d2e71e4be1505

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"15f21-19229cb2684"
cf-cache-status: HIT
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2024 15:27:12 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b879c7a23a-YYZ
accept-ranges: bytes
content-length: 89889
x-powered-by: Express
server: cloudflare

GET
H2 200 pexels-hillaryfox-1595385.jpg
blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/09/ 14 KB
14 KB 73ms
71ms Image
image/jpeg 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/09/pexels-hillaryfox-1595385.jpg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

37b7b6d278b028c4826ac8a2ed18ec950c57be65090dd1428d329c6e46850b21

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"368d-191c645f541"
age: 1794281
cf-cache-status: HIT
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Fri, 06 Sep 2024 07:39:19 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b879c1a23a-YYZ
accept-ranges: bytes
content-length: 13965
x-powered-by: Express
server: cloudflare

GET
H2 200 5-Signs-That-You-re-Being-Scammed.jpg
blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/09/ 9 KB
9 KB 74ms
73ms Image
image/jpeg 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/09/5-Signs-That-You-re-Being-Scammed.jpg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4aa36adb2ce5dd4c4e0070572b3f5160be57caea3ac35dd32ed872ba5ab97b08

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"2324-191b2308dfc"
age: 2129910
cf-cache-status: HIT
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Mon, 02 Sep 2024 10:03:32 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b879c5a23a-YYZ
accept-ranges: bytes
content-length: 8996
x-powered-by: Express
server: cloudflare

GET
H2 200 How-Fraudsters-Are-Exploiting-WhatsApp-Group-Chats-and-What-You-Need-to-Know-to-Stay-Safe.jpg
blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/08/ 8 KB
8 KB 75ms
74ms Image
image/jpeg 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/08/How-Fraudsters-Are-Exploiting-WhatsApp-Group-Chats-and-What-You-Need-to-Know-to-Stay-Safe.jpg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

912c182e4d41d0f4b069b1b20ce2853b6ffccad7ac794270151e94a16c5c6652

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"20b4-1914a8e8ffd"
age: 3153386
cf-cache-status: HIT
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Tue, 13 Aug 2024 07:05:42 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b879c6a23a-YYZ
accept-ranges: bytes
content-length: 8372
x-powered-by: Express
server: cloudflare

GET
H2 200 Half-of-Travel-Themed-Spam-Messages-Worldwide-Are-Scams-1.jpg
blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/07/ 12 KB
12 KB 70ms
69ms Image
image/jpeg 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/hotforsecurity/content/images/size/w300/2024/07/Half-of-Travel-Themed-Spam-Messages-Worldwide-Are-Scams-1.jpg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

3694e5fac1c4542367cc80b4df25b56171e52f0b3161a278c0476e796a613cea

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"30d5-191046d4062"
age: 4560300
cf-cache-status: HIT
x-content-type-options: nosniff
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Tue, 30 Jul 2024 16:15:54 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8c97f8b879c4a23a-YYZ
accept-ranges: bytes
content-length: 12501
x-powered-by: Express
server: cloudflare

GET
H2 200 cf43f35.css
www.bitdefender.com/blog/_nuxt/css/ 279 B
275 B 85ms
82ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/css/cf43f35.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f2069e4f379291c013b2ac6b33c3770c98737524f80ccdfca1ea8586169622e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"117-191b8116b38"
age: 63612
cf-ray: 8c97f8b889973a09-YYZ
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 03 Sep 2024 13:27:15 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 1264c32.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 50 KB
13 KB 85ms
83ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/1264c32.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

465cd66e99911aaf1331079a14d6ecda320383882092661ce11d2e7f725cd0a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"c7b2-1922def1440"
age: 46911
cf-ray: 8c97f8b8a9b93a09-YYZ
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 b8b5ed9.css
www.bitdefender.com/blog/_nuxt/css/ 106 B
173 B 115ms
113ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/css/b8b5ed9.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a2207e1dfdac97cdf65dce070c145d2f8251b726777b5073bb79308e69e1a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6a-191b8116b38"
age: 63612
cf-ray: 8c97f8b8a9b83a09-YYZ
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 03 Sep 2024 13:27:15 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 cbbe685.modern.js Show response
www.bitdefender.com/blog/_nuxt/ 43 KB
12 KB 86ms
84ms Script
application/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/cbbe685.modern.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/ba6b7d7.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

baac99e1b05b0c9000f294728f2c9d68772152d1ce6595b5538e59d1ea61bc45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"abe8-1922def1440"
age: 46400
cf-ray: 8c97f8b8a9bb3a09-YYZ
date: Fri, 27 Sep 2024 02:12:55 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 10:44:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
79 KB 389ms
83ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82cadae44a738e2e2bf87c6436d64052c51e43790219e82b248cc0f23bb1e145

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 27 Sep 2024 02:12:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 27 Sep 2024 00:12:23 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 79837
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 index.module.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 440 KB
118 KB 300ms
71ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/latest/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

298a826a0ff3cc92b312e768e4739e9b5fd84e097275de128ee0f3f5df2df59b

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=RR3iIw==, md5=K5mk1ipxKJR3cOAyrVbzdw==
etag: "2b99a4d62a7128947770e032ad56f377"
age: 26918
x-goog-stored-content-encoding: gzip
expires: Fri, 26 Sep 2025 18:44:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 120986
date: Thu, 26 Sep 2024 18:44:18 GMT
last-modified: Tue, 17 Sep 2024 11:16:40 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljvmL7gGSOUhAHxWsEp9KZ4guymDsuu-rPpCGDi5RD04_ISgy_fycNxdoYRqWx-6wJzNF9XovTfIsQ
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571800863192
content-length: 120986
server: UploadServer

GET
H2 200 9890752fc19726fc8a394d54a189ae9f.js Show response
euob.ofgreencolumn.com/sxp/i/ 108 KB
40 KB 409ms
72ms Script
text/javascript 2600:9000:2141:2000:d:199b:f700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2141:2000:d:199b:f700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 734cbda90bd006d063fe24ecdf2cb1fde2ec42249874a4ce09e9fd1f35a3cf25

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: "1ae65-U4gV6VIplZgbIzdnaiWx94lQyF4"
age: 39261
via: 1.1 50883ba97150fac6d0b034722524bd0a.cloudfront.net (CloudFront)
expires: Fri, 27 Sep 2024 03:18:35 GMT
x-cache: Hit from cloudfront
content-length: 40312
x-amz-cf-id: xsDN4mjl_iSs2xTgQk9-vjizeiJvtyBaVwdHXaSvoLLx7RFQ00q83g==
date: Thu, 26 Sep 2024 15:18:35 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Caddy
x-amz-cf-pop: JFK50-P10

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 186 B
1 KB 327ms
112ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=341979

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dc0d1858bc1e2eab3856936743cda081ee0cf36b11db4b6aa8e52ef7e287d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 180
x-request-id: b561c017-5501-41ea-a088-46e1a0daf165
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zjpBCeP8LlHfnMv2EFm9Kyaitq9ISdMPZIU97n%2BBa8I5ICKRUXo8fwf8p1FJd1TzEnX4NIDdMZSW%2F6yOtG2geRhOLw3AaBwgCqCWnUlP6Kx9jdMw67cXbhaELUT3T5uSe%2F%2Bv%2FToYVdj3Zurt"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:56 GMT
x-hubspot-correlation-id: b561c017-5501-41ea-a088-46e1a0daf165
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7b8c5dd88-js59n
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8c97f8baa9dbaab9-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 dest5.html
bitdefender.demdex.net/ Frame 23CB 0
0 358ms
95ms Document
text/html 35.153.87.206
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bitdefender.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.153.87.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-153-87-206.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Fri, 27 Sep 2024 02:12:56 GMT
dcs: dcs-prod-va6-1-v064-00ffcd19d.edge-va6.demdex.com 1 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 19 Aug 2024 11:56:50 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: 8hmWE//bST0=

GET
H2 200 id Show response
sstats.bitdefender.com/ 48 B
464 B 500ms
193ms XHR
application/x-javascript 63.140.39.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://sstats.bitdefender.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&mid=00972432539010134110980928487992568616&ts=1727403175873

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.194 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-194.data.adobedc.net

Software

jag /

Resource Hash

01d2dc9ce14427d66816f50571842dd8d418b233a32526881155e3dd0cda2581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
p3p: CP="This is not a P3P policy"
content-length: 48
date: Fri, 27 Sep 2024 02:12:56 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript;charset=utf-8
vary: Origin
server: jag

GET
H2

200

ibs:dpid=411&dpuuid=ZvYUqAAAAF-cXQNx
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=00946041214244135400978854005461703151
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvYUqAAAAF-cXQNx

42 B
714 B

95ms
94ms

Image
image/gif

44.196.169.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvYUqAAAAF-cXQNx

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Server

44.196.169.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-169-18.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-va6-1-v064-005b12f64.edge-va6.demdex.com 3 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: HFI2kbRhR6Q=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvYUqAAAAF-cXQNx
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Fri, 27 Sep 2024 02:12:56 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 354 B
848 B 437ms
110ms XHR
application/json 63.140.39.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=cb206cbcefda4ec0a640d280b0db9983&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.35 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-35.data.adobedc.net

Software

jag /

Resource Hash

ac5d8ea1ae9f63c84d62bf66c76e5b0afa61b77fc886c76360a8aac5fd40195d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 20e2eef6-6758-4841-a428-b82a6c45e7a2
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Fri, 27 Sep 2024 02:12:56 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 642 B
553 B 461ms
134ms XHR
application/json 63.140.39.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=cb206cbcefda4ec0a640d280b0db9983&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.35 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-35.data.adobedc.net

Software

jag /

Resource Hash

329df5c734e6ca6d6019cfa54a2d01730e9fe32166c38db5d9e6ece9f13524ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: b06c58d2-167d-49dc-880e-7c90fce41f8f
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Fri, 27 Sep 2024 02:12:56 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 716 B
606 B 435ms
110ms XHR
application/json 63.140.39.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=cb206cbcefda4ec0a640d280b0db9983&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.35 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-35.data.adobedc.net

Software

jag /

Resource Hash

89da77d6f8ad7491e3bf36a216e0250a3d408d7da043147e7f4801588e68d3a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 4951f49f-dae3-4510-8533-2da512d3144e
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Fri, 27 Sep 2024 02:12:56 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 95 B
1 KB 135ms
134ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=341979&currentUrl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: f233d34e-bcfd-48cf-9963-70e2e95699c7
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3N0z37TdgMpNOvvLdzRKxswKnthXsxT18UmxnCQvYTV6OYZXKSECn2V5XWZIomRjmqVUWkcOmgmJ0Rqh9IjXMp%2FwV7wlli5cJzUVKjdkecNlpZNEWSbRNlfFyE76S%2BMBH23bTSaIph8Bhu%2BJp455N8GD2P6mFRHaZc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:55 GMT
x-hubspot-correlation-id: f233d34e-bcfd-48cf-9963-70e2e95699c7
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-kvbvk
x-envoy-upstream-service-time: 19
access-control-allow-credentials: true
cf-ray: 8c97f8b97d9cb405-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 162ms
161ms Preflight
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=341979&conversations-embed=static-1.18050&mobile=false&messagesUtk=e935208753e448869a9f53cbd917ade9&traceId=e935208753e448869a9f53cbd917ade9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.bitdefender.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8c97f8b99db8b405-YYZ
content-length: 18
content-type: text/plain; charset=utf-8
date: Fri, 27 Sep 2024 02:12:55 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0BOG97xBFgmUMunh3XGqAEvXmZlOF6BRqYPFfIb28a2MazUcD6LUQSP%2BbDqg4WjoWdl6nm5XjPGs4ycKzBQGEn0r7P%2BsPY8Y%2FuQ1Q7TgfumlP0CrAMZ%2FXybfkJRZ%2Ftj4Efv9ZCNRQwoLpcUCvA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7b8c5dd88-xxh5g
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 9f82fbb9-fa90-44cd-867b-98ac10049d81
x-request-id: 9f82fbb9-fa90-44cd-867b-98ac10049d81

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 379 B
1 KB 122ms
121ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

163a52fd5affb6d9ec513503eb56cadc55312d994eadcf2d130b6ff3c3b7822f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Referer: https://www.bitdefender.com/

Response headers

x-request-id: ce3667b0-3ca5-4cd4-9474-7506bea9d124
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nu%2BdPEDOyvMSjUQ93WadFpn6I8WcVT%2FOJvoCwSWpf7yG43ffF873AJBybi8vveQMmCcwuGwc1KSCP86%2F3r2EMn4%2FqnHEr6YEk0tLMjkYZxh32SLSXCN530qEr1KMEU3PydFxSts7segES3hMKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:56 GMT
x-hubspot-correlation-id: ce3667b0-3ca5-4cd4-9474-7506bea9d124
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7b8c5dd88-zhdzd
x-envoy-upstream-service-time: 17
access-control-allow-credentials: false
cf-ray: 8c97f8ba9e74b405-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
content-length: 283
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
911 B 347ms
88ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
x-request-id: 00393568-fd9b-4cdc-8ad1-b71508115ebf
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:56 GMT
x-hubspot-correlation-id: 00393568-fd9b-4cdc-8ad1-b71508115ebf
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Fri, 27 Sep 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-jnbdx
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8c97f8bbfb58a204-YYZ
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 396ms
103ms Script
application/javascript 2600:1408:c400:26::17da:d920
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:26::17da:d920 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=19104
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Fri, 27 Sep 2024 02:12:56 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

POST
H2 204 delivery
starget.bitdefender.com/rest/v1/ 0
98 B 68ms
67ms Ping
text/plain 63.140.39.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=cb206cbcefda4ec0a640d280b0db9983&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.35 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-35.data.adobedc.net

Software

jag /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 3f526694-c3c7-4448-9c49-5690d000a878
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Fri, 27 Sep 2024 02:12:56 GMT
x-xss-protection: 1; mode=block
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
server: jag

GET
H2 200 lib-franklin-api.js Show response
www.bitdefender.com/_src/scripts/ 10 KB
4 KB 103ms
103ms Script
text/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/a6188aa.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd09f73c8c5825ae8c997db0a3170ebcbab108605fb335c985540fb8e24f9bc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/blog/_nuxt/a6188aa.modern.js

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "474fd297e8bbea8dcc33bdcae4460402"
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 30 Aug 2024 10:36:07 GMT
vary: Accept-Encoding
x-cache-hits: 0, 0
x-served-by: cache-iad-kjyo7100049-IAD, cache-iad-kiad7000154-IAD
strict-transport-security: max-age=31557600
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339557.717118,VS0,VE1
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8bc4d3c3a09-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3251
x-auth-state: anonymous
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 326 KB
107 KB 138ms
137ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

