www.bitdefender.com Open in urlscan Pro
2606:4700::6812:1a9  Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

• https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730464786526 HTTP 302
• https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730464786526

Request Chain 30

• https://cm.everesttech.net/cm/dd?d_uuid=30554130963329383572905131910663552764 HTTP 302
• https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyTMEgAAAF3qXQNw

Request Chain 51

• https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/BSP_3250.jpg HTTP 302
• https://blogapp.bitdefender.com/labs/content/images/2023/10/BSP_3250.jpg

Request Chain 97

• https://ad.doubleclick.net/activity;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F HTTP 302
• https://ad.doubleclick.net/activity;dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F HTTP 302
• https://adservice.google.com/ddm/fls/z/dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=*;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F

Request Chain 131

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D359890%26time%3D1730464788353%26li_adsId%3D66a83857-670a-48dd-8b13-52056b8ae9ef%26url%3Dhttps%253A%252F%252Fwww.bitdefender.com%252Fen-us%252Fblog%252Flabs%252Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&cookiesTest=true&liSync=true&e_ipv6=AQK94LJ3wdVN1gAAAZLnvTFSa8mF_DSEb4g2C_6mn5gttSawbqS0dwd5Z2Zq7VF2w0pmwoFwM9PSdkfDmgIRi-gyyRrYrQ

Request Chain 133

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8D0A34AE8F2A4369879A420C6D2C3E34&RedC=c.clarity.ms&MXFR=19D5DF7296D660452305CA5892D66EEE HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0A34AE8F2A4369879A420C6D2C3E34&MUID=2A71B283C6526BF33B22A7A9C7D86A86

162 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/	1 MB 793 KB	89ms 60ms	Document text/html	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1cc5f9b1ef7bce67dd39b67becf364a17bb111d8ee9a6dbba006d1560a6c924 Security Headers Name Value Content-Security-Policy default-src 'self'; img-src https: http: data:; style-src 'self' 'unsafe-inline' *.bitdefender.com fonts.googleapis.com www.gartner.com; script-src 'self' 'self' *.emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com *.google.com www.gstatic.com *.hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com *.googleadservices.com tag.demandbase.com *.doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com *.hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com *.bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net *.clarity.ms *.bitdefender.com *.scarabresearch.com www.dwin1.com *.taboola.com *.outbrain.com retrack-kupona.kuponacdn.de ad4m.at *.google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.criteo.com *.googletagservices.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.ofgreencolumn.com *.tiktok.com *.impactcdn.com; frame-ancestors 'self' https: explore.bitdefender.com; object-src 'none'; frame-src www.gartner.com *.facebook.com *.google.com consentcdn.cookiebot.com bitdefender.demdex.net 5165113.fls.doubleclick.net vars.hotjar.com www.youtube.com hal9000.redintelligence.net ad.ad-srv.net forms.hsforms.com ad4m.at ws.hotjar.com s.company-target.com td.doubleclick.net *.criteo.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.googletagmanager.com; connect-src wss: ws.hotjar.com metrics.hotjar.io content.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.emarsys.net *.hubapi.com *.hubspot.com *.facebook.com assets.adobetarget.com sentry.nmbapp.net api.company-target.com *.bitdefender.com geolocation-db.com dpm.demdex.net consent.cookiebot.com *.google.com google.com *.scarabresearch.com rs.fullstory.com googleads.g.doubleclick.net consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com analytics.google.com *.clarity.ms *.doubleclick.net *.taboola.com cdn.linkedin.oribi.io vc.hotjar.io 'self' localhost blog.bitdefender-com.nmbapp.net tag-logger.demandbase.com *.bizible.com *.bizible.net px.ads.linkedin.com *.redditstatic.com *.googlesyndication.com *.cookielaw.org *.onetrust.com *.onetrust.io *.criteo.com *.reddit.com *.googleadservices.com *.usercentrics.eu *.bing.com *.ofgreencolumn.com *.tiktok.com; font-src 'self' data: www.bitdefender.com fonts.googleapis.com fonts.gstatic.com www.gartner.com; base-uri *.bitdefender.com *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.ro *.bitdefender.fr *.bitdefender.de Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers age 8164 cache-control public, max-age=1800, s-maxage=86400 cf-cache-status HIT cf-ray 8dbbf31109c3c46b-EWR content-encoding gzip content-security-policy default-src 'self'; img-src https: http: data:; style-src 'self' 'unsafe-inline' *.bitdefender.com fonts.googleapis.com www.gartner.com; script-src 'self' 'self' *.emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com *.google.com www.gstatic.com *.hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com *.googleadservices.com tag.demandbase.com *.doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com *.hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com *.bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net *.clarity.ms *.bitdefender.com *.scarabresearch.com www.dwin1.com *.taboola.com *.outbrain.com retrack-kupona.kuponacdn.de ad4m.at *.google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.criteo.com *.googletagservices.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.ofgreencolumn.com *.tiktok.com *.impactcdn.com; frame-ancestors 'self' https: explore.bitdefender.com; object-src 'none'; frame-src www.gartner.com *.facebook.com *.google.com consentcdn.cookiebot.com bitdefender.demdex.net 5165113.fls.doubleclick.net vars.hotjar.com www.youtube.com hal9000.redintelligence.net ad.ad-srv.net forms.hsforms.com ad4m.at ws.hotjar.com s.company-target.com td.doubleclick.net *.criteo.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.googletagmanager.com; connect-src wss: ws.hotjar.com metrics.hotjar.io content.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.emarsys.net *.hubapi.com *.hubspot.com *.facebook.com assets.adobetarget.com sentry.nmbapp.net api.company-target.com *.bitdefender.com geolocation-db.com dpm.demdex.net consent.cookiebot.com *.google.com google.com *.scarabresearch.com rs.fullstory.com googleads.g.doubleclick.net consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com analytics.google.com *.clarity.ms *.doubleclick.net *.taboola.com cdn.linkedin.oribi.io vc.hotjar.io 'self' localhost blog.bitdefender-com.nmbapp.net tag-logger.demandbase.com *.bizible.com *.bizible.net px.ads.linkedin.com *.redditstatic.com *.googlesyndication.com *.cookielaw.org *.onetrust.com *.onetrust.io *.criteo.com *.reddit.com *.googleadservices.com *.usercentrics.eu *.bing.com *.ofgreencolumn.com *.tiktok.com; font-src 'self' data: www.bitdefender.com fonts.googleapis.com fonts.gstatic.com www.gartner.com; base-uri *.bitdefender.com *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.ro *.bitdefender.fr *.bitdefender.de content-type text/html; charset=utf-8 date Fri, 01 Nov 2024 12:39:46 GMT etag "14800d-lrRPhCRvqBYPbd+xTb4lAIUpWe0" expires Fri, 01 Nov 2024 10:53:41 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding
GET H2	200	Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg blogapp.bitdefender.com/labs/content/images/size/w600/2024/10/	17 KB 17 KB	139ms 36ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w600/2024/10/Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 68a3a7168f0b5b42d268263b428ae09c120728fe16953a160a596aa351ed088b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control public, max-age=31536000 cf-bgj h2pri etag W/"4232-192dd82d9a6" age 170708 cf-cache-status HIT cf-ray 8dbbf3121c9542b5-EWR accept-ranges bytes access-control-allow-origin * content-length 16946 date Fri, 01 Nov 2024 12:39:46 GMT content-type image/jpeg last-modified Wed, 30 Oct 2024 12:59:53 GMT x-powered-by Express server cloudflare vary Accept-Encoding