111aee1f2f7d102b2100033b1802091e27c1d6e65631a2e4939bf4579311ddfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 27 Sep 2024 02:12:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109563
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 275 KB
95 KB 101ms
101ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7f71ea2ee4a036330835db07da51868a757afd8a10db5625ee2342ac54d3fee5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 27 Sep 2024 02:12:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 27 Sep 2024 00:12:23 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96742
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 225 KB
80 KB 157ms
157ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5165113&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b1f440ed32cd2667105a18eda2dedc969061ef2b2ff0d4c56a4695d8d4377a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 27 Sep 2024 02:12:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 27 Sep 2024 00:12:23 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81850
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 ct Show response
obseu.ofgreencolumn.com/ 4 KB
1 KB 626ms
160ms Script
text/javascript 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/ct?id=71147&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1727403176438&hl=2&op=0&ag=566412661&rand=6470061229906720188520959916020103760641505520637015280058509481576028516629181112788&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDU2MDddLFsiYWJuY2giLDIzXSxbLTgsIi0iXSxbLTM4LCJpLC0xLC0xLDAsMCwxLDAsMzcsMzE2LDc5NCwtMSwwLDEyMzAuNCwxMjMwLjQsMjcyNSwyNzI2Il0sWy01NCwie1wiaFwiOltcIl8zXCIsXCIyODcyODk5MzIwXCIsXCIzNjQ3NTQ5ODE1XCIsXCIzMjE5NDM4OTc5XCJdLFwiZFwiOltdLFwiYlwiOltdLFwic1wiOjF9Il0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTYyLCI4MCJdLFstNjksIkxpbnV4IHg4Nl82NHxHb29nbGUgSW5jLnw4fDQ4fHwwIl0sWy03MCwiLSJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTUsIi0iXSxbLTksIisiXSxbLTE2LCIwIl0sWy0xNywiNDgiXSxbLTI3LCJbMjAwLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy02NywiLSJdLFstMiwiOSxlQUhXWDEvZjNxekN2Ymt1eW1Rd2dsSWFGM3BJc2dJSWpTUSs4aUtncUkwb3NJQWlwRkVFUVJJa1VnZEVRUXBVb0pTQXRDQXFTSDlHeXk3WldaK2VyL2QrZTkyYndzQ1NELzFlIl0sWy00NiwiMCJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0xMywiLSJdLFstMjMsIisiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMDEwMTEwMTAwMDAwMTAiXSxbLTQ4LCIwLDAiXSxbLTYxLCJ7XCJ3Z3NsXCI6XCI0O3BhY2tlZF80eDhfaW50ZWdlcl9kb3RfcHJvZHVjdDt1bnJlc3RyaWN0ZWRfcG9pbnRlcl9wYXJhbWV0ZXJzO3BvaW50ZXJfY29tcG9zaXRlX2FjY2VzcztyZWFkb25seV9hbmRfcmVhZHdyaXRlX3N0b3JhZ2VfdGV4dHVyZXM7XCIsXCJwY2ZcIjpcImJncmE4dW5vcm1cIn0iXSxbLTEsIi0iXSxbLTQsIi0iXSxbLTEwLCItIl0sWy0yMSwiLSJdLFstMjYsIntcInRqaHNcIjoyMTkyMDA4MyxcInVqaHNcIjoxODMzODgxMSxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstMjksIi0iXSxbLTQwLCIzMyJdLFstMTQsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMzAsIltcInZcIiwwXSJdLFstMzUsIlsxNzI3NDAzMTc2MzgzLDddIl0sWy00NCwiMCwwLDAsNSJdLFstNTksImRlZmF1bHQiXSxbLTYwLDIwNF0sWy02NCwiWzAsXCJcIixbXV0iXSxbLTY2LCJnZW9sb2NhdGlvbixjaHVhZnVsbHZlcnNpb25saXN0LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsc2NyZWVud2FrZWxvY2sscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxjaHVhYXJjaCxjb21wdXRlcHJlc3N1cmUsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSx1c2IsY2hzYXZlZGF0YSxwdWJsaWNrZXljcmVkZW50aWFsc2NyZWF0ZSxzaGFyZWRzdG9yYWdlLHJ1bmFkYXVjdGlvbixjaHVhZm9ybWZhY3RvcnMsY2hkb3dubGluayxvdHBjcmVkZW50aWFscyxwYXltZW50LGNodWEsY2h1YW1vZGVsLGNoZWN0LGF1dG9wbGF5LGNhbWVyYSxwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGFjY2VsZXJvbWV0ZXIsY2h1YXBsYXRmb3JtdmVyc2lvbixpZGxlZGV0ZWN0aW9uLHByaXZhdGVhZ2dyZWdhdGlvbixpbnRlcmVzdGNvaG9ydCxjaHZpZXdwb3J0aGVpZ2h0LGxvY2FsZm9udHMsY2h1YXBsYXRmb3JtLG1pZGksY2h1YWZ1bGx2ZXJzaW9uLHhyc3BhdGlhbHRyYWNraW5nLGNsaXBib2FyZHJlYWQsZ2FtZXBhZCxkaXNwbGF5Y2FwdHVyZSxrZXlib2FyZG1hcCxqb2luYWRpbnRlcmVzdGdyb3VwLGNod2lkdGgsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixicm93c2luZ3RvcGljcyxlbmNyeXB0ZWRtZWRpYSxneXJvc2NvcGUsc2VyaWFsLGNocnR0LGNodWFtb2JpbGUsd2luZG93bWFuYWdlbWVudCx1bmxvYWQsY2hkcHIsY2hwcmVmZXJzY29sb3JzY2hlbWUsY2h1YXdvdzY0LGF0dHJpYnV0aW9ucmVwb3J0aW5nLGZ1bGxzY3JlZW4saWRlbnRpdHljcmVkZW50aWFsc2dldCxwcml2YXRlc3RhdGV0b2tlbnJlZGVtcHRpb24saGlkLGNodWFiaXRuZXNzLHN0b3JhZ2VhY2Nlc3Msc3luY3hocixjaGRldmljZW1lbW9yeSxjaHZpZXdwb3J0d2lkdGgscGljdHVyZWlucGljdHVyZSxtYWduZXRvbWV0ZXIsY2xpcGJvYXJkd3JpdGUsbWljcm9waG9uZSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjcsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTcsIi0iXSxbLTE5LCJbMjAsMjAsMjAsMjAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwXSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTMxLCJmYWxzZSJdLFstNDEsIi0iXSxbLTQ5LCItIl0sWy01MCwiLSJdLFstNTgsIi0iXSxbLTcxLCJhMDExMDAxMDEwMDEwMDEwMTAwMDEwMTAwMTExMTEwMTAwMDAxMCJdLFstMjAsIi0iXSxbLTMyLCItIl0sWy0zNCwiLSJdLFstNDcsIkFtZXJpY2EvVmFuY291dmVyLGVuLUdCLGxhdG4sZ3JlZ29yeSJdLFstNTEsIi0iXSxbLTU3LCJXRTBaVjF4T2NWaFhYVlZjU3hjRldsWlVTVXhOWEYwSEdXSllTaGxZU1VsVlFHUVpFVnhQV0ZVWldFMFpCVmhYVmxkQVZGWk1TZ2NaRVFNT0F3Z01DUW9KQVJBVkdRVllWMVpYUUZSV1RFb0hBd2dCQXdvSkVCVllUUmw0UzB0WVFCZEtYQmtSVVUxTlNVb0RGaFpjVEZaYkYxWmZYa3RjWEZkYVZsVk1WRmNYV2xaVUZrcEJTUlpRRmdBQkFBa09EQXRmV2dnQURnc1BYMW9CV0FvQURWME1EVmdJQVFCWVhBQmZGMU5LQXdnRER3RUlEUXdRRlZoTkdVc1pFVkZOVFVsS0F4WVdYRXhXV3hkV1gxNUxYRnhYV2xaVlRGUlhGMXBXVkJaS1FVa1dVQllBQVFBSkRnd0xYMW9JQUE0TEQxOWFBVmdLQUExZERBMVlDQUVBV0E9PSJdLFstMTUsIi0iXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTQ1LCI2MjAsNjc3LDAsMCwwLDU2MiwwLDAsNjQ4LDAsMCwwLDAsMCwwLDAsMCwwLDAsNjg0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy01MiwiLSJdLFstNTUsIjEiXSxbLTY1LCItIl0sWy02OCwiLSJdLFstMjUsIi0iXSxbLTUzLCIxMDAiXSxbImJuY2giLDE1MV0sWy02LCItIl0sWy0xMiwibnVsbCJdLFstMjQsIltdIl0sWy0zMywiLSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNjMsIjAiXSxbImRkYiIsIjAsOSwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwxLDEsMCwwLDAsMCwwLDEsMiwxMywwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMSwwLDAsOCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEiXSxbImNiIiwiMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsOSwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDgsMCwwLDEsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=BlqvsXUYL0&pto=2850&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1727403176.DcOnK6FRxGWFfArH&suid=1.1727403176.mY79czCoAnmuAHd9&tuid=1.1727403176.bjurUSriquPqtgqr&fbc=-&gtm=WyJEQyBBbGxwYWdlcyIsInBhZ2VfdmlldyJd&it=63%2C2223%2C467&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 72aad76476fc26969761cdacd69469c0cd06a107d0d0f4cc5d1b847b6d374fe3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.bitdefender.com
content-encoding: gzip
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-length: 1195
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/javascript

OPTIONS
H2 200 SD1TKlYyWO4GcB.json
api.usercentrics.eu/ruleSet/ Frame 0
0 416ms
192ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/ruleSet/SD1TKlYyWO4GcB.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Sep 2024 02:12:56 GMT
expires: Fri, 27 Sep 2024 02:12:56 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: CA,
x-guploader-uploadid: AD-8ljtKZtMvsw3-rTfRf9bqS8IEG1QnOOtgW0uUZFk5vIyNS_41ge6Fo8TDZv0Vu0qO4vVKIvjQVtpE_A

GET
H2 200 SD1TKlYyWO4GcB.json Show response
api.usercentrics.eu/ruleSet/ 552 B
884 B 66ms
66ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/ruleSet/SD1TKlYyWO4GcB.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a1aa30b8c2998ad91b6d0cd88fa7fa3a4c2a3e79df019cbc504e380f0aef6c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=OfYgNQ==, md5=pEu3r9j/CLIr70/GZQNh5w==
etag: "a44bb7afd8ff08b22bef4fc6650361e7"
age: 796
x-goog-stored-content-encoding: gzip
expires: Fri, 27 Sep 2024 02:29:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 349
x-client-geo-location: CA,
date: Fri, 27 Sep 2024 01:59:40 GMT
last-modified: Wed, 03 Jul 2024 09:20:03 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AD-8ljs4aMBa1M8Ksq849kHKH8rWBmZQ3GPMzHPS4RA4AL6ceBxBXpy4iNpiow4YJqL6fsSa3BsO93vJPQ
strict-transport-security: max-age=7776000
cache-control: public, max-age=1800, s-maxage=1800
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1719998403375993
content-length: 349
server: UploadServer

GET
H2 200 trial-ps-blog.plain.html Show response
www.bitdefender.com/en-us/fragments/blog/tips-and-tricks/ 1 KB
578 B 75ms
73ms Fetch
text/html 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/en-us/fragments/blog/tips-and-tricks/trial-ps-blog.plain.html

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

559a4d157a5daee6dd96efb4962a0d4286adcd4e6a8b3a544eb003151f3e5de6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/html; charset=utf-8
last-modified: Mon, 09 Sep 2024 15:10:20 GMT
x-cache-hits: 0, 0
vary: Accept-Encoding,X-Forwarded-Host
strict-transport-security: max-age=31557600
x-served-by: cache-iad-kcgs7200152-IAD, cache-iad-kiad7000118-IAD
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727340570.341983,VS0,VE2
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8bd0ded3a09-YYZ
access-control-allow-origin: *
x-auth-state: anonymous
server: cloudflare

GET
H2 200 blog-insert.js Show response
www.bitdefender.com/_src/blocks/blog-insert/ 588 B
532 B 76ms
74ms Script
text/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/_src/blocks/blog-insert/blog-insert.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67d2ae1b6a8637040cc72ed0a33357cdd188802fd438191763651e14d98de411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "bda63473d9b810beb42550c64304d36c"
x-cache: MISS, HIT, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 02 Jul 2024 13:16:19 GMT
vary: Accept-Encoding
x-cache-hits: 0, 4, 0
x-served-by: cache-iad-kiad7000086-IAD, cache-iad-kiad7000086-IAD, cache-lga21947-LGA
strict-transport-security: max-age=31557600
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339564.555498,VS0,VE1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8bd0def3a09-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 284
x-auth-state: anonymous
server: cloudflare

GET
H2 200 subscribe-form.plain.html Show response
www.bitdefender.com/en-us/fragments/blog/ 1 KB
799 B 76ms
75ms Fetch
text/html 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/en-us/fragments/blog/subscribe-form.plain.html

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

998e101f849c2c62109805ff62a51352b518a04b4c95f574325beb72ab7b355e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 21 Aug 2024 08:58:18 GMT
x-cache-hits: 0, 0
vary: Accept-Encoding,X-Forwarded-Host
strict-transport-security: max-age=31557600
x-served-by: cache-iad-kcgs7200088-IAD, cache-iad-kiad7000029-IAD
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339564.557447,VS0,VE1
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8bd0df03a09-YYZ
access-control-allow-origin: *
x-auth-state: anonymous
server: cloudflare

GET
H2 200 form-blog.js Show response
www.bitdefender.com/_src/blocks/form-blog/ 5 KB
2 KB 90ms
89ms Script
text/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/_src/blocks/form-blog/form-blog.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28ea2e959f87ed1248ebd584dca5c6efb5b017dc10f00753a380daae9912c348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/_src/scripts/lib-franklin-api.js

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "12bb715439f187e0d71ecca18bf25bd9"
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 30 Aug 2024 10:36:07 GMT
vary: Accept-Encoding
x-cache-hits: 0, 0
x-served-by: cache-iad-kjyo7100040-IAD, cache-iad-kiad7000077-IAD
strict-transport-security: max-age=31557600
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339564.555169,VS0,VE2
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8bd0df13a09-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1884
x-auth-state: anonymous
server: cloudflare

GET
H2 200 rules.json Show response
assets.adobetarget.com/bitdefender/production/v1/ 296 KB
32 KB 554ms
229ms Fetch
application/json 2600:1408:20:6a0::294d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobetarget.com/bitdefender/production/v1/rules.json
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:20:6a0::294d Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 714fa9b9c59a777fef0fafb276241c2abd7f8706b5b5fd703e8de2707c217bf4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-expose-headers: x-geo-country-code, x-geo-region-code, x-geo-city, x-geo-latitude, x-geo-longitude
content-encoding: gzip
etag: "98e29fdddb8adc462dc6588e9e547e3b"
x-amz-version-id: rrG42R1mC7lvsVI4GtWfGgZ.4ZVgiWBj
access-control-allow-methods: GET
x-geo-region-code: QC
date: Fri, 27 Sep 2024 02:12:57 GMT
x-geo-country-code: CA
last-modified: Thu, 26 Sep 2024 08:57:59 GMT
vary: Accept-Encoding
content-type: application/json
x-amz-id-2: 85RyW+bYwdMomHxn5ksKR5vPNZ0mrlektxfmGSy+0ldrEu4fYYr2wbXZUgws0uL4WteBdv015IB/zDqV2ttBBA==
access-control-allow-headers: *
x-amz-replication-status: COMPLETED
cache-control: max-age=60
x-geo-longitude: -73.58
x-amz-request-id: XVBSQ6TD9QV3MMEB
accept-ranges: bytes
access-control-allow-origin: *
x-geo-latitude: 45.50
content-length: 32445
server: AmazonS3
x-geo-city: MONTREAL
x-amz-server-side-encryption: AES256

GET
H2 200 s48070957438136
sstats.bitdefender.com/b/ss/bitdefenderproduction/1/JS-2.27.0-LEWM/ 43 B
309 B 83ms
82ms Image
image/gif 63.140.39.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sstats.bitdefender.com/b/ss/bitdefenderproduction/1/JS-2.27.0-LEWM/s48070957438136?AQB=1&ndh=1&pf=1&t=26%2F8%2F2024%2019%3A12%3A56%204%20420&sdid=045599DE8E716F30-504E4812C64B5B92&mid=00972432539010134110980928487992568616&aamlh=7&ce=UTF-8&pageName=blog%3Ah4s%3Ascam%3Alumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads&g=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&c.&p_fo=3.0&getPercentPageViewed=5.0.2&handlePPVevents=n%2Fa&apl=4.0&inList=3.0&.c&cc=USD&ch=blog&server=www.bitdefender.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=h4s&v1=blog%3Ah4s%3Ascam%3Alumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads&c2=scam&c3=lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads&v3=D%3Dc8&c4=production&v4=D%3Dc9&c5=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&c6=ca&v6=D%3Dc6&c7=en&v7=D%3Dc7&c8=27%2F9%2F2024&c9=19%3A12%7C19%3A00-19%3A59%7Cthursday%7Cgmt%20-7&c12=undefined&c13=highestPercentViewed%3D%20%7C%20initialPercentViewed%3D%20%7C%20foldsSeen%3D%20%7C%20foldsAvailable%3D&v92=D%3Dc5&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&AQE=1

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.194 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-194.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
pragma: no-cache
etag: 3709570075138129920-4618494360408203812
x-content-type-options: nosniff
expires: Thu, 26 Sep 2024 02:12:56 GMT
access-control-allow-origin: *
p3p: CP="This is not a P3P policy"
content-length: 43
date: Fri, 27 Sep 2024 02:12:56 GMT
x-xss-protection: 1; mode=block
last-modified: Sat, 28 Sep 2024 02:12:56 GMT
vary: *
server: jag
content-type: image/gif;charset=utf-8

GET
H2 200 blog-insert.css
www.bitdefender.com/_src/blocks/blog-insert/ 117 B
357 B 69ms
68ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/_src/blocks/blog-insert/blog-insert.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/a5a86e9.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b082bf447eaa2c9d8c1533a04594dc44d38ca167a99c2af9085dc7ed3ea2fcc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "cb18b71849a3dc25a9040c35b89eca7a"
x-cache: MISS, HIT, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:07:08 GMT
vary: Accept-Encoding
x-cache-hits: 0, 3, 0
x-served-by: cache-iad-kjyo7100081-IAD, cache-iad-kjyo7100081-IAD, cache-pdk-kfty2130053-PDK
strict-transport-security: max-age=31557600
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339564.645962,VS0,VE1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8bdded43a09-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 104
x-auth-state: anonymous
server: cloudflare

GET
H2 200 cookie.js Show response
www.bitdefender.com/_src/scripts/utils/ 1 KB
651 B 91ms
90ms Script
text/javascript 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/_src/scripts/utils/cookie.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e7fb4e144a0878ffc68a4c924bc296d280c62fbd03b993a8d6987848fcea57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/_src/blocks/form-blog/form-blog.js

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "c384e6788942d8a26bd46230453ce125"
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 30 Aug 2024 10:36:07 GMT
vary: Accept-Encoding
x-cache-hits: 0, 0
x-served-by: cache-iad-kjyo7100092-IAD, cache-iad-kiad7000022-IAD
strict-transport-security: max-age=31557600
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339564.640378,VS0,VE1
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8be0ef63a09-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 493
x-auth-state: anonymous
server: cloudflare

GET
H2 200 media_1e365a074e88c8c52f7c1f8d2d733f2992af56205.jpeg
www.bitdefender.com/en-us/fragments/blog/tips-and-tricks/ 29 KB
30 KB 70ms
70ms Image
image/webp 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitdefender.com/en-us/fragments/blog/tips-and-tricks/media_1e365a074e88c8c52f7c1f8d2d733f2992af56205.jpeg?width=2000&format=webply&optimize=medium

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c5aa08fa23f45b17d6d2cfe35fb7ce9995f8e543df2575dccdaec093059c681

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

fastly-io-info: ifsz=230106 idim=842x300 ifmt=jpeg ofsz=30186 odim=842x300 ofmt=webp
cf-cache-status: HIT
etag: "wJGrE1hiiETWAguGQRquPCzxK/AChcLbp+etzSEzALM"
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: image/webp
vary: Accept-Encoding
x-cache-hits: 0, 0
x-served-by: cache-iad-kcgs7200076-IAD, cache-iad-kiad7000172-IAD
strict-transport-security: max-age=31557600
fastly-stats: io=1
cache-control: max-age=2592000, must-revalidate
cdn-cache-control: max-age=2592000, must-revalidate
x-timer: S1727340974.897331,VS0,VE4
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8be0ef83a09-YYZ
accept-ranges: bytes
content-length: 30186
fastly-io-served-by: vpop-kiad7010227
x-auth-state: anonymous
server: cloudflare

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 397ms
179ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=359890&time=1727403176632&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.bitdefender.com/

Response headers

content-encoding: gzip
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
access-control-allow-methods: GET, OPTIONS
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: application/json
access-control-allow-headers: *
x-li-pop: afd-prod-lor1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-fs-uuid: 0006231064be4c1fb7862c83a3f1ef7c
x-msedge-ref: Ref A: 06F1BE58B6AC42989A79968CCDD3D0B3 Ref B: YTO01EDGE0519 Ref C: 2024-09-27T02:12:56Z
x-restli-protocol-version: 1.0.0
x-li-uuid: AAYjEGS+TB+3hiyDo/HvfA==
access-control-allow-origin: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1727403176632&li_adsId=040faf29-c662-4b4e-ab30-0792886010d4&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stea...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1727403176632&li_adsId=040faf29-c662-4b4e-ab30-0792886010d4&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-ste...

0
266 B

310ms
109ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1727403176632&li_adsId=040faf29-c662-4b4e-ab30-0792886010d4&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&e_ipv6=AQJXZPHh-1VmzgAAAZIxQLOrVxXDRlUNQy-v4A4SL4IaJYhu2tfF9DczgvFYQAYLNLAegWtCg5M
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F32F3B1AACD349B6A3E0246AC62A5D86 Ref B: YTO01EDGE0807 Ref C: 2024-09-27T02:12:57Z
x-li-fabric: prod-lva1
x-li-uuid: AAYjEGTCz6NjzPnUxp7hTA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1727403176632&li_adsId=040faf29-c662-4b4e-ab30-0792886010d4&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&e_ipv6=AQJXZPHh-1VmzgAAAZIxQLOrVxXDRlUNQy-v4A4SL4IaJYhu2tfF9DczgvFYQAYLNLAegWtCg5M
x-msedge-ref: Ref A: 53B883A788F24A97AAC002DE703AB021 Ref B: YTO01EDGE0507 Ref C: 2024-09-27T02:12:56Z
x-li-fabric: prod-lva1
x-li-uuid: AAYjEGS9ubh3IMk3Y98YdQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 27 Sep 2024 02:12:56 GMT

GET
H2 200 form-blog.css
www.bitdefender.com/_src/blocks/form-blog/ 5 KB
2 KB 68ms
68ms Stylesheet
text/css 2606:4700::6812:1a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/_src/blocks/form-blog/form-blog.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/a5a86e9.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33a1231fdf5d3674b8e9c2f48fc2ba3538f791fd476141ec2d7c9d70cddb984d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "88c063d84432b6203f42add2ebd0721e"
x-cache: MISS, HIT
date: Fri, 27 Sep 2024 02:12:56 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 30 Aug 2024 10:36:07 GMT
vary: Accept-Encoding
x-cache-hits: 0, 0
x-served-by: cache-iad-kcgs7200120-IAD, cache-iad-kiad7000115-IAD
strict-transport-security: max-age=31557600
cache-control: max-age=7200, must-revalidate
cdn-cache-control: max-age=172800, must-revalidate
x-timer: S1727339564.721122,VS0,VE1
via: 1.1 varnish, 1.1 varnish
cf-ray: 8c97f8be7faa3a09-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1515
x-auth-state: anonymous
server: cloudflare

GET
H3 200 languages.json Show response
api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/ 152 B
133 B 183ms
182ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/languages.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0a25589501a065c71010f4b685f20a2a283ba910b374e2ce8148c4fcd623e9a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=4sEJow==, md5=aPmXvSP/EY/QrW9PJ19q/w==
etag: "68f997bd23ff118fd0ad6f4f275f6aff"
age: 0
x-goog-stored-content-encoding: gzip
expires: Fri, 27 Sep 2024 02:13:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 100
x-client-geo-location: CA,
date: Fri, 27 Sep 2024 02:12:57 GMT
last-modified: Wed, 11 Sep 2024 07:57:56 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AD-8ljuD-UY2m4gNo7849AtaYNEUbkuQFWNOSGLiGkmVA1vCNPq6kIsf0_12N7UdE0mwhB03d49QBP44oA
strict-transport-security: max-age=7776000
cache-control: public, max-age=1800, s-maxage=60
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726041476239219
content-length: 100
server: UploadServer

OPTIONS
H2 200 languages.json
api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/ Frame 0
0 208ms
207ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/languages.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Sep 2024 02:12:57 GMT
expires: Fri, 27 Sep 2024 02:12:57 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: CA,
x-guploader-uploadid: AD-8ljsUMiau0o6yePjXvmSPist81JB_7wVLyplwfa1B0MdrDLFk9UjcEpd60drEQlZZcXNpJrEPQYeEYA

GET
H2 200 tc_imp.gif
obseu.ofgreencolumn.com/tracker/ 43 B
102 B 152ms
152ms Image
image/gif 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obseu.ofgreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268e9c335e9468d9b9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59108c692017071a10acf9f29f674084d18a062e3c4fad297100816adb66c05035052ac555080a37550ec2bf394d77be26bb25cb43e2913bf05365a80428721bdb57ee46f497d6da3cbb2807ff7ecaa8556d8e0e3143714493d60262f160b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7278ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82d8e53ac2370a85f1ca7d1042a56369ab914666b889ae21d955f812e18d4cc448d9d36d9a6d279c9a26dc6c90cefab6cdb3f11338ae6bf2fbb9234e2bfb94248ee61bf711135782030ed092cfc9ccf3c830c627d5d3bf856eea716b2583793c849f87556adeff7ca402a8825b9174a17a520455cf39ad0ed7c2a230ae8428c21bf19e93d5608d5c536ab253101c704e7bc0a065a50ac1c1972aa3d164f79323c889e4f26c85bbf510627d84f81152d1a7044d07fea3f339f763cbb641b2b57aeb2dbd60c110cb06cbba6892082de5b280246a6e235c74195614a9e8907e8110bd573d323be4a61dcd921910ecfd8ea8b66ddeffa6a9d0adedb31e0d2ef15594aa4b3ddb516f09843b083068b63bfc6405d0b59025d3378661d2f472dfb21fc769133377530f4fc595ba9f452f47900a5887cfcbede2b90f5ccbeef904c2dd7969c5c00e2e2ba583d33d22b42e995c9d1cff3e9b12dbc80ff9ba32e29894d3984762e8fc3a638276ae91b1ab169f6d281705946b414cb0a35f8aec08d79a93cb48d084803a122a46bd3fb718ad55b69d749133473d5c3c7d7e8c469cd5760ced7dcab5f42bd8c84f8b7073ac107b2a819c827504957783ec58ad6047563bfe433e9ebd942d92032c909712bfdedafd8746da5e542513ec2a4c5595c3462fe54db9a3845cf787e51c416ee62f795c16c50551f898e91a16946272d290815f9b8eff8d3c41f869fa420a178819623dc7cc1603cb80f1dc89df0ff378e237c72fc1931090bcbc7a4bb0d51186c7e1eca6a681946b1c9eec2749896bc7488f54e2e722b4dd8d8820a08cd4e4e90626c1a3f4f440c25d9440563f507ac09025248326b90cc78037b10577a13e0b8c22b98d7c7db9752f5216dee6d22d99c907742c5526d1c3cfebd13a9c10bcab2e2ccfc16f48791d366a64ba7de4e97101affb9390a9&cri=BlqvsXUYL0&ts=637&cb=1727403177075
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
date: Fri, 27 Sep 2024 02:12:57 GMT
pragma: no-cache
content-type: image/gif

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
201 B 73ms
71ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 2762CECECEF545818B1DC6359DD2D1E4 Ref B: YTO01EDGE0507 Ref C: 2024-09-27T02:12:57Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYjEGTEjD+5ZLhvxLHTww==
x-li-proto: http/2
access-control-allow-origin: https://www.bitdefender.com
x-cache: CONFIG_NOCACHE
date: Fri, 27 Sep 2024 02:12:56 GMT
vary: Origin

GET
H/1.1 200
OK 1.gif
imgsct.cookiebot.com/ 35 B
744 B 469ms
185ms Image
image/gif 2600:1408:ec00:286::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=4a55b566-7010-4633-9b03-7ba7735be0b6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:286::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
Access-Control-Expose-Headers: *
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
ETag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35
Date: Fri, 27 Sep 2024 02:12:57 GMT
Last-Modified: Mon, 23 Oct 2023 11:39:32 GMT
Content-Type: image/gif
X-GUploader-UploadID: AD-8ljt7GPtPAjd0mpYDtT3tHyCNQKOBXzAHCpOhmpcHela4GeiOuyOXQb_B_Ub3wtTWn5pq1kzGJvqD3Q
Cache-Control: public,max-age=1800
x-goog-storage-class: STANDARD
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
x-goog-generation: 1698061172769999
Content-Length: 35
Server: UploadServer

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 343ms
93ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

979d977217c7032b1cd864c0b65ce5d4ff834aa9ca116198873299b5a60cfc9a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Fri, 27 Sep 2024 02:12:57 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: GOOD; q=0.7, rtt=100, rtx=0, c=23, mss=1232, tbw=5673, tp=10, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: KPmtf8N+Cb+tx+k5vt467bMgLslEdC0F0AejujxfqIKhbECVE2Bk5w3np8t/NF+9XorQ+upQ7bTYQeabC+LDtg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59070
x-xss-protection: 0

GET
H2 200 341979.js Show response
js-na1.hs-scripts.com/ 3 KB
756 B 103ms
62ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/341979.js

Requested by

Host: js.hs-analytics.net
URL: https://js.hs-analytics.net/analytics/1727403000000/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f54ff2c4df8195bd0b7982698e9285978441405263df5e03e6ff4f1b7f037a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 3600
x-request-id: 51c2a20a-c9f2-42e8-abde-7c4ae4d05698
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 2392
x-content-type-options: nosniff
cf-polished: origSize=2950
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:57 GMT
x-hubspot-correlation-id: 51c2a20a-c9f2-42e8-abde-7c4ae4d05698
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Fri, 27 Sep 2024 01:03:32 GMT
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7b8c5dd88-k2vfn
x-envoy-upstream-service-time: 6
access-control-allow-credentials: true
cf-ray: 8c97f8c28a4a5497-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 363ms
125ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-ca&bfp=2022627939&v=1.1&a=341979&rcu=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&pu=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&t=Lumma+Stealer+Campaign+Targets+League+of+Legends+World+Championship+Fans+Through+Social+Media+Ads&cts=1727403177297&vi=26d33c86e42ab0e1a9f09a80b773db82&nc=true&u=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&b=27765283.1.1727403177294&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
x-request-id: fe8ee9d0-e80d-4d90-b1f1-7cd5fea8778c
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUthLF77s2jtJFU5%2BkvU2lV05YpH%2FdmW3j6WwRP81Dg9171MKYSD8ITinDkoyEoLhVvo9OV%2F5CFlIvjyexZ1eR77rHojj0NaiKS7lJ5W5%2FaVL4kgIvdwZ5bxDc2tHLtNJBhKvMKIReK%2BnPQpS6IY"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Fri, 27 Sep 2024 02:12:57 GMT
x-hubspot-correlation-id: fe8ee9d0-e80d-4d90-b1f1-7cd5fea8778c
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-h45mc
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8c97f8c3be4fab09-YYZ
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 favicon-32x32.png
download.bitdefender.com/resources/images/favicon/ 568 B
761 B 834ms
242ms Other
image/png 2600:1403:9c00:34::6859:aad3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://download.bitdefender.com/resources/images/favicon/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1403:9c00:34::6859:aad3 Miami, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

fab8294d35a12278bfd9179ac66940d6d77145b986fc04e5826a8521f7aa1d49

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN *.bitdefender.com

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=2256
etag: "53bea05c-238"
expires: Fri, 27 Sep 2024 02:50:34 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 568
date: Fri, 27 Sep 2024 02:12:58 GMT
last-modified: Thu, 10 Jul 2014 14:17:00 GMT
content-type: image/png
server: nginx
x-frame-options: SAMEORIGIN *.bitdefender.com

GET
H3 200 en.json Show response
api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/ 41 KB
9 KB 289ms
288ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/en.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

3cb177f423462d1c624920c75255eb2bc754d829ef3cda5fd3e1292474e9c8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=6TjoaQ==, md5=KNEaT/cle1gvXkYmnCvjvA==
etag: "28d11a4ff7257b582f5e46269c2be3bc"
age: 0
x-goog-stored-content-encoding: gzip
expires: Fri, 27 Sep 2024 02:13:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 8772
x-client-geo-location: CA,
date: Fri, 27 Sep 2024 02:12:57 GMT
last-modified: Wed, 11 Sep 2024 07:57:56 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AD-8ljul6Be2BvtTwm-sx4VGzY3D5oRb1TamkNbH4Tffa9214Op6WNoM_VqpUegRg6Fkf_xds1kUwTzIYQ
strict-transport-security: max-age=7776000
cache-control: public, max-age=1800, s-maxage=60
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726041476182998
content-length: 8772
server: UploadServer