GET H2	200	uc.js Show response consent.cookiebot.com/	110 KB 34 KB	112ms 22ms	Script application/javascript	2600:1408:c400:16::17d4:f812 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://consent.cookiebot.com/uc.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:16::17d4:f812 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers access-control-expose-headers Request-Context cache-control public, max-age=275 content-encoding gzip etag "42d4c62e8219db1:0" cross-origin-resource-policy cross-origin request-context appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef expires Fri, 01 Nov 2024 12:44:21 GMT accept-ranges bytes content-length 34533 date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript last-modified Tue, 08 Oct 2024 13:01:25 GMT vary Accept-Encoding
GET H2	200	TagIT.v1.min.js Show response www.bitdefender.com/scripts/	15 KB 4 KB	78ms 74ms	Script application/x-javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers cache-control public, must-revalidate, proxy-revalidate, max-age=0 content-encoding gzip cf-cache-status MISS etag W/"5c8b8d2d-3b83" pragma public cf-ray 8dbbf3118a6bc46b-EWR access-control-allow-origin * date Fri, 01 Nov 2024 12:39:46 GMT content-type application/x-javascript last-modified Fri, 15 Mar 2019 11:31:57 GMT vary Accept-Encoding server cloudflare
GET H2	200	launch-b77a56f2d5f1.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/	543 KB 153 KB	206ms 15ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 25f82b0775d468ef51478c9a5aa42a28b077dbfe94d9fa0c3ac5f1ba72975eb5 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "19a705835f3a0ae72bb75bcf91d2f1f8:1726835526.609658" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:46 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 156215 date Fri, 01 Nov 2024 12:39:46 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:06 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	341979.js Show response js.hs-scripts.com/	2 KB 1 KB	113ms 45ms	Script application/javascript	2606:4700::6810:8dd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/341979.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 875b9937319a84adba36705465fd090280d41f6e884700f162f2fe56a4b974d0 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT x-content-type-options nosniff expires Fri, 01 Nov 2024 12:41:16 GMT date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id 2564364d-db85-4015-aeab-fd4712e27801 content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Fri, 01 Nov 2024 12:38:42 GMT cache-control public, max-age=90 access-control-allow-credentials true cf-ray 8dbbf3127c4e438c-EWR accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 668 server cloudflare
GET H2	200	service-worker.js Show response www.bitdefender.com/content/dam/workers/	132 B 542 B	619ms 618ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/content/dam/workers/service-worker.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4edd782df9a9f91a556f6334dc586c1e867e35bb47697387dd3939dff706e4ff Security Headers Name Value Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers x-vhost bitdefender.com service-worker-allowed / etag W/"0x8DCB15252F8A0FE" content-encoding gzip cf-cache-status MISS x-content-type-options nosniff x-cache MISS date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript last-modified Wed, 31 Jul 2024 11:17:11 GMT x-served-by cache-iad-kiad7000115-IAD content-disposition attachment; filename="service-worker.js"; filename*=UTF-8''service-worker.js x-frame-options SAMEORIGIN strict-transport-security max-age=31557600 vary Accept-Encoding cache-control private, max-age=600, immutable x-timer S1730464786.272263,VS0,VS0,VE582 referrer-policy no-referrer-when-downgrade cf-ray 8dbbf3121b1ac46b-EWR access-control-allow-origin * x-xss-protection 1; mode=block server cloudflare
GET H2	200	55d2a9d.js Show response www.bitdefender.com/nuxt/_nuxt/	5 KB 2 KB	47ms 43ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ba2d9de94704a49594ea54353974b96ab4cdaea5a0208810607c6ead0e631531 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"1411-192d363fb70" age 8164 cf-ray 8dbbf3118a6cc46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	225fd77.js Show response www.bitdefender.com/nuxt/_nuxt/	242 KB 83 KB	42ms 39ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/225fd77.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1ca014a90c27521e501919e22376c6fa1c4ab07ac65ee6af1ff136b0f324e76d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"3c9ee-192e30a9ea8" age 8164 cf-ray 8dbbf3118a6ec46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript; charset=UTF-8 last-modified Thu, 31 Oct 2024 14:46:17 GMT vary Accept-Encoding server cloudflare
GET H2	200	aa81d71.js Show response www.bitdefender.com/nuxt/_nuxt/	12 KB 4 KB	46ms 43ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/aa81d71.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9853ed7c1a8f9217de1e500ca819e18cb0f25fc313b874a32c82901515cf0923 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"30b7-192d363fb70" age 8164 cf-ray 8dbbf3118a70c46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	4386cc7.css www.bitdefender.com/nuxt/_nuxt/css/	64 KB 12 KB	54ms 51ms	Stylesheet text/css	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/css/4386cc7.css Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff4f6648acadc44920e61b0f23a8b965f54d4ad9f87977e8113f5531c8f1e1b9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"1007d-192e30abde8" age 8164 cf-ray 8dbbf3118a63c46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type text/css; charset=UTF-8 last-modified Thu, 31 Oct 2024 14:46:25 GMT vary Accept-Encoding server cloudflare
GET H2	200	132816f.js Show response www.bitdefender.com/nuxt/_nuxt/	103 KB 29 KB	44ms 42ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/132816f.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86302a35aca59f3ef924580f6d1b8b98854a6e2edf701eb70b7a454865b2c020 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"19b89-192d812a2e8" age 8164 cf-ray 8dbbf3118a72c46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript; charset=UTF-8 last-modified Tue, 29 Oct 2024 11:39:13 GMT vary Accept-Encoding server cloudflare
GET H2	200	a948464.css www.bitdefender.com/nuxt/_nuxt/css/	1 KB 582 B	48ms 46ms	Stylesheet text/css	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/css/a948464.css Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 831b25d2cf0066937657444e6d8366c0e51af9ac0989def0613358d48bd45b88 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"432-1924738b640" age 8164 cf-bgj minify cf-ray 8dbbf3118a67c46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type text/css; charset=UTF-8 last-modified Tue, 01 Oct 2024 08:35:52 GMT vary Accept-Encoding server cloudflare
GET H2	200	49be12a.js Show response www.bitdefender.com/nuxt/_nuxt/	51 KB 14 KB	60ms 58ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/49be12a.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 43aee67c392b46da2e0de49eec7e78255bcbd0d339f05f6eec10f26c64ecc4f3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"cd54-192d363fb70" age 8164 cf-ray 8dbbf3118a76c46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	6e55ef7.css www.bitdefender.com/nuxt/_nuxt/css/	114 B 176 B	58ms 56ms	Stylesheet text/css	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/css/6e55ef7.css Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6692354a1d9a4d531832e922f7e86a9e80f24562572c9dc7614a71fe5145b266 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"72-1924738b640" age 8164 cf-bgj minify cf-ray 8dbbf3118a6ac46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type text/css; charset=UTF-8 last-modified Tue, 01 Oct 2024 08:35:52 GMT vary Accept-Encoding server cloudflare
GET H2	200	14e1019.js Show response www.bitdefender.com/nuxt/_nuxt/	768 B 553 B	49ms 47ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/14e1019.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3bfe30d98e1e3510f76a8f380da5af288cd6313ff2977844bf345c7f3afcefda Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"300-192d363fb70" age 8164 cf-ray 8dbbf3118a77c46b-EWR date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	/ Show response www.bitdefender.com/site/Main/TagIT/newsessioninit/	33 B 683 B	524ms 523ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/site/Main/TagIT/newsessioninit/?callback=&l=en&ch=1730464787 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubdomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=63072000; includeSubdomains; preload cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip cf-cache-status DYNAMIC pragma no-cache cf-ray 8dbbf3121b1bc46b-EWR expires Thu, 19 Nov 1981 08:52:00 GMT p3p CP="NOI ADM DEV COM NAV OUR STP" date Fri, 01 Nov 2024 12:39:46 GMT content-type application/javascript server cloudflare
GET H2	200	bc-v4.min.html consentcdn.cookiebot.com/sdk/ Frame CFE9	0 0	55ms 14ms	Document text/html	2600:1408:7:1b9::f09 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://consentcdn.cookiebot.com/sdk/bc-v4.min.html Requested by Host: consent.cookiebot.com URL: https://consent.cookiebot.com/uc.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:7:1b9::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control max-age=30041486 content-encoding gzip content-length 392 content-type text/html cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Fri, 01 Nov 2024 12:39:46 GMT etag "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163" expires Wed, 15 Oct 2025 05:31:12 GMT last-modified Mon, 04 Apr 2022 07:23:49 GMT server AkamaiNetStorage server-timing cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1730464786462_3088847343_249866182_21_765_14_19_255";dur=1 vary Accept-Encoding x-akamai-transformed 9 - 0 pmb=mRUM,1
GET H2	200	cc.js Show response consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/	375 B 601 B	193ms 191ms	Script application/x-javascript	2600:1408:c400:16::17d4:f812 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/cc.js?renew=false&referer=www.bitdefender.com&dnt=false&init=false&culture=en_US Requested by Host: consent.cookiebot.com URL: https://consent.cookiebot.com/uc.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:16::17d4:f812 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 018f9e1aaada6e0c449d70167f3609fd5e8d028715e9ddf56cd5e6886d5ab140 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control private, max-age=60 access-control-expose-headers Request-Context content-encoding gzip cross-origin-resource-policy cross-origin request-context appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef content-length 364 date Fri, 01 Nov 2024 12:39:46 GMT content-type application/x-javascript; charset=utf-8 vary Accept-Encoding
GET H2	200	rd Show response dpm.demdex.net/id/ Redirect Chain https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730464786526 https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730464786526	965 B 1 KB	21ms 21ms	XHR application/json	3.219.211.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730464786526 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Server 3.219.211.183 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-219-211-183.compute-1.amazonaws.com Software / Resource Hash c42549c85764d7f4aa46375b7901c09da4676804d4f009dea24fda25a4c164c3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private dcs dcs-prod-va6-1-v066-0cc06d14c.edge-va6.demdex.com 5 ms content-encoding gzip pragma no-cache access-control-allow-credentials true x-tid ljAjl8Q8Tv8= expires Thu, 01 Jan 1970 00:00:00 UTC access-control-allow-origin https://www.bitdefender.com content-length 551 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" date Fri, 01 Nov 2024 12:39:46 GMT content-type application/json;charset=utf-8 vary Origin Redirect headers strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private location https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730464786526 dcs dcs-prod-va6-1-v066-03ddcf771.edge-va6.demdex.com 0 ms pragma no-cache access-control-allow-credentials true x-tid 9B4T4D5OTzs= expires Thu, 01 Jan 1970 00:00:00 UTC access-control-allow-origin https://www.bitdefender.com content-length 0 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" date Fri, 01 Nov 2024 12:39:46 GMT vary Origin
GET H2	200	AppMeasurement.min.js Show response assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/	35 KB 13 KB	14ms 13ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache timing-allow-origin * content-encoding gzip etag "d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:46 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 13012 date Fri, 01 Nov 2024 12:39:46 GMT content-type application/x-javascript last-modified Thu, 01 Aug 2024 06:26:11 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	AppMeasurement_Module_ActivityMap.min.js Show response assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/	3 KB 2 KB	15ms 15ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache timing-allow-origin * content-encoding gzip etag "bb4b6453e3ab80111a2b227318d22efb:1722493571.614634" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:46 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 1597 date Fri, 01 Nov 2024 12:39:46 GMT content-type application/x-javascript last-modified Thu, 01 Aug 2024 06:26:11 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	loader.js Show response app.usercentrics.eu/browser-ui/latest/	33 KB 9 KB	38ms 10ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/latest/loader.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 0405d39301cc6b0dc7a7e672665971ec14e22b722cbdd3bd9f07b1975035617c Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 2 access-control-expose-headers Content-Type, Content-Length, Transfer-Encoding content-encoding gzip x-goog-hash crc32c=MrqANQ==, md5=cH9YE24IwbqcHG8aS41/8Q== etag "707f58136e08c1ba9c1c6f1a4b8d7ff1" age 3425 x-goog-stored-content-encoding gzip expires Fri, 01 Nov 2024 12:42:41 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 8553 date Fri, 01 Nov 2024 11:42:41 GMT last-modified Mon, 28 Oct 2024 13:37:56 GMT content-type text/javascript x-guploader-uploadid AHmUCY1BjJeYBmntfVZW4XQJJuRW25tnOcZ2TqdZVEyMMUXP8gKjDUmQhBN9MQFPiWW38NnOXbk strict-transport-security max-age=7776000 cache-control public, max-age=3600, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122676532971 content-length 8553 server UploadServer
POST H2	200	ip.json Show response api.company-target.com/api/v3/	491 B 1 KB	187ms 134ms	XHR application/json	13.249.39.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v3/ip.json?&page=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&referrer=&page_title=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.249.39.123 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-249-39-123.iad89.r.cloudfront.net Software nginx / Resource Hash 4d9cffcc2365a3bd401c73a2d2e5f769c1730cdeb289dab56fe185ecd6279ec3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitdefender.com/ Response headers access-control-max-age 7200 access-control-expose-headers x-amz-cf-id content-encoding gzip identification-source CENTRAL access-control-allow-methods GET, POST, OPTIONS request-id e9922e71-2189-45a4-aa52-c36dfba0e57c expires Thu, 31 Oct 2024 12:39:46 GMT x-cache Miss from cloudfront x-amz-cf-id B5L7fcF7iZ2KW8byva4o83ssXdX6-Or4PuEBpGoYLueqTGLn92BU_A== date Fri, 01 Nov 2024 12:39:46 GMT content-type application/json;charset=utf-8 vary Accept-Encoding, Origin access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache api-version v3 access-control-allow-credentials true via 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront) access-control-allow-origin https://www.bitdefender.com x-amz-cf-pop IAD89-C1 server nginx