OPTIONS
H3 200 en.json
api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/ Frame 0
0 214ms
213ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/en.json

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Sep 2024 02:12:57 GMT
expires: Fri, 27 Sep 2024 02:12:57 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: CA,
x-guploader-uploadid: AD-8ljuMTWgNsb8IryYPfyxNscIVrbRPyrKWPgmfNETnHZfPDBWV1Y0P9HskDaMCAJ9sM4T-MxAvMxS2Hw

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 203ms
158ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=341979&utk=26d33c86e42ab0e1a9f09a80b773db82&__hstc=27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1&__hssc=27765283.1.1727403177294&currentUrl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a1d2a63253105790e272b960aa8d888108c9822cc05e1211d188919aa9c0eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: b072fbde-0b7c-4f08-92af-dc6b7bd9973c
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ezBZYA8jT4govle3E1bx9TwGyl7P7Vgv767yRgJmseiMHx4g%2BS3bgOWOdRdZRRipLHZ%2BBAD7vbiaEjXxfkw9TJw9F%2FKfcxrQz5ONYAkhCyhEyZidpn4lXzgJRJRyDOee9cqNIKV0IHqPlCvrYq01"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Fri, 27 Sep 2024 02:12:57 GMT
x-hubspot-correlation-id: b072fbde-0b7c-4f08-92af-dc6b7bd9973c
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-qcrds
x-envoy-upstream-service-time: 36
access-control-allow-credentials: false
cf-ray: 8c97f8c2fe11b405-YYZ
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 136759154343249 Show response
connect.facebook.net/signals/config/ 77 KB
15 KB 142ms
141ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/136759154343249?v=2.9.168&r=stable&domain=www.bitdefender.com&hme=3ba426d944c98eb3ce406a0f93fc097d0320a486b65b445a33b2eda3a5aa3429&ex_m=70%2C119%2C105%2C109%2C61%2C4%2C98%2C69%2C16%2C95%2C87%2C51%2C54%2C170%2C173%2C185%2C181%2C182%2C184%2C29%2C99%2C53%2C76%2C183%2C165%2C168%2C178%2C179%2C186%2C129%2C41%2C34%2C141%2C15%2C50%2C192%2C191%2C131%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C91%2C17%2C14%2C94%2C90%2C89%2C106%2C52%2C108%2C39%2C107%2C30%2C92%2C26%2C166%2C169%2C138%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C74%2C100%2C27%2C75%2C9%2C8%2C79%2C48%2C21%2C102%2C101%2C103%2C96%2C10%2C20%2C3%2C38%2C19%2C84%2C56%2C82%2C33%2C73%2C0%2C93%2C32%2C81%2C86%2C47%2C46%2C85%2C37%2C5%2C88%2C80%2C44%2C35%2C83%2C2%2C36%2C63%2C42%2C104%2C45%2C78%2C68%2C110%2C60%2C59%2C31%2C97%2C58%2C55%2C49%2C77%2C72%2C24%2C111

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f3bd36f2edde99ff454009b70c0374c56b22adf83c0f61a6db04876c30c886aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Fri, 27 Sep 2024 02:12:57 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: GOOD; q=0.7, rtt=107, rtx=0, c=74, mss=1232, tbw=68409, tp=63, tpl=0, uplat=77, ullat=0
pragma: public
x-fb-debug: hkyeFDBY6ygr6AplFvsXrJYjEj4RCGjEtY/cl8OKT3yku/0Na/AkmL+8iWbekZk21ChF0CERnFxbcerZxk54UQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 cross-domain-bridge.html
app.usercentrics.eu/browser-sdk/4.38.4/ Frame DA91 0
0 251ms
48ms Document
text/html 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-sdk/4.38.4/cross-domain-bridge.html

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type Content-Length Transfer-Encoding
age: 831020
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=2592000, no-transform
content-encoding: gzip
content-length: 1142
content-type: text/html
date: Tue, 17 Sep 2024 11:22:38 GMT
etag: "2d333d3b78deeab0a42fc5c2c41494f3"
expires: Thu, 17 Oct 2024 11:22:38 GMT
last-modified: Tue, 17 Sep 2024 11:16:17 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-goog-generation: 1726571777870300
x-goog-hash: crc32c=3Fb7rA== md5=LTM9O3je6rCkL8XCxBSU8w==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1142
x-guploader-uploadid: AD-8ljtQHLk9mOFXIU3029fQT772XBK0T75vVranE1KMKsUQTOdq8wzaaAEfQVvYmFPHkj7nWDfTGtu76A

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 350ms
122ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136759154343249&ev=PageView&dl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&rl=&if=false&ts=1727403177950&sw=1600&sh=1200&ud[external_id]=26d33c86e42ab0e1a9f09a80b773db82&v=2.9.168&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1727403177947.63688246120617014&cs_est=true&ler=empty&cdl=API_unavailable&it=1727403177781&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1392, tbw=2794, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
4 KB 351ms
123ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=136759154343249&ev=PageView&dl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&rl=&if=false&ts=1727403177950&sw=1600&sh=1200&ud[external_id]=26d33c86e42ab0e1a9f09a80b773db82&v=2.9.168&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1727403177947.63688246120617014&cs_est=true&ler=empty&cdl=API_unavailable&it=1727403177781&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419140157456488422"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: GABQMax+yABOCSknWxYTVUTIdsvhnftzUg/XCiyWBanh7gyWnU+hTn7+ieJ73Aphe6w7N89hK91A3MqWvb2R4w==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419140157456488422", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1392, tbw=3112, tp=-1, tpl=-1, uplat=40, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'wasm-unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
150 B 177ms
176ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
16 B 269ms
267ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 1px.png
app.usercentrics.eu/session/ 489 B
817 B 48ms
47ms Image
image/png 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.usercentrics.eu/session/1px.png?settingsId=GKbE5wIoT1zsTY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw==
etag: "3702ada73b8951017b8451cbd6a96523"
age: 1149
x-goog-stored-content-encoding: gzip
expires: Fri, 27 Sep 2024 02:23:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 522
date: Fri, 27 Sep 2024 01:53:49 GMT
last-modified: Fri, 08 May 2020 09:06:13 GMT
content-type: image/png
x-guploader-uploadid: AD-8lju60bF7qVVlcl4XnNr_6hxW3pRDVyemAqdds7HwDg-XOeAdmsTU1rmt5v-cJtoIliRcrL0
strict-transport-security: max-age=7776000
cache-control: public,max-age=1800,no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
x-goog-generation: 1588928773413784
content-length: 522
server: UploadServer

GET
H3 200 DefaultData-fa10cf7f-3d7db9aa.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 2 KB
1001 B 49ms
49ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/DefaultData-fa10cf7f-3d7db9aa.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fcf4ad57046af8b44b9f85d4398ca15757c54cdbdecfdfdf438266ff0bd996f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=j+hIPg==, md5=NDxaIzD766ddVhnL30v1Xg==
etag: "343c5a2330fbeba75d5619cbdf4bf55e"
age: 277758
x-goog-stored-content-encoding: gzip
expires: Tue, 23 Sep 2025 21:03:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 970
date: Mon, 23 Sep 2024 21:03:40 GMT
last-modified: Tue, 17 Sep 2024 11:16:30 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljtTvpb4Mb-bGMBO5N6EOXDpMqnc6ASWN9ioN77SQUpUz45_BMc2dQkHnIWFivzb8FUiNvkaIvjuyw
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571790674421
content-length: 970
server: UploadServer

GET
H3 200 translations-en.json Show response
api.usercentrics.eu/translations/ 7 KB
2 KB 57ms
57ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-en.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

293c213205cd107ec18a50ae1f8a7b79915117d162cc58701a575def7c295d39

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=8/rfvQ==, md5=3gvV2wFCHwyIlwHnbgqquQ==
etag: "de0bd5db01421f0c889701e76e0aaab9"
age: 41453
x-goog-stored-content-encoding: gzip
expires: Fri, 27 Sep 2024 14:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2491
x-client-geo-location: CA,
date: Thu, 26 Sep 2024 14:42:05 GMT
last-modified: Tue, 03 Sep 2024 11:32:31 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AD-8ljsNaq0ABXx6kvZxWiZ6RE0pvuD4N3523Jh52aZNloiwSpzS9kw7KE2v-hmjJ5epBTW--0M
strict-transport-security: max-age=7776000
cache-control: public, max-age=86400, s-maxage=86400
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1725363151058862
content-length: 2491
server: UploadServer

OPTIONS
H3 200 translations-en.json
api.usercentrics.eu/translations/ Frame 0
0 180ms
180ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-en.json

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Sep 2024 02:12:58 GMT
expires: Fri, 27 Sep 2024 02:12:58 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: CA,
x-guploader-uploadid: AD-8ljvYuIgQ1bxFHez-7Mv2yGnqH3ZA3aI9asXGl865Yh79GBz5tlrM7u9-yIfh1RNPfl3UBEJEHFKYqQ

GET
H3 200 DefaultUI-efcc91c9-fa5e06dd.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 2 KB
786 B 55ms
54ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/DefaultUI-efcc91c9-fa5e06dd.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

951c5b7cb6a0af9d32789f92b5eb25132c18386fe8a5d09a727b337b4e01b204

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=WngRyw==, md5=sLfPEjPIk0acr3y/MUVWDg==
etag: "b0b7cf1233c893469caf7cbf3145560e"
age: 130475
x-goog-stored-content-encoding: gzip
expires: Thu, 25 Sep 2025 13:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 755
date: Wed, 25 Sep 2024 13:58:23 GMT
last-modified: Tue, 17 Sep 2024 11:16:31 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljser1V9LLitwoX_sZCEELVrx0wLYgm__wuMrcpoceavvG1WgBNwU25PbHC5BFYLLC-0Qdxuj0sUAA
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571791147992
content-length: 755
server: UploadServer

GET
H3 200 FirstLayerCustomization-de8ec6f3-0ed66d66.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 3 KB
1 KB 52ms
51ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/FirstLayerCustomization-de8ec6f3-0ed66d66.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

5fe64b723a7e2217982ad21b77d62cf63af26f869ff996b0b4cd4d56fd0bd9c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.55.0/DefaultUI-efcc91c9-fa5e06dd.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=mhk/4w==, md5=wuky1NGwJAFGMPIr2BeqOw==
etag: "c2e932d4d1b024014630f22bd817aa3b"
age: 532118
x-goog-stored-content-encoding: gzip
expires: Sat, 20 Sep 2025 22:24:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1077
date: Fri, 20 Sep 2024 22:24:20 GMT
last-modified: Tue, 17 Sep 2024 11:16:31 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljv7EO3ZMTHlTp6KUf8Vax_faRlmLTyY1Ysl61UHzWckSPtD8Cc55OsOv3ox7pV-yu-UgHoxduDGQA
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571791639026
content-length: 1077
server: UploadServer

GET
H3 200 ButtonsCustomization-5698ac85-5d43b15f.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 473 B
267 B 65ms
65ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/ButtonsCustomization-5698ac85-5d43b15f.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ebbf51132ac80c2070995d82e1b1237526521386eaced499d94c36a05804141f

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.55.0/DefaultUI-efcc91c9-fa5e06dd.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=j4Bobw==, md5=gQ7iplowK1+IDjoA6EDWzg==
etag: "810ee2a65a302b5f880e3a00e840d6ce"
age: 645597
x-goog-stored-content-encoding: gzip
expires: Fri, 19 Sep 2025 14:53:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 236
date: Thu, 19 Sep 2024 14:53:01 GMT
last-modified: Tue, 17 Sep 2024 11:16:29 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljvOPIVFW0nU5TjN-jdPpcTNq9XIHzVUR1P007xlsV0t7_DNdycECQyE8h_c-qKLEVEmbWvN2fUgiA
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571789485759
content-length: 236
server: UploadServer

GET
H3 200 SecondLayerUI-2d936468-4fd84b50.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 567 B
354 B 65ms
65ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/SecondLayerUI-2d936468-4fd84b50.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8395d72ab340a6fb7923d93b019bffa5570553f6762dc56eeb4e5ee603ae3dda

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.55.0/DefaultUI-efcc91c9-fa5e06dd.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=hi33HQ==, md5=5G75GCCB1bWp29wfCyADbQ==
etag: "e46ef9182081d5b5a9dbdc1f0b20036d"
age: 73544
x-goog-stored-content-encoding: gzip
expires: Fri, 26 Sep 2025 05:47:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 318
date: Thu, 26 Sep 2024 05:47:14 GMT
last-modified: Tue, 17 Sep 2024 11:16:33 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljt9x65n1cmisfUfK-XHpngqq_AjWdLJ1SfQr2I4e9VHIIkLVPtCO0vLz05z_ahVLD6KVlEFVxdGrw
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571793026898
content-length: 318
server: UploadServer

GET
H3 200 Taglogger-ece90602-40fbde48.js Show response
app.usercentrics.eu/browser-ui/3.55.0/ 1 KB
727 B 99ms
99ms Script
text/javascript 2600:1901:0:5987::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.55.0/Taglogger-ece90602-40fbde48.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fab5cda5682da8425e7110db62aa4c2163e2bbd8e2eec76139e3b1451520fa92

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=M0IwDQ==, md5=5MIOZoADhQMeyj528R2aMw==
etag: "e4c20e66800385031eca3e76f11d9a33"
age: 646078
x-goog-stored-content-encoding: gzip
expires: Fri, 19 Sep 2025 14:45:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 687
date: Thu, 19 Sep 2024 14:45:00 GMT
last-modified: Tue, 17 Sep 2024 11:16:33 GMT
content-type: text/javascript
x-guploader-uploadid: AD-8ljuft8qXx9_JU0ek6QwfVGcl-cUZnD3Bj9ZvSl9A5Z7ky91fsr-xRFQT0rU59PyqMc5YuHu8-0682w
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1726571793504496
content-length: 687
server: UploadServer

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 373ms
100ms Fetch
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-6M0GWNLLWF&gtm=45je49p0v869430580za200zb9190968901&_p=1727403175792&gcs=G100&gcd=13p3p3p3p5l1&npa=1&dma_cps=-&dma=0&tag_exp=101671035~101747727&gdid=dMWZhNz&cid=1019379328.1727403179&ecid=1613315885&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&ec_mode=a&_eu=EA&_s=1&uid=&dl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&sid=1727403176&sct=1&seg=0&dt=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=&ep.anonymize_ip=true&ep.geoRegion=ca&ep.pageSubSection=h4s&ep.login_status=false&ep.source=&ep.medium=&ep.cid=&ep.page_name=blog%3Ah4s%3Ascam%3Alumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads&ep.fingerprint=&ep.siteSection=blog&ep.pageSubSubSection=scam&tfd=5056
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitdefender.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: text/plain
server: Golfe2

GET
H2

200

src=5165113;dc_pre=CJTN-aaG4ogDFZzU_QUdRuEoCw;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=5165113;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targe...
https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CJTN-aaG4ogDFZzU_QUdRuEoCw;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecur...

42 B
118 B

188ms
186ms

Image
image/gif

172.217.197.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CJTN-aaG4ogDFZzU_QUdRuEoCw;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G100;gcd=13p3p3p3p5l1;dma_cps=-;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F?