GET H2	200	conversations-embed.js Show response js.usemessages.com/	93 KB 26 KB	57ms 20ms	Script application/javascript	2606:4700::6810:4b8e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/341979.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:4b8e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 067c9537ec36da4afb93e9fec9bc7e656959b6623e9491f0092200db06657f1c Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-evy-trace-virtual-host all x-request-id 358b6959-e973-4421-a2f9-60d9fd1b8683 content-encoding gzip cf-cache-status HIT etag W/"437fb84b40fd41c605a366d14a984219" x-amz-version-id GnpHiVDEdERXJOUylwbQwpaNqjGhipG0 cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod age 93 x-content-type-options nosniff x-cache Hit from cloudfront x-hs-cache-status MISS x-amz-cf-id y2_eTyT5irqxeK2ObjiIoogo3yyty0o-p_qnktfmJfXQOC2AnFOE2w== date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id 358b6959-e973-4421-a2f9-60d9fd1b8683 content-type application/javascript; charset=utf-8 last-modified Thu, 31 Oct 2024 16:46:07 UTC vary accept-encoding x-evy-trace-listener listener_https x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-86c46c9777-m5b5b x-envoy-upstream-service-time 6 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.18525/bundles/project.js&cfRay=8db52d6bfd4c13c5-IAD via 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront) cf-ray 8dbbf314898643c2-EWR x-evy-trace-route-configuration listener_https/all x-hs-target-asset conversations-embed/static-1.18525/bundles/project.js x-amz-cf-pop IAD12-P3 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	341979.js Show response js.hs-banner.com/	70 KB 21 KB	72ms 42ms	Script text/javascript	2606:4700:4400::6812:28f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/341979.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/341979.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e762dea4a25bf3b8c1fdae8951feaa2a41c8962e3a3145996efcfb78d79333cc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-evy-trace-virtual-host all access-control-max-age 604800 x-request-id 7dfb8374-81a2-4c04-8d81-dcccbb8642ef access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing content-encoding gzip cf-cache-status HIT etag W/"28538b58da5874462a53c5457bef88e7" x-amz-version-id 9nLDsADg80vL15QrNMBBb9toGslqVvQF access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD expires Fri, 01 Nov 2024 12:40:18 GMT x-evy-trace-listener listener_https date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id 7dfb8374-81a2-4c04-8d81-dcccbb8642ef content-type text/javascript; charset=UTF-8 last-modified Thu, 12 Sep 2024 08:44:46 GMT vary origin, Accept-Encoding x-amz-id-2 OZ9DjK3n3Xwbxi283xdLfWflcvtQ/HuOrGy5KkuZCQTKX4cdapmOyuCkDlBRUbW1ru74Grney9g= access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public timing-allow-origin * x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-qc5bs x-envoy-upstream-service-time 24 access-control-allow-credentials true x-amz-request-id FF0D58F2RB87GM59 cf-ray 8dbbf3147f6a42dd-EWR access-control-allow-origin https://www.bitdefender.com x-evy-trace-route-configuration listener_https/all server cloudflare x-amz-server-side-encryption AES256
GET H2	200	341979.js Show response js.hs-analytics.net/analytics/1730464500000/	70 KB 25 KB	52ms 23ms	Script text/javascript	2606:4700::6810:a0a8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1730464500000/341979.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/341979.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash be896bdbc5445ec366a8d0d81d4a553e900d73898461be6b79a7c0ac2236ef30 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-amz-server-side-encryption AES256 x-request-id 98e4f557-e8be-4aa9-98da-f15311a7e57b content-encoding gzip cf-cache-status HIT etag W/"467933c77feb86162ba87357e2229dc8" x-amz-version-id null age 240 expires Fri, 01 Nov 2024 12:40:18 GMT x-evy-trace-listener listener_https date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id 98e4f557-e8be-4aa9-98da-f15311a7e57b content-type text/javascript last-modified Tue, 22 Oct 2024 20:38:20 GMT vary origin, Accept-Encoding x-amz-id-2 jGb1d9tLiLSnWFqWuAXl5XN4DrzYiFatvTi4bCp9fM1gKlj2iVMpnwgJGbt8EaUJn7NJzfMlick= x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-wjj6w x-envoy-upstream-service-time 61 access-control-allow-credentials false x-amz-request-id 0JX9DE4D4V1KYEV0 cf-ray 8dbbf3147fb71a3c-EWR x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	83 KB 25 KB	85ms 49ms	Script application/javascript	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/341979.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://www.bitdefender.com/ Response headers x-request-id 7f1dc1c4-7f22-4354-aa31-aca8cf57e71b content-encoding gzip cf-cache-status HIT etag W/"83516cb36bba59046b931d3496c56b0c" x-amz-version-id ZQMS1VbFbWDZoJKZTG5NvZHBA.3vkImQ cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1Z8%2Fexkz%2BUA2DlwQ%2FDPGZJ3RIirezmp%2B%2FKg2LDemZqIOmXzEgTUQTQm9aPbTxtd%2Foc6j43oTVmupGOYfZ5k1ZnYkie89c%2BMiCxMS%2B800mNY5bgXWElUtO7SlqLjvaMtJJlMhq560K30maHS"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-cache Miss from cloudfront x-evy-trace-listener listener_https x-amz-cf-id FGyAxZtZuA3baw6S1Vem-2JkHj2255nrnyPmY_g0YlgqJfUqARuPoA== x-hubspot-correlation-id 7f1dc1c4-7f22-4354-aa31-aca8cf57e71b content-type application/javascript; charset=utf-8 last-modified Tue, 22 Oct 2024 19:28:29 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-7df4f6b649-vj75g x-envoy-upstream-service-time 40 x-hs-target-asset web-interactives-embed/static-2.1607/bundles/project.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET x-hs-cache-status MISS date Fri, 01 Nov 2024 12:39:46 GMT vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method strict-transport-security max-age=31536000; includeSubDomains; preload nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1607/bundles/project.js&cfRay=8d6bf32d3a31b3e6-ATL via 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront) cf-ray 8dbbf3148c2c42a9-EWR access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	leadflows.js Show response js.hsleadflows.net/	550 KB 92 KB	50ms 21ms	Script application/javascript	2606:4700::6812:8d11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/341979.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://www.bitdefender.com/ Response headers x-request-id 47be6750-239f-43ab-9937-c945f64f4677 content-encoding gzip cf-cache-status HIT etag W/"ce26171eff05376a1b746efbb809f7f6" x-amz-version-id 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod age 16421 x-content-type-options nosniff x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id cXs4aeZNOwOPsBZUorxiVXvTD5kqk50ilfbd9GtnwCd-6cjKt9P6vg== x-hubspot-correlation-id 47be6750-239f-43ab-9937-c945f64f4677 content-type application/javascript; charset=utf-8 last-modified Wed, 09 Oct 2024 10:17:06 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=86400, max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-7df4f6b649-krlhh x-envoy-upstream-service-time 13 x-hs-target-asset lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET x-hs-cache-status MISS date Fri, 01 Nov 2024 12:39:46 GMT vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8d68f4eb7dea4286-IAD via 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront) cf-ray 8dbbf3147d1541ac-EWR access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	dest5.html bitdefender.demdex.net/ Frame 1CD7	0 0	67ms 14ms	Document text/html	52.20.18.175 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://bitdefender.demdex.net/dest5.html?d_nsid=0 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.20.18.175 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-20-18-175.compute-1.amazonaws.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private content-encoding gzip content-type text/html;charset=UTF-8 date Fri, 01 Nov 2024 12:39:46 GMT dcs dcs-prod-va6-1-v066-08cb32604.edge-va6.demdex.com 0 ms expires Thu, 01 Jan 1970 00:00:00 UTC last-modified Wed, 16 Oct 2024 08:53:04 GMT p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" pragma no-cache strict-transport-security max-age=31536000; includeSubDomains vary accept-encoding x-tid hA8f9eLSQlU=