Protocol

Server

172.217.197.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CJTN-aaG4ogDFZzU_QUdRuEoCw;type=na-c;cat=allpages;ord=8364749502074;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G100;gcd=13p3p3p3p5l1;dma_cps=-;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F?
pragma: no-cache
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

POST
H3 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
64 B 429ms
88ms Ping
image/gif 2607:f8b0:400d:c0f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p3p5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&dma_cps=-&dma=0&npa=1&gtm=45fe49p0v9190968901za200&gdid=dMWZhNz&frm=0

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::9b Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

OPTIONS
H2 204 3
consent-api.service.consent.usercentrics.eu/consent/uw/ Frame 0
0 432ms
176ms Preflight
text/html 2600:1901:0:1e38::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-api.service.consent.usercentrics.eu/consent/uw/3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:1e38:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-origin,content-type,x-request-id
Access-Control-Request-Method: POST
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: access-control-allow-origin,content-type,x-request-id
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 27 Sep 2024 02:12:58 GMT
server: Google Frontend
strict-transport-security: max-age=7776000
vary: Origin, Access-Control-Request-Headers
via: 1.1 google
x-cloud-trace-context: 679f8bf133bb569e016edf2a30f11226

POST
H2 201 3 Show response
consent-api.service.consent.usercentrics.eu/consent/uw/ 0
87 B 211ms
203ms Fetch
text/html 2600:1901:0:1e38::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-api.service.consent.usercentrics.eu/consent/uw/3

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:1e38:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

X-Request-ID: c1187163-8649-4b32-bd0a-da599aa3d984
Access-Control-Allow-Origin: *
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
content-type: application/json

Response headers

strict-transport-security: max-age=7776000
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
x-cloud-trace-context: 8b42354ed1acd1cbbe852a26ac064e69
vary: Origin
server: Google Frontend
content-type: text/html

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/ 6 KB
2 KB 497ms
175ms Script
text/javascript 2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/?random=1727403178668&cv=11&fst=1727403178668&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b30aedc0ccbf238498bccdc2d3ed392ac43cba99b43d5a1599b9df936badc7dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2493
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/ 6 KB
2 KB 479ms
163ms Script
text/javascript 2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/?random=1727403178674&cv=11&fst=1727403178674&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2642840abb45a0d3e03e21162325fedd5b42f34d155148bc6136a394bfcf8686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2497
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11315736573/ 6 KB
2 KB 495ms
180ms Script
text/javascript 2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11315736573/?random=1727403178679&cv=11&fst=1727403178679&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dab18f680009dc6a00f3cd6309dcade1ef6bd4f3f36b52e9aa3466042908122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2499
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11315736573/ 6 KB
2 KB 496ms
183ms Script
text/javascript 2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11315736573/?random=1727403178680&cv=11&fst=1727403178680&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

697b7db635fa5788c1210e5732e1ea3d5ce8abfd8cfda04759202b36d42fafcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2499
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/ 6 KB
2 KB 417ms
106ms Script
text/javascript 2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/?random=1727403178683&cv=11&fst=1727403178683&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f366807930c205c2dfd9124091c4d2b8ebe9f7d57e66b0eddeb63dac1a171d83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2498
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 1040562098
td.doubleclick.net/td/rul/ Frame 2078 0
0 385ms
99ms Document
text/html 2607:f8b0:400d:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/1040562098?random=1727403178683&cv=11&fst=1727403178683&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 1790
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 27 Sep 2024 02:12:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/ 6 KB
2 KB 456ms
151ms Script
text/javascript 2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/?random=1727403178687&cv=11&fst=1727403178687&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f90ba9e182c28a0dd25dfbfb75f50b1b993414f9f992e96143c2f5ff34fbe336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2495
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 1040562098
td.doubleclick.net/td/rul/ Frame 061E 0
0 394ms
113ms Document
text/html 2607:f8b0:400d:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/1040562098?random=1727403178687&cv=11&fst=1727403178687&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 1788
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 27 Sep 2024 02:12:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-c...
td.doubleclick.net/td/fls/rul/ Frame 0E56 0
0 373ms
98ms Document
text/html 2607:f8b0:400d:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=755731020.1727403179;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-5165113&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 1562
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 27 Sep 2024 02:12:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-ste...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurit...

42 B
64 B

169ms
169ms

Ping
image/gif

2607:f8b0:400d:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&dma=0&npa=0&gtm=45fe49p0v9190968901za200&auid=755731020.1727403179&gdid=dMWZhNz&frm=0

Protocol

Server

2607:f8b0:400d:c04::9d Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5l1&tag_exp=101671035~101747727&rnd=1450363842.1727403179&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&dma=0&npa=0&gtm=45fe49p0v9190968901za200&auid=755731020.1727403179&gdid=dMWZhNz&frm=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect
analytics.google.com/g/ 0
0 385ms
100ms Fetch
text/plain 2607:f8b0:4004:c08::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-6M0GWNLLWF&gtm=45je49p0v869430580za200zb9190968901&_p=1727403175792&_gaz=1&gcs=G111&gcu=1&gcd=13r3r3r3r5l1&npa=0&dma=0&tag_exp=101671035~101747727&gdid=dMWZhNz.dOThhZD&gcut=3&cid=1019379328.1727403179&ecid=1613315885&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=2&uid=&sid=1727403176&sct=1&seg=0&dl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&dt=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&en=user_engagement&ep.optimize_id=&ep.anonymize_ip=true&ep.ga_temp_client_id=1019379328.1727403179&_et=61&tfd=5122
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitdefender.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
548 B 441ms
133ms Ping
text/plain 2607:f8b0:400d:c0f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6M0GWNLLWF&cid=1019379328.1727403179&gtm=45je49p0v869430580za200zb9190968901&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c0f::9c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitdefender.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 447E 0
0 360ms
96ms Document
text/html 2607:f8b0:400d:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-6M0GWNLLWF&gacid=1019379328.1727403179&gtm=45je49p0v869430580za200zb9190968901&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=1189962478

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c01::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 27 Sep 2024 02:12:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-o...
https://ad.doubleclick.net/activity;dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma...
https://adservice.google.com/ddm/fls/z/dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flu...

42 B
63 B

918ms
546ms

Image
image/gif

2607:f8b0:400d:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=*;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F

Protocol

Server

2607:f8b0:400d:c07::9b Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:13:00 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/dc_pre=CJ7ZkKeG4ogDFUgOTwgdNbI7Jw;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=*;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H3 200 activity;register_conversion=1;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-leg...
ad.doubleclick.net/ 0
22 B 373ms
251ms Image
image/png 172.253.122.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=5165113;type=na-c;cat=allpages;ord=9017770091885;npa=0;u2=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F;gdid=dMWZhNz;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gcu=1;auiddc=755731020.1727403179;ps=1;pcor=1900476510;gtm=45fe49p0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101671035~101747727;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f149.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"17507291305092290874"}],"aggregatable_trigger_data":[{"filters":[{"14":["2831056"]}],"key_piece":"0xc7ded68fb048f8bf","source_keys":["12","13","14","15","16","17","18","19","20","21","18853076","18853077","18853078","18853079","20449812","20449813","20449814","20449815","22088680","22088681","22088682","22088683","22932268","22932269","22932270","22932271","628496680","628496681","628496682","628496683","628738860","628738861","628738862","628738863","628893860","628893861","628893862","628893863","638468528","638468529","638468530","638468531","640925924","640925925","640925926","640925927"]},{"key_piece":"0x2624a72b5f1b5d21","not_filters":{"14":["2831056"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18853076","18853077","18853078","18853079","20449812","20449813","20449814","20449815","22088680","22088681","22088682","22088683","22932268","22932269","22932270","22932271","628496680","628496681","628496682","628496683","628738860","628738861","628738862","628738863","628893860","628893861","628893862","628893863","638468528","638468529","638468530","638468531","640925924","640925925","640925926","640925927"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18853076":34,"18853077":34,"18853078":34,"18853079":3345,"19":65,"20":65,"20449812":34,"20449813":34,"20449814":34,"20449815":3345,"21":6356,"22088680":65,"22088681":65,"22088682":65,"22088683":6356,"22932268":32,"22932269":32,"22932270":32,"22932271":3177,"628496680":32,"628496681":32,"628496682":32,"628496683":3177,"628738860":32,"628738861":32,"628738862":32,"628738863":3177,"628893860":32,"628893861":32,"628893862":32,"628893863":3177,"638468528":36,"638468529":36,"638468530":36,"638468531":3530,"640925924":34,"640925925":34,"640925926":34,"640925927":3345},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"6537695072953270871","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"17507291305092290874","filters":[{"14":["2831056"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"17507291305092290874","filters":[{"14":["2831056"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"17507291305092290874","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"17507291305092290874","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["5165113"]}}
content-type: image/png
x-xss-protection: 0
server: cafe

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 507ms
198ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6M0GWNLLWF&cid=1019379328.1727403179&gtm=45je49p0v869430580za200zb9190968901&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1085823365

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 RC38554e1d609e4fba82fd1a7d64e0c4fd-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 870 B
752 B 85ms
85ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC38554e1d609e4fba82fd1a7d64e0c4fd-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 2b961509132c08044e387c124645336947ea3ddd14c1dd2aa02684ba0a9587d7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:58 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 493
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 hotjar-37798.js Show response
static.hotjar.com/c/ 20 KB
7 KB 418ms
129ms Script
application/javascript 52.84.18.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-37798.js?sv=6

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.84.18.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-84-18-67.ord53.r.cloudfront.net

Software

Resource Hash

c47d81e9c2e91dee628d62db2890300e6fa48d6a1af864b8f40cb0f7889690a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
etag: W/c08bab71629cdd3292efa959d541bd1b
age: 41
x-content-type-options: nosniff
x-cache-hit: 1
x-cache: Hit from cloudfront
x-amz-cf-id: ajOR7OZvTUXcbUG8Ji2d7IuOzc3nsRQJ62GtJevwJhwXuECWgQ7m5Q==
date: Fri, 27 Sep 2024 02:12:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
via: 1.1 1641e07511c8f092416a0636bcfb6372.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: ORD53-C2

GET
H2 200 RCc9985e39ac1a4eac9a81593fa8dd4eb3-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 1 KB
976 B 77ms
76ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCc9985e39ac1a4eac9a81593fa8dd4eb3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0b42f5fc9fdeb7f339a89cd8f247e6f96e1cf0ad60ce0ede77e2e48e4890b259

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:58 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 717
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 RC04a791acf2cc461f99983b3870a108eb-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 690 B
694 B 109ms
109ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC04a791acf2cc461f99983b3870a108eb-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 86f1803a5904d8da3fa87b934c8b92ee22432ff830d6855ad61f19e00c976f1a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:58 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 435
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
15 KB 576ms
154ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "803483b3aaadb1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF582828CAFC497C9279648572A84166 Ref B: YTO01EDGE0721 Ref C: 2024-09-27T02:12:59Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14402
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
vary: Accept-Encoding

GET
H2 200 RCf606fb6930ae4c3f9500524beb70c59a-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 860 B
748 B 106ms
106ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCf606fb6930ae4c3f9500524beb70c59a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 68bf6234be80a74ffd1dcd5206e5bceca1e6b6fe6c6ee393411283052375bb3a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:58 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 489
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET events.js
analytics.tiktok.com/i18n/pixel/ 0
0

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 412ms
125ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15412
date: Fri, 27 Sep 2024 02:12:59 GMT
x-tw-cdn: FT
last-modified: Fri, 15 Mar 2024 03:07:08 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000160-IAD
x-amz-server-side-encryption: AES256

GET
H2 200 RC462f2d04fb5e49cca2f3d2d10bac9a0c-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 594 B
630 B 76ms
76ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC462f2d04fb5e49cca2f3d2d10bac9a0c-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: adc5d3182a1a39bf68784f4455a220ac86c5658d7c3c934511dfe5b2b802dd8c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:58 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 371
date: Fri, 27 Sep 2024 02:12:58 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H/1.1 200
OK scarab-v2.js Show response
cdn.scarabresearch.com/js/198DE47607F5EBDB/ 95 KB
23 KB 541ms
169ms Script
application/javascript 18.173.219.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.scarabresearch.com/js/198DE47607F5EBDB/scarab-v2.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-84.jfk52.r.cloudfront.net
Software: /
Resource Hash: 70c8a6b390b1be2c62932aa85ea633523bd3cd4919e8f7f559fd039b3a34bc5f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: max-age=3600,public
Timing-Allow-Origin: *
Content-Encoding: gzip
ETag: "d74662d85574d7bf454f47a76d21e0db--gzip"
Age: 2394
Connection: keep-alive
Via: 1.1 a4edf08fb593b7ca4fee9a64018a186e.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: vXs5xeY3m9z9XwEhW04Nk01Kv-JQdhW5N3SdxVmQTRtdWnXupZhYuw==
Date: Fri, 27 Sep 2024 01:33:05 GMT
Content-Type: application/javascript;charset=utf-8
Vary: Accept-Encoding
X-Amz-Cf-Pop: JFK52-P1

GET
H2 200 RC2ca1e93fcfbd4937beadbcd54f4d3ebb-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 709 B
603 B 73ms
72ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC2ca1e93fcfbd4937beadbcd54f4d3ebb-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f5d2f53e9cb536c8612a444d04480a7fc10e7d3c86cdc238c0971f30af130ee2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:59 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 344
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
39 B 223ms
221ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 RCae3aa4b9849447d785847af246462d1f-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 684 B
686 B 116ms
116ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCae3aa4b9849447d785847af246462d1f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 17ebab252506a49244826b0b915310082bdb89d2219c849c8b94de3dcdc06329

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:59 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 427
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 RC0425550650094a6689c84789f6096b85-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 727 B
714 B 117ms
116ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC0425550650094a6689c84789f6096b85-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 96a62ab971b354a81cd7fcf3cd601a397f16e7be1d3e8a8729e0e28cf0e1b559

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:59 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 455
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 RCeedc5502d4fe45bbb8e99a685c44acf1-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 529 B
594 B 115ms
114ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCeedc5502d4fe45bbb8e99a685c44acf1-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5783beee6cf7f61770dbbf542109b0051a7541fa47ee5268136f96ffdb4daadf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:59 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 335
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
16 B 234ms
232ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H3 200 /
www.google.com/pagead/1p-user-list/1040562098/ 42 B
64 B 161ms
161ms Image
image/gif 2607:f8b0:400d:c01::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1040562098/?random=1727403178683&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfKrvGX1BBptHjWHYjihaA88yGJsCrWrbmMYvYjYAB8TNpzSNR&random=3969297734&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1040562098/ 42 B
64 B 439ms
157ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1040562098/?random=1727403178683&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfKrvGX1BBptHjWHYjihaA88yGJsCrWrbmMYvYjYAB8TNpzSNR&random=3969297734&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
16 B 224ms
222ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H3 200 /
www.google.com/pagead/1p-user-list/1040562098/ 42 B
64 B 154ms
153ms Image
image/gif 2607:f8b0:400d:c01::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1040562098/?random=1727403178687&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfaLC5G-51IGLeLYFySTsD2p4iA5dfm6UyV9DRs912jf92EkB9&random=589454316&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1040562098/ 42 B
64 B 309ms
161ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1040562098/?random=1727403178687&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfaLC5G-51IGLeLYFySTsD2p4iA5dfm6UyV9DRs912jf92EkB9&random=589454316&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/1040562098/ 42 B
64 B 145ms
143ms Image
image/gif 2607:f8b0:400d:c01::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1040562098/?random=1727403178674&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfaDjQREFasrOCJfpmBw2uGz7kvpiHurIbPka2zeles7CvMY4S&random=2401855623&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1040562098/ 42 B
64 B 226ms
145ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1040562098/?random=1727403178674&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfaDjQREFasrOCJfpmBw2uGz7kvpiHurIbPka2zeles7CvMY4S&random=2401855623&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/1040562098/ 42 B
64 B 145ms
143ms Image
image/gif 2607:f8b0:400d:c01::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1040562098/?random=1727403178668&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf5J3u-pqNSbn1biQOgu6Ia0xRyLCDYs4b0Zi1HntAms11obC0&random=1177918793&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1040562098/ 42 B
64 B 136ms
135ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1040562098/?random=1727403178668&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf5J3u-pqNSbn1biQOgu6Ia0xRyLCDYs4b0Zi1HntAms11obC0&random=1177918793&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/11315736573/ 42 B
64 B 142ms
142ms Image
image/gif 2607:f8b0:400d:c01::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11315736573/?random=1727403178679&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf99fNqLILhR9fmAEFEXgPFrKh75T1a73jK70JULtD2ebXOU6V&random=2477962016&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/11315736573/ 42 B
64 B 177ms
176ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/11315736573/?random=1727403178679&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf99fNqLILhR9fmAEFEXgPFrKh75T1a73jK70JULtD2ebXOU6V&random=2477962016&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/11315736573/ 42 B
64 B 140ms
139ms Image
image/gif 2607:f8b0:400d:c01::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11315736573/?random=1727403178680&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfxqnccLAMe6hF-6toStU-HUmex6lkQnTVXeLL39Ua35qbkTX5&random=2425713043&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c01::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/11315736573/ 42 B
64 B 173ms
172ms Image
image/gif 2607:f8b0:400d:c02::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/11315736573/?random=1727403178680&cv=11&fst=1727402400000&bg=ffffff&guid=ON&async=1&gtm=45be49p0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101671035~101686684~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&hn=www.googleadservices.com&frm=0&tiba=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=755731020.1727403179&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=IA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfxqnccLAMe6hF-6toStU-HUmex6lkQnTVXeLL39Ua35qbkTX5&random=2425713043&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c02::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 27 Sep 2024 02:12:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 420ms
63ms Script
application/javascript 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 1593b1f5bf86a2bec3f93142409030a64591d1b6415faaedd0c251dd924d0288