GET H2	200	id Show response sstats.bitdefender.com/	48 B 465 B	141ms 26ms	XHR application/x-javascript	63.140.38.112 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://sstats.bitdefender.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&mid=30574887377667846902907207561215757371&ts=1730464786633 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.38.112 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ip-63-140-38-112.data.adobedc.net Software jag / Resource Hash 6e53af8817df7e3a271696c31c88fcb619f7f6bfafeb9092c791f6b9fd0c7da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true x-content-type-options nosniff access-control-allow-origin https://www.bitdefender.com p3p CP="This is not a P3P policy" content-length 48 date Fri, 01 Nov 2024 12:39:46 GMT x-xss-protection 1; mode=block content-type application/x-javascript;charset=utf-8 vary Origin server jag
GET H2	200	ibs:dpid=411&dpuuid=ZyTMEgAAAF3qXQNw dpm.demdex.net/ Redirect Chain https://cm.everesttech.net/cm/dd?d_uuid=30554130963329383572905131910663552764 https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyTMEgAAAF3qXQNw	42 B 716 B	22ms 20ms	Image image/gif	3.219.211.183 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyTMEgAAAF3qXQNw Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Server 3.219.211.183 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-219-211-183.compute-1.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private dcs dcs-prod-va6-1-v066-0c2a497c0.edge-va6.demdex.com 5 ms content-encoding gzip pragma no-cache x-content-type-options nosniff x-tid exgwvPxjTEo= expires Thu, 01 Jan 1970 00:00:00 UTC content-length 59 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" date Fri, 01 Nov 2024 12:39:46 GMT content-type image/gif Redirect headers Cache-Control no-cache Location https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyTMEgAAAF3qXQNw P3P CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM" Content-Length 0 Date Fri, 01 Nov 2024 12:39:46 GMT Connection keep-alive Server AMO-cookiemap/1.1
POST H2	200	delivery Show response starget.bitdefender.com/rest/v1/	354 B 838 B	118ms 29ms	XHR application/json	63.140.38.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=dda11ec4c492446e8869a8fe1be82d39&version=2.11.4 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.38.183 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ip-63-140-38-183.data.adobedc.net Software jag / Resource Hash 6c58ebbfe28462a36d16f456df0c3693ede89b5e5513dc5919f29b3749222639 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-request-id d761cc06-0e0a-43d7-90a4-c7eb84dc9f82 cache-control no-cache, no-store, max-age=0, no-transform, private timing-allow-origin * content-encoding gzip accept-ch Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List access-control-allow-credentials true referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff access-control-allow-origin https://www.bitdefender.com date Fri, 01 Nov 2024 12:39:46 GMT x-xss-protection 1; mode=block content-type application/json;charset=UTF-8 vary origin,access-control-request-method,access-control-request-headers,accept-encoding server jag
GET H3	200	index.module.js Show response app.usercentrics.eu/browser-ui/3.56.0/	440 KB 118 KB	22ms 10ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/latest/loader.js Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 0bec4f5deafe105f91bd435fd9cb91a0e245618930ed100e0cf778485209dc98 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=Mmy7bw==, md5=u9tmgDDO27OQRq9/jJjb5g== etag "bbdb668030cedbb39046af7f8c98dbe6" age 341940 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:40:46 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 120984 date Mon, 28 Oct 2024 13:40:46 GMT last-modified Mon, 28 Oct 2024 13:37:33 GMT content-type text/javascript x-guploader-uploadid AHmUCY3tbbAVYwaP7LZ1RalHMjSmjCwIJAF1j_98rD1o1eCPC0vSmxGOjyQN7M6bDohoKaRYifE strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122653023058 content-length 120984 server UploadServer
GET H2	200	9890752fc19726fc8a394d54a189ae9f.js Show response euob.ofgreencolumn.com/sxp/i/	108 KB 40 KB	130ms 18ms	Script text/javascript	2600:9000:2479:9000:d:199b:f700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2479:9000:d:199b:f700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Caddy / Resource Hash 93d68e599c87c51e08c8b7813470cd1951e2d40e903f7871bf29735c77715f02 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=43200 content-encoding gzip etag "1af92-tq2XhA+G/ajGOl3TCLvUvTmFw+U" age 21918 via 1.1 185e69fae2e25450e587a1fae1f63962.cloudfront.net (CloudFront) expires Fri, 01 Nov 2024 18:34:28 GMT x-cache Hit from cloudfront content-length 40396 x-amz-cf-id HB5SUm03OgBFOETShcjqYugMLuW_zPQhTJ2oD4qszw05JoV7qAn-_A== date Fri, 01 Nov 2024 06:34:35 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding server Caddy x-amz-cf-pop IAD61-P3
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	92ms 75ms	Preflight text/plain	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=341979&conversations-embed=static-1.18525&mobile=false&messagesUtk=958f333b8007408a9521087c24cd8bf3&traceId=958f333b8007408a9521087c24cd8bf3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://www.bitdefender.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.bitdefender.com allow HEAD,GET,OPTIONS cf-cache-status DYNAMIC cf-ray 8dbbf314ec9f42a9-EWR content-length 18 content-type text/plain; charset=utf-8 date Fri, 01 Nov 2024 12:39:46 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2B9NqNOS8XG7Inu7DDvW8L728sAFIpu0KBcU6rSDH%2BnK9iSbz1cprpsBcoXMx57dpDlaLR2hvB%2FG5GQPF1WSXupRMyghS0q%2BZb%2BikI2ze4%2BrYjvy4BLoSs%2B0OcgcEFK%2BMkqlPgt1r7ne27XoJg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-content-type-options nosniff x-hubspot-correlation-id 4b81936f-f265-45de-a103-511084e21fad
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	399 B 1 KB	80ms 78ms	XHR application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=341979&conversations-embed=static-1.18525&mobile=false&messagesUtk=958f333b8007408a9521087c24cd8bf3&traceId=958f333b8007408a9521087c24cd8bf3 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b37c5d6586ad70d770ed5acf7caa2372637af52fce2db6380e6146d7660add7a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 X-HubSpot-Messages-Uri https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Referer https://www.bitdefender.com/ Response headers content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbWOEZKqD70PT7%2FJWRLEQPJJZ05RAfCwf0925hfKIt%2BeJ1SX7kxtYQZlV70eYMsQNhz3lRy5UqcCwldKOOdP7Mj7MLLDLWokBMyeDDnbre2wtpnJv9Ihg9qRUYv5R%2BDbma8958QMf7kOvVKT7Q%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id ebc44a38-a591-4aca-ba98-e715b709e474 content-type application/json;charset=utf-8 vary origin, Accept-Encoding access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} access-control-allow-credentials false cf-ray 8dbbf3156d1e42a9-EWR access-control-allow-origin https://www.bitdefender.com content-length 289 server cloudflare