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "bed9b675380c07edc84c03d0f362b192"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12103
date: Fri, 27 Sep 2024 02:13:00 GMT
last-modified: Mon, 23 Sep 2024 17:14:22 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H3 200 209580512574099 Show response
connect.facebook.net/signals/config/ 25 KB
3 KB 185ms
184ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/209580512574099?v=2.9.168&r=stable&domain=www.bitdefender.com&hme=3ba426d944c98eb3ce406a0f93fc097d0320a486b65b445a33b2eda3a5aa3429&ex_m=70%2C119%2C105%2C109%2C61%2C4%2C98%2C69%2C16%2C95%2C87%2C51%2C54%2C170%2C173%2C185%2C181%2C182%2C184%2C29%2C99%2C53%2C76%2C183%2C165%2C168%2C178%2C179%2C186%2C129%2C41%2C34%2C141%2C15%2C50%2C192%2C191%2C131%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C91%2C17%2C14%2C94%2C90%2C89%2C106%2C52%2C108%2C39%2C107%2C30%2C92%2C26%2C166%2C169%2C138%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C74%2C100%2C27%2C75%2C9%2C8%2C79%2C48%2C21%2C102%2C101%2C103%2C96%2C10%2C20%2C3%2C38%2C19%2C84%2C56%2C82%2C33%2C73%2C0%2C93%2C32%2C81%2C86%2C47%2C46%2C85%2C37%2C5%2C88%2C80%2C44%2C35%2C83%2C2%2C36%2C63%2C42%2C104%2C45%2C78%2C68%2C110%2C60%2C59%2C31%2C97%2C58%2C55%2C49%2C77%2C72%2C24%2C111%2C198%2C197%2C199%2C204%2C205%2C206%2C202%2C194%2C130%2C132%2C161%2C193%2C195%2C120%2C155%2C143%2C149%2C187%2C188%2C127%2C230%2C114%2C124%2C125%2C231%2C163%2C117%2C233%2C164%2C134%2C121%2C152%2C146%2C112%2C126

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be40a461a215125d4be31af79eccc69b8976fcd2e6d962d9c41c1552b0010e78

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: GOOD; q=0.7, rtt=77, rtx=0, c=74, mss=1232, tbw=84265, tp=78, tpl=0, uplat=59, ullat=0
pragma: public
x-fb-debug: k4GffbI+KyCLCHRbDXSpmQqX+f0pzh3bp32+um1e5USvhd4c1Wg7L9h93XuXh2iyqUa0sJu/x1NbgKB+OOiGjw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 ee38c350.min.js Show response
tag.demandbase.com/ 61 KB
18 KB 508ms
163ms Script
application/javascript 18.160.10.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/ee38c350.min.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.10.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-10-89.iad12.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a04145a8844f74f140cf1d0cb600d5860f9c8bafb6c433bc796617dfa6f3a330

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: gzip
x-amz-version-id: Y6kB2KcEDxuNGL72rK2pm9VUS0Me9q_R
etag: W/"fae135254bc1b25724212cbb85ec8f51"
age: 1274
x-cache: Hit from cloudfront
x-amz-cf-id: rbhqRVxUfSWv32fBH6BPO9X0c7EhEBXrCRNnFo60BRl2pNqlZTofeQ==
date: Fri, 27 Sep 2024 01:51:47 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2024 19:16:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=3600
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: IAD12-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 2 KB
2 KB 194ms
193ms XHR
application/json 13.226.34.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.34.79 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-34-79.ewr53.r.cloudfront.net

Software

nginx /

Resource Hash

7b6a16679020f1bc0f124cc69c76997775687bef6efd1425a8da27b79434a34d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CACHE
access-control-allow-methods: GET, POST, OPTIONS
request-id: 63db4d8f-e1d7-4eb2-bf7e-2ebf27df4bb3
expires: Thu, 26 Sep 2024 02:12:59 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: KtnjuDUzbBtMAPP5A1QHzmZ6TQYvrJnZrPywehpnrTRGRu49cKHICA==
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 343d70dd2c23b73057116d47a342c588.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitdefender.com
x-amz-cf-pop: EWR53-C2
server: nginx

GET
H2 200 RCfc30b75f2f2842d78674735429229857-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/ 655 B
679 B 145ms
144ms Script
application/x-javascript 2600:1408:ec00:b8e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCfc30b75f2f2842d78674735429229857-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:b8e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a878ee750f8da5a23d6cea75fc3ce2b2e36bd5afe02c38508b48d7680a3fc1c6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "c37bbeb3350da82eaf316cdde5920611:1726835529.255559"
expires: Fri, 27 Sep 2024 03:12:59 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 421
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 467ms
55ms Script
application/x-javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (chd/0761) /

Resource Hash

9be4bb9193ad7f5fc8debf9e923a81c1b9288575b2d87bed8fe4f506ecbb2c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: max-age=86400
content-encoding: gzip
etag: "38eac6caf1fdb1:0"
age: 52961
accept-ranges: bytes
x-cache: HIT
content-length: 25408
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 08:55:10 GMT
server: ECS (chd/0761)
vary: Accept-Encoding

GET A254030-1420-4f36-87b0-178a4806cb111.js
utt.impactcdn.com/ 0
0

GET
H2 200 /
www.facebook.com/tr/ 0
125 B 204ms
202ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=209580512574099&ev=PageView&dl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&rl=&if=false&ts=1727403179424&sw=1600&sh=1200&v=2.9.168&r=stable&ec=0&o=4126&fbp=fb.1.1727403177947.63688246120617014&ler=empty&cdl=API_unavailable&it=1727403177781&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1392, tbw=7753, tp=-1, tpl=-1, uplat=2, ullat=1
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 205ms
204ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=209580512574099&ev=PageView&dl=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&rl=&if=false&ts=1727403179424&sw=1600&sh=1200&v=2.9.168&r=stable&ec=0&o=4126&fbp=fb.1.1727403177947.63688246120617014&ler=empty&cdl=API_unavailable&it=1727403177781&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419140162366771602"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419140162366771602", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: a5NgdSSNqMOMVQEBr+gpYwnkNPPQxzQcXF1gtVDTx0CWivHFy/ZgttezvR3KyTL45REYOlq2mHtnyzAcIu3Fag==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1392, tbw=7922, tp=-1, tpl=-1, uplat=19, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 modules.0721e7cf944cf9d78a0b.js Show response
script.hotjar.com/ 224 KB
56 KB 418ms
80ms Script
application/javascript 18.164.96.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0721e7cf944cf9d78a0b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-37798.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-90.jfk50.r.cloudfront.net

Software

Resource Hash

b59aea27fa8369f30285b9c3875597435dfce1fc0571555adcc11d210cb9bd1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
content-encoding: br
etag: "ac12d2f9dbf41b678b7eb52a4d3e70f3"
age: 651053
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: AKrtWX8B5sd1FFXz2Ais5L8CvKtyltAYRp57JU398Tyzxld9seiZkA==
date: Thu, 19 Sep 2024 13:22:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 19 Sep 2024 13:21:34 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 95708ab75ec6181aa75086df530332d6.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56508
x-amz-cf-pop: JFK50-P5

GET
H2 200 adsct
t.co/1/i/ 43 B
629 B 441ms
143ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=dc388131-6384-4c82-a159-5cf538f45037&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=598c72d2-d4f9-469a-9fc7-8ce28ac54f8a&tw_document_href=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&tw_iframe_status=0&txn_id=nvfwk&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: 006e2dc07b6c10ed
cache-control: no-cache, no-store, max-age=0
x-connection-hash: d7e0043f4efd20236def0038312171208d78f85838c80a7b7f37fffbb3dcdb73
cf-cache-status: DYNAMIC
cf-ray: 8c97f8d2db6936db-YYZ
x-response-time: 8
content-length: 43
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
601 B 472ms
162ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=dc388131-6384-4c82-a159-5cf538f45037&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=598c72d2-d4f9-469a-9fc7-8ce28ac54f8a&tw_document_href=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&tw_iframe_status=0&txn_id=nvfwk&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 9c65f20073858801
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 797813aac97dce5b337b20fc53d070b59c44b8ef6d7c6210bc65718347703929
x-response-time: 8
content-length: 43
date: Fri, 27 Sep 2024 02:12:59 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H2 200 5104414.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 171ms
171ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5104414.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

bc121b4d45c8b281c920d35992d64a75be530994092b2c25071ca0866b45c222

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=60
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E40A723066D4567ABCF9056C5B8DD46 Ref B: YTO01EDGE0721 Ref C: 2024-09-27T02:12:59Z
x-cache: CONFIG_NOCACHE
date: Fri, 27 Sep 2024 02:12:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 5104414 Show response
www.clarity.ms/tag/uet/ 826 B
1 KB 417ms
123ms Script
application/x-javascript 2620:1ec:bdf::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/5104414?insights=1
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5104414.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: bac2539a4c3ab65627174f75e82c2908cf51f2ce2eea18cedf5a06c327065c68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 826
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/x-javascript
x-azure-ref: 20240927T021300Z-15b447545fcj78hx13bvaw7wt400000003n0000000000592

GET
H2 204 0
bat.bing.com/action/ 0
359 B 66ms
64ms Image
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5104414&tm=al001&Ver=2&mid=f27ad4a1-2118-4a67-9652-a70791123aad&sid=04bf87407c7611ef9539233e47b2af37&vid=04bfcb007c7611efa99979ccd738dab4&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&p=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&r=&lt=3714&pt=1727403173589,,,,,0,1,38,38,354,155,355,903,1149,912,1201,1984,1985,3702,3702,3714&pn=0,0&evt=pageLoad&sv=1&cdb=AQIR&rn=422006

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 112C6861E9E44686ABCC99A327239E6E Ref B: YTO01EDGE0721 Ref C: 2024-09-27T02:12:59Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 27 Sep 2024 02:12:59 GMT

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_twxv2a69/ 3 B
124 B 278ms
84ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_twxv2a69/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/json

GET
H2 200 t2_twxv2a69_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 285ms
88ms XHR
application/json 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_twxv2a69_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 97
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 279ms
83ms Image
image/gif 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1727403180048&id=t2_twxv2a69&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=2426940b-7ed0-4aaa-babc-e5cba52e1b68&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_5afed25b&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: image/gif
server: Varnish

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 746ms
257ms XHR
application/json 54.220.48.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=37798&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0721e7cf944cf9d78a0b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.220.48.221 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-220-48-221.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 07d48bd1f38400629a27686dbd1aa63ffa867a08ebb56caee87fd6c04cf5ed9f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 86400
access-control-allow-origin: *
content-length: 56
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/json

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
39 B 175ms
173ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 ipv
cdn.bizible.com/ 43 B
305 B 47ms
46ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=155af106f0534651a02ef22947cec0b8&_biz_l=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&_biz_t=1727403180169&_biz_i=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&_biz_n=0&a=bitdefender.com&rnd=295678&cdn_o=a&_biz_z=1727403180170

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (chd/0714) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 139361
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: image/gif
last-modified: Wed, 25 Sep 2024 11:30:19 GMT
server: ECS (chd/0714)

GET
H2 200 u
cdn.bizibly.com/ 43 B
182 B 82ms
68ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=155af106f0534651a02ef22947cec0b8&_biz_l=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&_biz_t=1727403180172&_biz_i=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&a=bitdefender.com&rnd=770895&cdn_o=a&_biz_z=1727403180172

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (chd/0750) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 139361
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: image/gif
last-modified: Wed, 25 Sep 2024 11:30:19 GMT
server: ECS (chd/0750)

GET
H2 200 sync
s.company-target.com/s/ Frame 72A0 0
0 259ms
71ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.company-target.com/s/sync?exc=lr

Requested by

Host: tag.demandbase.com
URL: https://tag.demandbase.com/ee38c350.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

22.71.96.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Fri, 27 Sep 2024 02:13:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 2 KB
2 KB 142ms
140ms XHR
application/json 13.226.34.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&page_title=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.34.79 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-34-79.ewr53.r.cloudfront.net

Software

nginx /

Resource Hash

ed3cee9cb64ec2e983f45d7eaa7882eb60c9cd84a916534811a1f24f25af9c0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CACHE
access-control-allow-methods: GET, POST, OPTIONS
request-id: 90fe0ea8-03e0-4055-8517-7ab931a27a5d
expires: Thu, 26 Sep 2024 02:13:00 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: MJ7wzY7GZOq75YPRUUmFufa_gQF4PWR3x5yDgvtR8GcYNZMvesOMDw==
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 343d70dd2c23b73057116d47a342c588.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitdefender.com
x-amz-cf-pop: EWR53-C2
server: nginx

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 111 B
308 B 83ms
83ms Script
text/javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=155af106f0534651a02ef22947cec0b8&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.09.18&a=bitdefender.com

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (chd/0714) /

Resource Hash

9d1a9d398bb7dde6f3bfeeffed195da7d40ffb35178f620cfe89dce593274eee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: private, must-revalidate, max-age=21600
content-encoding: gzip
etag: 8B789624
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 215
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: ECS (chd/0714)

GET
H2 200 u
cdn.bizible.com/ 43 B
86 B 101ms
101ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/u?mapType=ecid&mapValue=0E920C0F53DA9E9B0A490D45%40AdobeOrg_00972432539010134110980928487992568616&_biz_u=155af106f0534651a02ef22947cec0b8&_biz_l=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Fhotforsecurity%2Flumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2F&_biz_t=1727403180173&_biz_i=Lumma%20Stealer%20Campaign%20Targets%20League%20of%20Legends%20World%20Championship%20Fans%20Through%20Social%20Media%20Ads&_biz_n=1&a=bitdefender.com&rnd=798439&cdn_o=a&_biz_z=1727403180273

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (chd/0750) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 139361
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: image/gif
last-modified: Wed, 25 Sep 2024 11:30:19 GMT
server: ECS (chd/0750)

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
401 B 487ms
194ms XHR
text/html 2600:9000:2511:8200:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=MJ7wzY7GZOq75YPRUUmFufa_gQF4PWR3x5yDgvtR8GcYNZMvesOMDw==&api-version=v3
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2511:8200:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
etag: "d41d8cd98f00b204e9800998ecf8427e"
age: 63929
via: 1.1 f48e3bba7eb119871945c3726fab1888.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Error from cloudfront
content-length: 0
x-amz-cf-id: Zw00QytAWOBXUuv6D7Vg52uFd2HSQ94O2UVShgvcFRKJkiSeP-yfUg==
date: Thu, 26 Sep 2024 08:27:32 GMT
content-type: text/html
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P6
x-amz-server-side-encryption: AES256

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.47/ 64 KB
27 KB 92ms
91ms Script
application/javascript 2620:1ec:bdf::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.47/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/5104414?insights=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-azure-ref: 20240927T021300Z-15b447545fcj78hx13bvaw7wt400000003n0000000000599
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DCDCD7122C4CCC"
x-fd-int-roxy-purgeid: 51562430
x-ms-request-id: 9f843b2d-901e-007b-72e8-0e6c47000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 24 Sep 2024 20:25:46 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F7C3994CEF884DABB2C18BFEBEDEB4A5&RedC=c.clarity.ms&MXFR=17D402AF10596E4F0A7517A8145960E1
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F7C3994CEF884DABB2C18BFEBEDEB4A5&MUID=2CC25E1E2E3165B50AB54B192F9B64FD