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	132 B 1 KB	47ms 46ms	Fetch application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=341979&currentUrl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2a9169e087b81ab0309db3e903459162c62102cafd1a24b6ee0ac25cdb048f59 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-robots-tag noindex, follow access-control-max-age 180 x-request-id 0d5bdc7f-bed2-4239-a787-39f0d9a23168 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lqGEHBqpPzwuLRUJdEn5bhj5K%2FFuu2HgdJAI3oCtGpS%2ByLKrwZcVw3rZtRsdJKpwsIe2lWGMwRMNZp%2B0Q7FmPHQJoLtV6l2cHuvN8096ks2ugVrPiPKcOq9mngcrHRcaYrma4uDH5BPeeU%2FmRcWBAbbm%2BJVouh%2Fbrf8%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff access-control-allow-methods OPTIONS, GET x-evy-trace-listener listener_https date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id 0d5bdc7f-bed2-4239-a787-39f0d9a23168 content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-mcgrx x-envoy-upstream-service-time 11 access-control-allow-credentials true cf-ray 8dbbf3150cc042a9-EWR access-control-allow-origin https://www.bitdefender.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	SD1TKlYyWO4GcB.json Show response api.usercentrics.eu/ruleSet/	552 B 880 B	12ms 11ms	Fetch application/json	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/ruleSet/SD1TKlYyWO4GcB.json Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash a1aa30b8c2998ad91b6d0cd88fa7fa3a4c2a3e79df019cbc504e380f0aef6c47 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=OfYgNQ==, md5=pEu3r9j/CLIr70/GZQNh5w== etag "a44bb7afd8ff08b22bef4fc6650361e7" age 731 x-goog-stored-content-encoding gzip expires Fri, 01 Nov 2024 12:57:35 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 349 x-client-geo-location US,USNY date Fri, 01 Nov 2024 12:27:35 GMT last-modified Wed, 03 Jul 2024 09:20:03 GMT content-type application/json vary Accept-Encoding x-guploader-uploadid AHmUCY2ML7qIB8cZ2Rx8bfHi06WGMhKEPzNzHG3puBuVZhVw8ys3PIyPEi7FkxkRjVvMFuUl_t4 strict-transport-security max-age=7776000 cache-control public, max-age=1800, s-maxage=1800 x-goog-storage-class MULTI_REGIONAL accept-ranges bytes access-control-allow-origin * x-goog-generation 1719998403375993 content-length 349 server UploadServer
OPTIONS H2	200	SD1TKlYyWO4GcB.json api.usercentrics.eu/ruleSet/ Frame	0 0	146ms 111ms	Preflight text/html	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/ruleSet/SD1TKlYyWO4GcB.json Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://www.bitdefender.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,POST,DELETE access-control-allow-origin * access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Fri, 01 Nov 2024 12:39:46 GMT expires Fri, 01 Nov 2024 12:39:46 GMT server UploadServer strict-transport-security max-age=7776000 x-client-geo-location US,USNY x-guploader-uploadid AHmUCY2zXiESaN-l_qdqFbjmmbkxYZAzYBkx6v8-e_-B0ZT11bldTlx0an8XkAjgIC54yUlANbc
GET H2	200	/ Show response www.bitdefender.com/site/Main/TagIT/getparams/	53 B 219 B	481ms 481ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/site/Main/TagIT/getparams/?callback=TagIT_getParams_callback&callback2=&l=en&ch=1730464789 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubdomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=63072000; includeSubdomains; preload cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip cf-cache-status DYNAMIC pragma no-cache cf-ray 8dbbf3159fadc46b-EWR expires Thu, 19 Nov 1981 08:52:00 GMT p3p CP="NOI ADM DEV COM NAV OUR STP" date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript server cloudflare
GET H3	200	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 930 B	77ms 53ms	Image image/gif	2606:4700::6813:afbc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-robots-tag none x-request-id f69d5892-5ab8-41c6-946b-5d4e2196f868 access-control-expose-headers X-Origin-Hublet cf-cache-status MISS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-evy-trace-listener listener_https date Fri, 01 Nov 2024 12:39:46 GMT x-hubspot-correlation-id f69d5892-5ab8-41c6-946b-5d4e2196f868 content-type image/gif vary origin, Accept-Encoding last-modified Fri, 01 Nov 2024 12:39:46 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-xsn6j x-envoy-upstream-service-time 2 access-control-allow-credentials false cf-ray 8dbbf315bcf90f7d-EWR accept-ranges bytes x-evy-trace-route-configuration listener_https/all content-length 35 server cloudflare x-evy-trace-virtual-host all
GET H2	200	6b03944.js Show response www.bitdefender.com/nuxt/_nuxt/	16 KB 6 KB	32ms 32ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/6b03944.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d16cba05ac4b3b16e9769d2790f8097b6f1add7f41b70b1a0ad28e84a539ae6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"3e09-192d363fb70" age 8165 cf-ray 8dbbf316d911c46b-EWR date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	d62fdbf.js Show response www.bitdefender.com/nuxt/_nuxt/	37 KB 11 KB	37ms 37ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/d62fdbf.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c0ed4180c2d314541423c050801191f1b66bbb0674f4442244cdccea255281b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"924f-192d363fb70" age 8165 cf-ray 8dbbf316d914c46b-EWR date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	ct Show response obseu.ofgreencolumn.com/	4 KB 1 KB	361ms 131ms	Script text/javascript	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/ct?id=71147&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1730464787041&hl=2&op=0&ag=4155436659&rand=2475062219292755591108151682628003690046011579740971288207716318266051000871219098220&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDkxMzhdLFsiYWJuY2giLDMyXSxbLTEwLCItIl0sWy0yOSwiLSJdLFstMzUsIlsxNzMwNDY0Nzg2ODYxLDEwXSJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUxLCItIl0sWy01NSwiMiJdLFstNjQsIlswLFwiXCIsW11dIl0sWy0xLCItIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy01LCItIl0sWy0xMywiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI0LCJbXSJdLFstMjgsImVuLVVTLGVuIl0sWy0zMywiLSJdLFstNTgsIi0iXSxbLTYzLCItIl0sWy00LCI8aHRtbCBkYXRhLW4taGVhZC1zc3I9XCJcIiBsYW5nPVwiZW4tdXNcIiBkYXRhLW4taGVhZD1cIiU3QiUyMmxhbmclMjI6JTdCJTIyc3NyJTIyOiUyMmVuLXVzJTIyJTdEJTdEXCI%2BPGhlYWQgY2xhc3M9XCJhdC1lbGVtZW50LW1hcmtlclwiPjxtZXRhIGRhdGEtbi1oZWFkPVwic3NyXCIgY2hhcnNldD1cInV0Zi04XCI%2BPG1ldGEgZGF0YS1uLWhlYWQ9XCJzc3JcIiBuYW1lPVwidmlld3BvcnRcIiBjb250ZW50PVwid2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTFcIj48bWV0YSBkYXRhLW4taGVhZD1cInNzclwiIGRhdGEtaGlkPVwiZGVzY3JpcHRpb25cIiBuYW1lPVwiZGVzY3JpcHRpb25cIiBjb250ZW50PVwiSW4gYSB3b3JsZCByYW4gYnkgYWR2ZXJ0aXNpbmcsIGJ1c2luZXNzZXMgYW5kIG9yZ2FuaXphdGlvbnMgYXJlIG5vdCB0aGUgb25seSBvbmVzIHVzaW5nIHRoaXMgcG93ZXJmdWwgdG9vbC5cIj48bWV0YSBkYXRhLW4taGVhZD1cInNzclwiIGRhdGEtaGlkPVwib2c6dGl0bGVcIiBwcm9wZXJ0eT1cIm9nOnRpdGxlXCIgY29udGVudD1cIlVubWFza2luZyB0aGUgU1lTMDEgSW5mb3N0ZWFsZXIgVGhyZWF0OiBCaXRkZWZlbmRlciBMYWJzIFRyYWNrcyBHbG9iYWwgTWFsdmVydGlzaW5nIENhbXBhaWduIFRhcmdldGluZyBNZXRhIEJ1c2luZXNzIFBhZ2VzXCI%2BPG1ldGEgZGF0YS1uLWhlYWQ9XCJzc3JcIiBkYXRhLWhpZD1cIm9nOmRlc2NyaXB0aW9uXCIgcHJvcGVydHk9XCJvZzpkZXNjcmlwdGlvblwiIGNvbnRlbnQ9XCJJbiBhIHdvcmxkIHJhbiBieSBhZHZlcnRpc2luZywgYnVzaW5lc3NlcyBhbmQgb3JnYW5pemF0aW9ucyBhcmUgbm90IHRoZSBvbmx5IG9uZXMgdXNpbmcgdGhpcyBwb3dlcmZ1bCB0b29sLlwiPjxtZXRhIGRhdGEtbi1oZWFkPVwic3NyXCIgZGF0YS1oaWQ9XCJvZzp1cmxcIiBwcm9wZXJ0eT1cIm9nOnVybFwiIGNvbnRlbnQ9XCJodHRwczovL3d3dy5iaXRkZWZlbmRlci5jb20vZW4tdXMvYmxvZy9sYWJzL3VubWFza2luZy10aGUtc3lzMDEtaW5mb3N0ZWFsZXItdGhyZWF0LWJpdGRlZmVuZGVyLWxhYnMtdHJhY2tzLWdsb2JhbC1tYWx2ZXJ0aXNpbmctY2FtcGFpZ24tdGFyZ2V0aW5nLW1ldGEtYnVzaW5lc3MtcGFnZXMvXCI%2BPG1ldGEgZGF0YS1uLWhlYWQ9XCJzc3JcIiBkYXRhLWhpZD1cIm9nOmltYWdlXCIgcHJvcGVydHk9XCJvZzppbWFnZVwiIGNvbnRlbnQ9XCJodHRwczovL2Jsb2dhcHAuYml0ZGVmZW5kZXIuY29tL2xhYnMvY29udGVudC9pbWFnZXMvMjAyNC8xMC9Vbm1hc2tpbmctdGhlLVNZUzAxLUluZm9zdGVhbGVyLVRocmVhdC1CaXRkZWZlbmRlci1MYWJzLVRyYWNrcy1HbG9iYWwtTWFsdmVydGlzaW5nLUNhbXBhaWduLVRhcmdldGluZy1NZXRhLUJ1c2luZXNzLVBhZ2VzLmpwZWdcIj48bWV0YSBkYXRhLW4taGVhZD1cInNzclwiIGRhdGEtaGlkPVwib2c6dHlwZVwiIHByb3BlcnR5PVwib2c6dHlwZVwiIGNvbnRlbnQ9XCJ3ZWJzaXRlXCI%2BPG1ldGEgZGF0YS1uLWhlYWQ9XCJzc3JcIiBkYXRhLWhpZD1cIm9nOnNpdGVfbmFtZVwiIHByb3BlcnR5PVwib2c6c2l0ZV9uYW1lXCIgY29udGVudD1cIkJpdGRlZmVuZGVyIExhYnNcIj48bWV0YSBkYXRhLW4taGVhZD1cInNzclwiIGRhdGEtaGlkPVwidHdpdHRlcjp0aXRsZVwiIHByb3BlcnR5PVwidHdpdHRlcjp0aXRsZVwiIGNvbnRlbnQ9XCJVbm1hc2tpbmcgdGhlIFNZUzAxIEluZm9zdGVhbGVyIFRocmVhdDogQml0ZGVmZW5kZXIgTGFicyBUcmFja3MgR2xvYmFsIE1hbHZlcnRpc2luZyBDYW1wYWlnbiBUYXJnZXRpbmcgTWV0YSBCdXNpbmVzcyBQYWdlc1wiPjxtZXRhIGRhdGEtbi1oZWFkPVwic3NyXCIgZGF0YS1oaWQ9XCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCIgcHJvcGVydHk9XCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCIgY29udGVudD1cIkluIGEgd29ybGQgcmFuIGJ5IGFkdmVydGlzaW5nLCBidXNpbmVzc2VzIGFuZCBvcmdhbml6YXRpb25zIGFyZSBub3QgdGhlIG9ubHkgb25lcyB1c2luZyB0aGlzIHBvd2VyZnVsIHRvb2wuXCI%2BPG1ldGEgZGF0YS1uLWhlYWQ9XCJzc3JcIiBkYXRhLWhpZD1cInR3aXR0ZXI6dXJsXCIgcHJvcGVydHk9XCJ0d2l0dGVyOnVybFwiIGNvbnRlbnQ9XCJodHRwczovL3d3dy5iaXRkZWZlbmRlci5jb20vZW4tdXMvYmxvZy9sYWJzL3VubWFza2kiXSxbLTYsIntcIndcIjpbXCIxXCIsXCIyXCIsXCIzXCIsXCI0XCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMTIsIm51bGwiXSxbLTE1LCItIl0sWy0yNSwiLSJdLFstMzIsIjIiXSxbLTQ4LCIwLDAiXSxbLTU3LCJXRTBaVjF4T2NWaFhYVlZjU3hjRldsWlVTVXhOWEYwSEdXSllTaGxZU1VsVlFHUVpFVnhQV0ZVWldFMFpCVmhYVmxkQVZGWk1TZ2NaRVFNT0F3Z01DUW9KQVJBVkdRVllWMVpYUUZSV1RFb0hBd2dCQXdvSkVCVllUUmw0UzB0WVFCZEtYQmtSVVUxTlNVb0RGaFpjVEZaYkYxWmZYa3RjWEZkYVZsVk1WRmNYV2xaVUZrcEJTUlpRRmdBQkFBa09EQXRmV2dnQURnc1BYMW9CV0FvQURWME1EVmdJQVFCWVhBQmZGMU5LQXdnRER3RUlDZ0VRRlZoTkdVc1pFVkZOVFVsS0F4WVdYRXhXV3hkV1gxNUxYRnhYV2xaVlRGUlhGMXBXVkJaS1FVa1dVQllBQVFBSkRnd0xYMW9JQUE0TEQxOWFBVmdLQUExZERBMVlDQUVBV0E9PSJdLFstOSwiKyJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0yMywiKyJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy02NSwiLSJdLFstNzEsImEwMTEwMDEwMTAwMTAwMTAxMDAwMTAxMDAxMTExMTAxMDAwMDEwIl0sWy0yMCwiLSJdLFstNDksIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8R29vZ2xlIEluYy58OHwxNnx8MCJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTE3LCIxNiJdLFstMjYsIntcInRqaHNcIjozMDkwOTk2MCxcInVqaHNcIjoyNTg0NzI0MCxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDUsdHJ1ZSx0cnVlLG51bGwsMCx0cnVlLHRydWVdIl0sWy00NCwiMCwwLDAsNSJdLFstNTAsIi0iXSxbLTUyLCItIl0sWy0yNywiWzUwLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy00MSwiLSJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMzczNzU1OTk4NlwiLFwiMzY0NzU0OTgxNVwiLFwiMTI4NTQ5ODkyMVwiXSxcImRcIjpbXCJfMVwiLFwiMjExNTk3NjQ5NlwiXSxcImJcIjpbXSxcInNcIjoxfSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjksXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbLTY3LCIyNTMyMzEyODg4OjM1Il0sWy03MCwiLSJdLFstMzEsImZhbHNlIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEwIl0sWy00NywiUGFjaWZpYy9Ib25vbHVsdSxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTUzLCIxMDAiXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTE5LCJbMjAwLDIwMCwyMDAsMjAwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjg1LDE2MDAsMTIwMCwwLDAsMCwwLFwiLVwiLFwiLVwiLDE2MDAsMTIwMF0iXSxbLTM0LCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDYsIjAiXSxbLTYxLCJ7XCJ3Z3NsXCI6XCI0O3BhY2tlZF80eDhfaW50ZWdlcl9kb3RfcHJvZHVjdDt1bnJlc3RyaWN0ZWRfcG9pbnRlcl9wYXJhbWV0ZXJzO3BvaW50ZXJfY29tcG9zaXRlX2FjY2VzcztyZWFkb25seV9hbmRfcmVhZHdyaXRlX3N0b3JhZ2VfdGV4dHVyZXM7XCIsXCJwY2ZcIjpcImJncmE4dW5vcm1cIn0iXSxbLTIsIjEzLGVBSFdYMS9mM3F6Q3Zia3V5bVF3Z2xJYUYzcElzZ0lJalNRKzhpS2dxSTBvc0lBaXBGRUVRUklrVWdkRVFRcFVvSlNBdENBcVNIOUd5eTdaV1orZXIvZCtlOTJid3NDU0QvMWUiXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTE2LCIwIl0sWy0yMSwiLSJdLFstMzgsImksLTEsLTEsMSwwLDAsMCw1LDI1LDE4NSwtMSwwLDM0MC41LDM0MC41LDk4MSw5ODEiXSxbLTU5LCJkZWZhdWx0Il0sWy02MiwiODAiXSxbLTY2LCJnZW9sb2NhdGlvbixjaHVhZnVsbHZlcnNpb25saXN0LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsc2NyZWVud2FrZWxvY2sscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxjaHVhYXJjaCxjb21wdXRlcHJlc3N1cmUsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSx1c2IsY2hzYXZlZGF0YSxwdWJsaWNrZXljcmVkZW50aWFsc2NyZWF0ZSxzaGFyZWRzdG9yYWdlLHJ1bmFkYXVjdGlvbixjaHVhZm9ybWZhY3RvcnMsY2hkb3dubGluayxvdHBjcmVkZW50aWFscyxwYXltZW50LGNodWEsY2h1YW1vZGVsLGNoZWN0LGF1dG9wbGF5LGNhbWVyYSxwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGFjY2VsZXJvbWV0ZXIsY2h1YXBsYXRmb3JtdmVyc2lvbixpZGxlZGV0ZWN0aW9uLHByaXZhdGVhZ2dyZWdhdGlvbixpbnRlcmVzdGNvaG9ydCxjaHZpZXdwb3J0aGVpZ2h0LGxvY2FsZm9udHMsY2h1YXBsYXRmb3JtLG1pZGksY2h1YWZ1bGx2ZXJzaW9uLHhyc3BhdGlhbHRyYWNraW5nLGNsaXBib2FyZHJlYWQsZ2FtZXBhZCxkaXNwbGF5Y2FwdHVyZSxrZXlib2FyZG1hcCxqb2luYWRpbnRlcmVzdGdyb3VwLGNod2lkdGgsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixicm93c2luZ3RvcGljcyxlbmNyeXB0ZWRtZWRpYSxneXJvc2NvcGUsc2VyaWFsLGNocnR0LGNodWFtb2JpbGUsd2luZG93bWFuYWdlbWVudCx1bmxvYWQsY2hkcHIsY2hwcmVmZXJzY29sb3JzY2hlbWUsY2h1YXdvdzY0LGF0dHJpYnV0aW9ucmVwb3J0aW5nLGZ1bGxzY3JlZW4saWRlbnRpdHljcmVkZW50aWFsc2dldCxwcml2YXRlc3RhdGV0b2tlbnJlZGVtcHRpb24saGlkLGNodWFiaXRuZXNzLHN0b3JhZ2VhY2Nlc3Msc3luY3hocixjaGRldmljZW1lbW9yeSxjaHZpZXdwb3J0d2lkdGgscGljdHVyZWlucGljdHVyZSxtYWduZXRvbWV0ZXIsY2xpcGJvYXJkd3JpdGUsbWljcm9waG9uZSJdLFstNjgsIi0iXSxbImJuY2giLDIxNl0sWy0xNCwiLSJdLFstMzcsIi0xNDQtNjYtMTgwLSJdLFstNDAsIjMzIl0sWy02MCwxOTNdLFsiZGRiIiwiMCwxMywwLDExLDEsMiwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMSwxLDAsMCwwLDAsMCwxLDIsMTgsMCwzLDAsMSwwLDAsMCwwLDAsMCwwLDEsNSwwLDgsMCwxLDAsMCwwLDAsMzUsMCwwLDIsMSJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwxMSwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDgsMCwxLDAsMCwwLDAsMCwxLDAsMCJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=fNkkr7UiM6&pto=995&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1730464787.lkQNI0Q04PAeWm55&suid=1.1730464787.8EoPLnjJ6HClVsoe&tuid=1.1730464787.XwN7vnARg0ZgZWMa&fbc=-&gtm=W10%3D&it=48%2C600%2C150&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D Requested by Host: euob.ofgreencolumn.com URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 8540d1b09d8e65bf1afa4050a181936b7d227ab3bbc53fa829474f3e95044945 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, no-store, must-revalidate timing-allow-origin https://www.bitdefender.com content-encoding gzip pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT content-length 1242 date Fri, 01 Nov 2024 12:39:47 GMT content-type text/javascript
OPTIONS H3	200	languages.json api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/ Frame	0 0	115ms 115ms	Preflight text/html	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/languages.json Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://www.bitdefender.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,POST,DELETE access-control-allow-origin * access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Fri, 01 Nov 2024 12:39:47 GMT expires Fri, 01 Nov 2024 12:39:47 GMT server UploadServer strict-transport-security max-age=7776000 x-client-geo-location US,USNY x-guploader-uploadid AHmUCY0atJCj2Bzg1fN94tIH_U_y1Gp09JwJ1N02rYqcQF3Twf_TqJqtGVMJvol1S1MfB_rKZKM