42 B
441 B

55ms
55ms

Image
image/gif

20.110.205.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F7C3994CEF884DABB2C18BFEBEDEB4A5&MUID=2CC25E1E2E3165B50AB54B192F9B64FD
Protocol: H2
Server: 20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
etag: "bb391b5d70eeda1:0"
accept-ranges: bytes
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 42
date: Fri, 27 Sep 2024 02:13:00 GMT
content-type: image/gif
last-modified: Wed, 14 Aug 2024 17:35:32 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

Redirect headers

cache-control: private, no-cache, proxy-revalidate, no-store
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=F7C3994CEF884DABB2C18BFEBEDEB4A5&MUID=2CC25E1E2E3165B50AB54B192F9B64FD
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC17D9AE99C94B3BB03706E317DA0ED4 Ref B: YTO01EDGE0509 Ref C: 2024-09-27T02:13:01Z
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 0
date: Fri, 27 Sep 2024 02:13:01 GMT
x-powered-by: ASP.NET

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
283 B 513ms
127ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.bitdefender.com/

Response headers

Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
Access-Control-Allow-Origin: https://www.bitdefender.com
Date: Fri, 27 Sep 2024 02:13:01 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
39 B 175ms
174ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:13:01 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
39 B 181ms
179ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Fri, 27 Sep 2024 02:13:02 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CQPLM2BC77UF32CPVDG0&lib=ttq

Domain: utt.impactcdn.com
URL: https://utt.impactcdn.com/A254030-1420-4f36-87b0-178a4806cb111.js

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

80 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bitdefender.com/	1969-12-31 23:59:59	Name: tagit_session Value: 1
www.bitdefender.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: b28h8avtiaagvf7nju7g0c29v3
.bitdefender.com/	1970-01-21 08:35:39	Name: bd112 Value: i44FAA%3D%3D
.bitdefender.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 04:09:15	Name: demdex Value: 00946041214244135400978854005461703151
.bitdefender.com/	1969-12-31 23:59:59	Name: AMCVS_0E920C0F53DA9E9B0A490D45%40AdobeOrg Value: 1
www.bitdefender.com/	1969-12-31 23:59:59	Name: tagit_params Value: %7B%22obj%22%3A%5B%5D%7D
.bitdefender.com/	1970-01-21 09:26:03	Name: mbox Value: session#cb206cbcefda4ec0a640d280b0db9983#1727405037\|PC#cb206cbcefda4ec0a640d280b0db9983.34_0#1790647977
.bitdefender.com/	1970-01-21 09:26:03	Name: s_ecid Value: MCMID%7C00972432539010134110980928487992568616
.hsforms.com/	1970-01-20 23:50:04	Name: __cf_bm Value: am3ElNBsPVF91Kd4ZntyzUPEOLCwRUi74vGlhFM_yPg-1727403176-1.0.1.1-KBucrNbQokn8GPApzYPPBOSOF2vB2OYcBdEy7Ji_sfeNqtPXYz6_C688XxjJQ6kLZjmUBmIohGPHAMMaumfFlQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: LzoaBiwGmqg1.sgK4veuqZ6gMl_RIwTIjS9DPlR7h3Y-1727403176355-0.0.1.1-604800000
.bitdefender.com/	1970-01-21 02:01:27	Name: _cq_duid Value: 1.1727403176.DcOnK6FRxGWFfArH
.bitdefender.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1727403176.mY79czCoAnmuAHd9
.demdex.net/	1970-01-21 04:09:15	Name: dextp Value: 771-1-1727403176246\|1123-1-1727403176347\|129099-1-1727403176448
.dpm.demdex.net/	1970-01-21 04:09:15	Name: dpm Value: 00946041214244135400978854005461703151
.bitdefender.com/	1970-01-21 09:26:03	Name: AMCV_0E920C0F53DA9E9B0A490D45%40AdobeOrg Value: 179643557%7CMCIDTS%7C19994%7CMCMID%7C00972432539010134110980928487992568616%7CMCAAMLH-1728007975%7C7%7CMCAAMB-1728007975%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1727410376s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-20001%7CvVersion%7C5.5.0
.bitdefender.com/	1969-12-31 23:59:59	Name: s_ips Value: 1200
.bitdefender.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.doubleclick.net/	1970-01-21 09:26:03	Name: IDE Value: AHWqTUk5EUtcpv2V0X8s6Kgm5dsof81NR1FcrsSb4838pNDWfT_cbplUrozbuYhgpOM
.rkdms.com/	1970-01-21 08:35:39	Name: sc Value: 3%3A120432
.rkdms.com/	1970-01-21 08:35:39	Name: sessionid Value: h-5431bb754efd482f98d2331ece4956f6_t-1727403176
.twitter.com/	1970-01-21 09:26:03	Name: personalization_id Value: "v1_cI28LZrsSSQbp73g4Y0Frw=="
.linkedin.com/	1970-01-21 08:35:39	Name: bcookie Value: "v=2&566596e7-d10c-41bd-8af7-581607099bc3"
.linkedin.com/	1970-01-21 04:09:15	Name: li_gc Value: MTswOzE3Mjc0MDMxNzY7MjswMjGlaeqXw10OVukWJK0zBeKWNrbGWAbxIZki3LGg7JZkkQ==
.linkedin.com/	1970-01-20 23:51:29	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=3458:u=1:x=1:i=1727403176:t=1727489576:v=2:sig=AQHdLPIjaaM6tmESEfIgxRoGQGRwxlU7"
obseu.ofgreencolumn.com/	1970-01-21 07:53:53	Name: cg_uuid Value: 96b3123dca646a447d509f78e2aa41b2
.bitdefender.com/	1970-01-21 00:00:07	Name: at_geo Value: {%22latitude%22:45.5%2C%22longitude%22:-73.58%2C%22countryCode%22:%22CA%22%2C%22stateCode%22:%22QC%22%2C%22city%22:%22MONTREAL%22}
.bitdefender.com/	1970-01-21 04:09:15	Name: __hstc Value: 27765283.26d33c86e42ab0e1a9f09a80b773db82.1727403177294.1727403177294.1727403177294.1
.bitdefender.com/	1970-01-21 04:09:15	Name: hubspotutk Value: 26d33c86e42ab0e1a9f09a80b773db82
.bitdefender.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.bitdefender.com/	1970-01-20 23:50:04	Name: __hssc Value: 27765283.1.1727403177294
.bitdefender.com/	1969-12-31 23:59:59	Name: s_tp Value: 6995
.bitdefender.com/	1969-12-31 23:59:59	Name: s_ppv Value: blog%253Ah4s%253Ascam%253Alumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads%2C17%2C17%2C1200%2C1%2C5
.hubspot.com/	1970-01-20 23:50:04	Name: __cf_bm Value: Rp9Dr.1nlClLDCa2ksfQ63bMdHOTqUDMwOZm55HTpwE-1727403177-1.0.1.1-7Mx4jdXNMJkjPPmi.Mh0_BXIog7qrTi08dDQsMcc51FTpR3nlIiKfpZgOixOeG9ILJ578kRMj51IrHwp_gsapw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: T0ePKq2Dry.vnjf1Pi1lEhAAPvSbQIvKH_JqICLHcnQ-1727403177603-0.0.1.1-604800000
.bitdefender.com/	1970-01-21 01:59:39	Name: _fbp Value: fb.1.1727403177947.63688246120617014
.bitdefender.com/	1970-01-21 01:59:39	Name: _gcl_au Value: 1.1.755731020.1727403179
.bitdefender.com/	1969-12-31 23:59:59	Name: _ga Value: GA1.1.1019379328.1727403179
.bitdefender.com/	1969-12-31 23:59:59	Name: _ga_6M0GWNLLWF Value: GS1.1.1727403176.1.0.1727403178.60.0.1613315885
.doubleclick.net/	1970-01-21 00:33:15	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-21 04:09:15	Name: receive-cookie-deprecation Value: 1
.bitdefender.com/	1970-01-20 23:51:29	Name: _uetsid Value: 04bf87407c7611ef9539233e47b2af37
.bitdefender.com/	1970-01-21 09:11:39	Name: _uetvid Value: 04bfcb007c7611efa99979ccd738dab4
.bing.com/	1970-01-21 09:11:39	Name: MUID Value: 2CC25E1E2E3165B50AB54B192F9B64FD
.bat.bing.com/	1970-01-21 00:00:07	Name: MR Value: 0
.bitdefender.com/	1970-01-21 01:59:39	Name: _rdt_uuid Value: 1727403180046.2426940b-7ed0-4aaa-babc-e5cba52e1b68
.t.co/	1970-01-21 09:26:03	Name: muc_ads Value: 854faafb-d37d-49bb-b255-54ff18b57f17
.t.co/	1970-01-20 23:50:04	Name: __cf_bm Value: 8LCeOSYIUN3Ro6pJA0XVXL4UzjekHgcN0QjdJrm9KbE-1727403180-1.0.1.1-QO3LEK.Zby0LEaAxwIefB0pNM1lBDkUWleLpCc_WZZRVjgnAZiBPAQYaB53K8BdVYVdzHoEN5kaSm7waRC99Kg
.bitdefender.com/	1970-01-21 08:35:39	Name: _hjSessionUser_37798 Value: eyJpZCI6IjUzOTQ1NzUwLTUyNzAtNTQ1ZC1iNTJiLWQ2YmU4NWVjZTY0MiIsImNyZWF0ZWQiOjE3Mjc0MDMxODAxMDcsImV4aXN0aW5nIjp0cnVlfQ==
.twitter.com/	1970-01-21 09:26:03	Name: guest_id_marketing Value: v1%3A172740318007233709
.twitter.com/	1970-01-21 09:26:03	Name: guest_id_ads Value: v1%3A172740318007233709
.twitter.com/	1970-01-21 09:26:03	Name: guest_id Value: v1%3A172740318007233709
.bitdefender.com/	1970-01-20 23:50:04	Name: _hjSession_37798 Value: eyJpZCI6IjE2ZDkzMDcwLWJmZTMtNDI3ZS04YmMyLTFhN2QxNWU2NmFlMSIsImMiOjE3Mjc0MDMxODAxMDksInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.bitdefender.com/	1970-01-21 08:35:39	Name: _biz_uid Value: 155af106f0534651a02ef22947cec0b8
.bitdefender.com/	1970-01-21 08:35:39	Name: _biz_nA Value: 2
.bizible.com/	1970-01-21 08:35:39	Name: _BUID Value: 155af106f0534651a02ef22947cec0b8
.bizibly.com/	1970-01-21 08:35:39	Name: _BUID Value: fdb264f84badfff7289be4d97f35ade0
.bitdefender.com/	1970-01-21 08:35:39	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Ecid%22%3A%22-937359202%22%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.clarity.ms/	1970-01-21 08:35:39	Name: CLID Value: b69aa477b2164620a5ab7545afae0e0f.20240927.20250927
.bitdefender.com/	1970-01-21 08:35:39	Name: _biz_pendingA Value: %5B%5D
.company-target.com/	1970-01-21 09:26:03	Name: tuuid Value: 53ab7f03-46d9-4b0d-8c1a-a40a4fd36c7e
.company-target.com/	1970-01-21 09:26:03	Name: tuuid_lu Value: 1727403180\|ix:0\|mctv:0\|rp:0
.bitdefender.com/	1970-01-21 08:35:39	Name: _clck Value: 1tmt2et%7C2%7Cfpj%7C0%7C1731
.casalemedia.com/	1970-01-21 08:35:39	Name: CMID Value: ZvYUrNHM50cAAFbeADIikAAA
.casalemedia.com/	1970-01-21 01:59:39	Name: CMPS Value: 1380
.casalemedia.com/	1970-01-21 01:59:39	Name: CMPRO Value: 1380
.tremorhub.com/	1970-01-21 08:36:00	Name: tvid Value: 9a8d5b3f81d0405f8d96bcc3f3540ac9
.tremorhub.com/	1970-01-21 09:26:03	Name: tv_UIDM Value: 53ab7f03-46d9-4b0d-8c1a-a40a4fd36c7e
.rubiconproject.com/	1970-01-21 08:35:39	Name: audit_p Value: 1\|v6QZFWEG0LORfg993AJNrVw8nYTmPs4gdPgUy36MHkubyR+hvQt5L45iZBq1iVOLtRSEx5JIoUeM1KxoLazIt5mwZQnb46mpgTr/MzjgoxXcZjIYjuF/xa5FU9dATTkVBLMGAQ0L7wZGbLXLoKEJ8lDEPw8VcHBccmESKmf2cwrTmoFL5pKQsaZr5ZVxLWDe
.rubiconproject.com/	1970-01-21 08:35:39	Name: khaos Value: M1K394S5-Y-JRR8
.rubiconproject.com/	1970-01-21 08:35:39	Name: khaos_p Value: M1K394S5-Y-JRR8
.rubiconproject.com/	1970-01-21 08:35:39	Name: audit Value: 1\|v6QZFWEG0LORfg993AJNrVw8nYTmPs4gdPgUy36MHkubyR+hvQt5L45iZBq1iVOLtRSEx5JIoUeM1KxoLazIt5mwZQnb46mpgTr/MzjgoxXcZjIYjuF/xa5FU9dATTkVBLMGAQ0L7wZGbLXLoKEJ8lDEPw8VcHBccmESKmf2cwrTmoFL5pKQsaZr5ZVxLWDe
.rubiconproject.com/	1970-01-21 01:59:39	Name: receive-cookie-deprecation Value: 1
.bitdefender.com/	1970-01-20 23:51:29	Name: _clsk Value: 1l777d%7C1727403181142%7C1%7C1%7Cp.clarity.ms%2Fcollect
.c.bing.com/	1970-01-21 00:00:07	Name: MR Value: 0
.c.bing.com/	1970-01-21 09:11:39	Name: SRM_B Value: 2CC25E1E2E3165B50AB54B192F9B64FD
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 09:11:39	Name: MUID Value: 2CC25E1E2E3165B50AB54B192F9B64FD
.c.clarity.ms/	1970-01-21 00:00:07	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 23:50:03	Name: ANONCHK Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Message: Refused to create a worker from 'blob:https://www.bitdefender.com/e2f1a5a6-bc98-4e33-9b33-d0ae3d9d02f7' because it violates the following Content Security Policy directive: "script-src 'self' 'self' .emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com .google.com www.gstatic.com .hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com .googleadservices.com tag.demandbase.com .doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com .hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com .bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net .clarity.ms .bitdefender.com .scarabresearch.com www.dwin1.com .taboola.com .outbrain.com retrack-kupona.kuponacdn.de ad4m.at .google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' .cookielaw.org .criteo.com .googletagservices.com .2mdn.net .googlesyndication.com .usercentrics.eu .ofgreencolumn.com". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Message: Refused to create a worker from 'blob:https://www.bitdefender.com/04f73aa3-bb1d-4681-b467-8da98090b0be' because it violates the following Content Security Policy directive: "script-src 'self' 'self' .emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com .google.com www.gstatic.com .hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com .googleadservices.com tag.demandbase.com .doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com .hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com .bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net .clarity.ms .bitdefender.com .scarabresearch.com www.dwin1.com .taboola.com .outbrain.com retrack-kupona.kuponacdn.de ad4m.at .google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' .cookielaw.org .criteo.com .googletagservices.com .2mdn.net .googlesyndication.com .usercentrics.eu .ofgreencolumn.com". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
security	error	(Line 1) Message: Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CQPLM2BC77UF32CPVDG0&lib=ttq' because it violates the following Content Security Policy directive: "script-src 'self' 'self' .emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com .google.com www.gstatic.com .hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com .googleadservices.com tag.demandbase.com .doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com .hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com .bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net .clarity.ms .bitdefender.com .scarabresearch.com www.dwin1.com .taboola.com .outbrain.com retrack-kupona.kuponacdn.de ad4m.at .google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' .cookielaw.org .criteo.com .googletagservices.com .2mdn.net .googlesyndication.com .usercentrics.eu .ofgreencolumn.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	(Line 1) Message: Refused to load the script 'https://utt.impactcdn.com/A254030-1420-4f36-87b0-178a4806cb111.js' because it violates the following Content Security Policy directive: "script-src 'self' 'self' .emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com .google.com www.gstatic.com .hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com .googleadservices.com tag.demandbase.com .doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com .hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com .bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net .clarity.ms .bitdefender.com .scarabresearch.com www.dwin1.com .taboola.com .outbrain.com retrack-kupona.kuponacdn.de ad4m.at .google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' .cookielaw.org .criteo.com .googletagservices.com .2mdn.net .googlesyndication.com .usercentrics.eu .ofgreencolumn.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2.gravatar.com
ad.doubleclick.net
ade.googlesyndication.com
adservice.google.com
alb.reddit.com
analytics.google.com
analytics.tiktok.com
analytics.twitter.com
api.company-target.com
api.hubapi.com
api.hubspot.com
api.usercentrics.eu
app.usercentrics.eu
assets.adobedtm.com
assets.adobetarget.com
bat.bing.com
bitdefender.demdex.net
blogapp.bitdefender.com
c.bing.com
c.clarity.ms
cdn.bizible.com
cdn.bizibly.com
cdn.scarabresearch.com
cm.everesttech.net
connect.facebook.net
consent-api.service.consent.usercentrics.eu
consent.cookiebot.com
consentcdn.cookiebot.com
content.hotjar.io
cta-service-cms2.hubspot.com
download.bitdefender.com
dpm.demdex.net
euob.ofgreencolumn.com
forms.hubspot.com
googleads.g.doubleclick.net
imgsct.cookiebot.com
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
obseu.ofgreencolumn.com
p.clarity.ms
pagead2.googlesyndication.com
perf-na1.hsforms.com
pixel-config.reddit.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.company-target.com
script.hotjar.com
snap.licdn.com
sstats.bitdefender.com
starget.bitdefender.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag-logger.demandbase.com
tag.demandbase.com
td.doubleclick.net
track.hubspot.com
utt.impactcdn.com
www.bitdefender.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.redditstatic.com
analytics.tiktok.com
utt.impactcdn.com
104.244.42.131
13.107.42.14
13.226.34.79
146.75.28.157
151.101.193.140
152.199.2.76
162.159.140.229
172.217.197.156
172.253.122.149
18.160.10.89
18.164.96.90
18.173.219.84
20.110.205.119
20.122.63.128
2001:4860:4802:32::178
2600:1403:9c00:34::6859:aad3
2600:1408:20:6a0::294d
2600:1408:c400:26::17da:d920
2600:1408:ec00:286::f09
2600:1408:ec00:288::f09
2600:1408:ec00:b8e::1e80
2600:1408:ec00:b::1730:cba7
2600:1901:0:1e38::
2600:1901:0:5987::
2600:1901:0:c07c::
2600:9000:2141:2000:d:199b:f700:93a1
2600:9000:2511:8200:1d:8d6d:3b40:93a1
2606:4700:4400::6812:28f0
2606:4700::6810:4d8e
2606:4700::6810:7674
2606:4700::6810:8bd1
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:1a9
2606:4700::6812:8a11
2606:4700::6812:a8de
2606:4700::6812:f36c
2606:4700::6813:afbc
2607:f8b0:4004:c08::8a
2607:f8b0:400d:c01::93
2607:f8b0:400d:c01::9c
2607:f8b0:400d:c02::5e
2607:f8b0:400d:c04::61
2607:f8b0:400d:c04::9d
2607:f8b0:400d:c07::9b
2607:f8b0:400d:c0f::9b
2607:f8b0:400d:c0f::9c
2620:1ec:21::14
2620:1ec:33::10
2620:1ec:bdf::38
2620:1ec:c11::237
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:181:face:b00c:0:25de
2a04:4e42:200::396
2a04:fa87:fffe::c000:4902
2a05:d018:56f:b802:834:8d0e:be2f:5ebe
34.96.71.22
35.153.87.206
35.83.67.3
44.196.169.18
52.84.18.67
54.220.48.221
63.140.39.194
63.140.39.35
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
018f9e1aaada6e0c449d70167f3609fd5e8d028715e9ddf56cd5e6886d5ab140
01d2dc9ce14427d66816f50571842dd8d418b233a32526881155e3dd0cda2581
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
07d48bd1f38400629a27686dbd1aa63ffa867a08ebb56caee87fd6c04cf5ed9f
0a25589501a065c71010f4b685f20a2a283ba910b374e2ce8148c4fcd623e9a5
0b30932e8af07c0174672c55f4e3b294051d8e5b4c396d2af040be03e5ae5e1d
0b42f5fc9fdeb7f339a89cd8f247e6f96e1cf0ad60ce0ede77e2e48e4890b259
10d0389d0c841c63a9ea8d40f078329fcac168da3089871c495d2e71e4be1505
111aee1f2f7d102b2100033b1802091e27c1d6e65631a2e4939bf4579311ddfe
14b0c3562cb883c5800ba70ccafff751d7a1c75b0215a72da07d3eba825c874d
1593b1f5bf86a2bec3f93142409030a64591d1b6415faaedd0c251dd924d0288
163a52fd5affb6d9ec513503eb56cadc55312d994eadcf2d130b6ff3c3b7822f
1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b
17ebab252506a49244826b0b915310082bdb89d2219c849c8b94de3dcdc06329
25e217b2259bcde9a182c8f8770937cae0f7652e64ff16e17c1b9d0f3d878c89
25f82b0775d468ef51478c9a5aa42a28b077dbfe94d9fa0c3ac5f1ba72975eb5
2642840abb45a0d3e03e21162325fedd5b42f34d155148bc6136a394bfcf8686
28ea2e959f87ed1248ebd584dca5c6efb5b017dc10f00753a380daae9912c348
293c213205cd107ec18a50ae1f8a7b79915117d162cc58701a575def7c295d39
298a826a0ff3cc92b312e768e4739e9b5fd84e097275de128ee0f3f5df2df59b
2a1d2a63253105790e272b960aa8d888108c9822cc05e1211d188919aa9c0eb0
2aacbfd672d7ca0d1f238b54afd64661a3b1daab59b51d38dfca6341e8a67674
2b961509132c08044e387c124645336947ea3ddd14c1dd2aa02684ba0a9587d7
2c1a897ff5cd65689bc00765a26509b5815873afbe32ce7be33f80cfcba35fcb
2c39572fa12042fa16d1c80d75d08256b501aadd421d91d9c66699a2ea384a05
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa
329df5c734e6ca6d6019cfa54a2d01730e9fe32166c38db5d9e6ece9f13524ef
33a1231fdf5d3674b8e9c2f48fc2ba3538f791fd476141ec2d7c9d70cddb984d
33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61
3694e5fac1c4542367cc80b4df25b56171e52f0b3161a278c0476e796a613cea
37b7b6d278b028c4826ac8a2ed18ec950c57be65090dd1428d329c6e46850b21
3cb177f423462d1c624920c75255eb2bc754d829ef3cda5fd3e1292474e9c8e7
3e3c40f3d35690d65d169ddecaec7f584850a2a89fc958c85b9cc1128df58b5d
3f2069e4f379291c013b2ac6b33c3770c98737524f80ccdfca1ea8586169622e
4307e7ad77600ee920b4b1acad26e955c666b533f813c02511a3474da019c6a0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
452cb4fbd8dfb6bb17e8c2ed477cb19f693c4f77cfc4e9bccf09c06b73fe5888
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
465cd66e99911aaf1331079a14d6ecda320383882092661ce11d2e7f725cd0a1
4a2207e1dfdac97cdf65dce070c145d2f8251b726777b5073bb79308e69e1a68
4aa36adb2ce5dd4c4e0070572b3f5160be57caea3ac35dd32ed872ba5ab97b08
4c5aa08fa23f45b17d6d2cfe35fb7ce9995f8e543df2575dccdaec093059c681
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4edd782df9a9f91a556f6334dc586c1e867e35bb47697387dd3939dff706e4ff
52f29f835d2a32bd817c28fbbfd75f607e410e09153503d4849fa9cac350c531
54664d1bfb3f482d78a612bee78172bb2d909d9101f792ef2e467418c7ea3efe
559a4d157a5daee6dd96efb4962a0d4286adcd4e6a8b3a544eb003151f3e5de6
5783beee6cf7f61770dbbf542109b0051a7541fa47ee5268136f96ffdb4daadf
5824d80dcd7df09800b4965aee062d34e166ebb5fe5f27eb83cb94f8e797825b
5fe64b723a7e2217982ad21b77d62cf63af26f869ff996b0b4cd4d56fd0bd9c4
617d763a44556f21e2fa86239bd209a0dd0b39b2c8061dd25883b139c67f03b2
6692354a1d9a4d531832e922f7e86a9e80f24562572c9dc7614a71fe5145b266
67d2ae1b6a8637040cc72ed0a33357cdd188802fd438191763651e14d98de411
68bf6234be80a74ffd1dcd5206e5bceca1e6b6fe6c6ee393411283052375bb3a
697b7db635fa5788c1210e5732e1ea3d5ce8abfd8cfda04759202b36d42fafcf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
70c8a6b390b1be2c62932aa85ea633523bd3cd4919e8f7f559fd039b3a34bc5f
714fa9b9c59a777fef0fafb276241c2abd7f8706b5b5fd703e8de2707c217bf4
71c2d59bf0903617a90130e5a67411c1c737b7b8d2d09785a065a60000f8a3aa
72aad76476fc26969761cdacd69469c0cd06a107d0d0f4cc5d1b847b6d374fe3
734cbda90bd006d063fe24ecdf2cb1fde2ec42249874a4ce09e9fd1f35a3cf25
73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4
79424b62a60fe46e235aa144113253aa0a3c4a74b08ba9a9c3b8a12a33625945
7b6a16679020f1bc0f124cc69c76997775687bef6efd1425a8da27b79434a34d
7f71ea2ee4a036330835db07da51868a757afd8a10db5625ee2342ac54d3fee5
82cadae44a738e2e2bf87c6436d64052c51e43790219e82b248cc0f23bb1e145
831b25d2cf0066937657444e6d8366c0e51af9ac0989def0613358d48bd45b88
8395d72ab340a6fb7923d93b019bffa5570553f6762dc56eeb4e5ee603ae3dda
86f1803a5904d8da3fa87b934c8b92ee22432ff830d6855ad61f19e00c976f1a
89da77d6f8ad7491e3bf36a216e0250a3d408d7da043147e7f4801588e68d3a4
89e7fb4e144a0878ffc68a4c924bc296d280c62fbd03b993a8d6987848fcea57
912c182e4d41d0f4b069b1b20ce2853b6ffccad7ac794270151e94a16c5c6652
951c5b7cb6a0af9d32789f92b5eb25132c18386fe8a5d09a727b337b4e01b204
9643928ad6e50ace7659e68d135a3345b599b7aec17dda1c278f83db94cca033
96a62ab971b354a81cd7fcf3cd601a397f16e7be1d3e8a8729e0e28cf0e1b559
979d977217c7032b1cd864c0b65ce5d4ff834aa9ca116198873299b5a60cfc9a
98b232e09d6c21b2417ea5c3478d8fd7d316351da33eae941bb518e8c4510eaf
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
998e101f849c2c62109805ff62a51352b518a04b4c95f574325beb72ab7b355e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
9be4bb9193ad7f5fc8debf9e923a81c1b9288575b2d87bed8fe4f506ecbb2c44
9d1a9d398bb7dde6f3bfeeffed195da7d40ffb35178f620cfe89dce593274eee
9dab18f680009dc6a00f3cd6309dcade1ef6bd4f3f36b52e9aa3466042908122
9dc0d1858bc1e2eab3856936743cda081ee0cf36b11db4b6aa8e52ef7e287d5c
a04145a8844f74f140cf1d0cb600d5860f9c8bafb6c433bc796617dfa6f3a330
a1aa30b8c2998ad91b6d0cd88fa7fa3a4c2a3e79df019cbc504e380f0aef6c47
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a878ee750f8da5a23d6cea75fc3ce2b2e36bd5afe02c38508b48d7680a3fc1c6
a88111bbff6ef6807fcc354c4c451e9dbd3902d3e477a49de2e320b997588247
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac5d8ea1ae9f63c84d62bf66c76e5b0afa61b77fc886c76360a8aac5fd40195d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad29a345ff4e0d3d78a7c95c1e39c24a5e39ce0b1c36ce1f1ad9510382fefd44
adc5d3182a1a39bf68784f4455a220ac86c5658d7c3c934511dfe5b2b802dd8c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b082bf447eaa2c9d8c1533a04594dc44d38ca167a99c2af9085dc7ed3ea2fcc6
b12fb0eeecdba5a2b18fef838397e958f82a33c7ab8e2697fac08d8e6f4946c0
b1f440ed32cd2667105a18eda2dedc969061ef2b2ff0d4c56a4695d8d4377a81
b30aedc0ccbf238498bccdc2d3ed392ac43cba99b43d5a1599b9df936badc7dd
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b59aea27fa8369f30285b9c3875597435dfce1fc0571555adcc11d210cb9bd1b
baac99e1b05b0c9000f294728f2c9d68772152d1ce6595b5538e59d1ea61bc45
bac2539a4c3ab65627174f75e82c2908cf51f2ce2eea18cedf5a06c327065c68
bc121b4d45c8b281c920d35992d64a75be530994092b2c25071ca0866b45c222
be40a461a215125d4be31af79eccc69b8976fcd2e6d962d9c41c1552b0010e78
bfe65bab8e75348f8db2acda2e6ae0a7cebc05814e1f37044f861e01711c3fe3
c1233a49c4ecec12fed969bc83cd6ba59d8b2b88bef31988d9384f7e54c42e20
c4129a4a7fdd00c7a0ec3e3a9da9e5a44808e5c06e9aba821e00dfe5a9363240
c47d81e9c2e91dee628d62db2890300e6fa48d6a1af864b8f40cb0f7889690a9
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd09f73c8c5825ae8c997db0a3170ebcbab108605fb335c985540fb8e24f9bc1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e762dea4a25bf3b8c1fdae8951feaa2a41c8962e3a3145996efcfb78d79333cc
ebbf51132ac80c2070995d82e1b1237526521386eaced499d94c36a05804141f
ed3cee9cb64ec2e983f45d7eaa7882eb60c9cd84a916534811a1f24f25af9c0f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f366807930c205c2dfd9124091c4d2b8ebe9f7d57e66b0eddeb63dac1a171d83
f3bd36f2edde99ff454009b70c0374c56b22adf83c0f61a6db04876c30c886aa
f54ff2c4df8195bd0b7982698e9285978441405263df5e03e6ff4f1b7f037a8e
f5d2f53e9cb536c8612a444d04480a7fc10e7d3c86cdc238c0971f30af130ee2
f90ba9e182c28a0dd25dfbfb75f50b1b993414f9f992e96143c2f5ff34fbe336
fab5cda5682da8425e7110db62aa4c2163e2bbd8e2eec76139e3b1451520fa92
fab8294d35a12278bfd9179ac66940d6d77145b986fc04e5826a8521f7aa1d49
fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae
fcf4ad57046af8b44b9f85d4398ca15757c54cdbdecfdfdf438266ff0bd996f8

www.bitdefender.com Open in urlscan Pro 2606:4700::6812:1a9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

190 Requests

95 %HTTPS

66 %IPv6

44 Domains

73 Subdomains

63 IPs

3 Countries

2639 kBTransfer

6566 kBSize

80 Cookies

14 Outgoing links

Redirected requests

190 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bitdefender.com Open in urlscan Pro
2606:4700::6812:1a9 Public Scan

Screenshot
Live screenshot

Full Image

190
Requests

95 %
HTTPS

66 %
IPv6

44
Domains

73
Subdomains

63
IPs

3
Countries

2639 kB
Transfer

6566 kB
Size

80
Cookies

190 HTTP transactions
0 data transactions