GET H3	200	languages.json Show response api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/	152 B 133 B	14ms 13ms	Fetch application/json	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/languages.json Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 0a25589501a065c71010f4b685f20a2a283ba910b374e2ce8148c4fcd623e9a5 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=4sEJow==, md5=aPmXvSP/EY/QrW9PJ19q/w== etag "68f997bd23ff118fd0ad6f4f275f6aff" age 55 x-goog-stored-content-encoding gzip expires Fri, 01 Nov 2024 12:39:52 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 100 x-client-geo-location US,USNY date Fri, 01 Nov 2024 12:38:52 GMT last-modified Thu, 24 Oct 2024 06:56:25 GMT content-type application/json vary Accept-Encoding x-guploader-uploadid AHmUCY33b3V3TQLyybGXoB4OWx2rujSaWZh-kzkefDOk0G9dThnC4pZLQ2aGGjqbrz1mwD5yunB-9_EYdw strict-transport-security max-age=7776000 cache-control public, max-age=1800, s-maxage=60 x-goog-storage-class MULTI_REGIONAL accept-ranges bytes access-control-allow-origin * x-goog-generation 1729752985094928 content-length 100 server UploadServer
GET H2	200	geoip Show response www.bitdefender.com/	64 B 154 B	19ms 19ms	Fetch application/json	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/geoip Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/132816f.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash af07ab700d1ae638d8e5fc0aeeee9d8d50ad9b098b723e649a58dbcdcb81aadf Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers cf-ray 8dbbf31749a5c46b-EWR content-encoding gzip date Fri, 01 Nov 2024 12:39:47 GMT content-type application/json;charset=UTF-8 vary Accept-Encoding server cloudflare
GET H2	200	Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg blogapp.bitdefender.com/labs/content/images/size/w600/2024/10/	17 KB 0	0ms 0ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w600/2024/10/Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 68a3a7168f0b5b42d268263b428ae09c120728fe16953a160a596aa351ed088b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control public, max-age=31536000 cf-bgj h2pri etag W/"4232-192dd82d9a6" age 170708 cf-cache-status HIT cf-ray 8dbbf3121c9542b5-EWR accept-ranges bytes access-control-allow-origin * content-length 16946 date Fri, 01 Nov 2024 12:39:46 GMT content-type image/jpeg last-modified Wed, 30 Oct 2024 12:59:53 GMT x-powered-by Express server cloudflare vary Accept-Encoding
POST H2	204	delivery starget.bitdefender.com/rest/v1/	0 121 B	20ms 19ms	Ping text/plain	63.140.38.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=dda11ec4c492446e8869a8fe1be82d39&version=2.11.4 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.38.183 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ip-63-140-38-183.data.adobedc.net Software jag / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-request-id 7dc308d4-1f31-4c32-860e-e26907567d00 cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff access-control-allow-origin https://www.bitdefender.com date Fri, 01 Nov 2024 12:39:47 GMT x-xss-protection 1; mode=block vary Origin,Access-Control-Request-Method,Access-Control-Request-Headers server jag
POST H2	200	delivery Show response starget.bitdefender.com/rest/v1/	379 B 393 B	25ms 22ms	XHR application/json	63.140.38.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=dda11ec4c492446e8869a8fe1be82d39&version=2.11.4 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.38.183 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ip-63-140-38-183.data.adobedc.net Software jag / Resource Hash 0b3b60acd8f8c0d6cd2b8fdbab90f6072ae581273794b969e2f31f9547bda603 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-request-id 72ee416b-5c86-4b8f-8353-80e92449d90e cache-control no-cache, no-store, max-age=0, no-transform, private timing-allow-origin * content-encoding gzip accept-ch Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List access-control-allow-credentials true referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff access-control-allow-origin https://www.bitdefender.com date Fri, 01 Nov 2024 12:39:47 GMT x-xss-protection 1; mode=block content-type application/json;charset=UTF-8 vary origin,access-control-request-method,access-control-request-headers,accept-encoding server jag
POST H2	200	delivery Show response starget.bitdefender.com/rest/v1/	371 B 391 B	20ms 18ms	XHR application/json	63.140.38.183 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=dda11ec4c492446e8869a8fe1be82d39&version=2.11.4 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.38.183 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ip-63-140-38-183.data.adobedc.net Software jag / Resource Hash 83670b76c962a4c5285b6cac19962e1b0febdcc10a841aa5fbcb9ace0c298322 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-request-id 4e990b96-d1bf-4928-8d60-db80f9609099 cache-control no-cache, no-store, max-age=0, no-transform, private timing-allow-origin * content-encoding gzip accept-ch Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List access-control-allow-credentials true referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff access-control-allow-origin https://www.bitdefender.com date Fri, 01 Nov 2024 12:39:47 GMT x-xss-protection 1; mode=block content-type application/json;charset=UTF-8 vary origin,access-control-request-method,access-control-request-headers,accept-encoding server jag
GET H2	200	BSP_3250.jpg blogapp.bitdefender.com/labs/content/images/2023/10/ Redirect Chain https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/BSP_3250.jpg https://blogapp.bitdefender.com/labs/content/images/2023/10/BSP_3250.jpg	486 KB 487 KB	33ms 32ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/2023/10/BSP_3250.jpg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 3e1159d7ccbbdc0e9eb20a0ce77f97d7e803f52ce0b5b726ca29daaaedcc6931 Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-bgj h2pri etag W/"79910-18af017adad" age 810935 cf-cache-status HIT x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg vary Accept-Encoding last-modified Mon, 02 Oct 2023 11:13:18 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf3184cae42b5-EWR accept-ranges bytes content-length 497936 x-powered-by Express server cloudflare Redirect headers location /labs/content/images/2023/10/BSP_3250.jpg cf-cache-status HIT age 1065 cf-ray 8dbbf317fc2442b5-EWR access-control-allow-origin * content-length 63 date Fri, 01 Nov 2024 12:39:47 GMT content-type text/plain; charset=utf-8 x-powered-by Express vary Accept, Accept-Encoding server cloudflare
GET H2	200	npostolachi.jpg blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/	3 KB 4 KB	50ms 47ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/npostolachi.jpg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 7cf66a17a859f2e0ff0869cb2d75b417fd6691ea8065ba48369ca8a1139b1cc7 Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-bgj h2pri etag W/"d98-18af495b7bf" age 20120258 cf-cache-status HIT x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg vary Accept-Encoding last-modified Tue, 03 Oct 2023 08:09:27 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf317fc2842b5-EWR accept-ranges bytes content-length 3480 x-powered-by Express server cloudflare
GET H2	200	Capture.JPG blogapp.bitdefender.com/labs/content/images/size/w100/2023/12/	2 KB 3 KB	48ms 45ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/12/Capture.JPG Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 798a3fa739c44bedead249c289b12ca68c00952ff4a7a19e68458def7c682398 Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-bgj h2pri etag W/"9f1-18c7d037942" age 3601220 cf-cache-status HIT x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg vary Accept-Encoding last-modified Mon, 18 Dec 2023 13:00:28 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf317fc2a42b5-EWR accept-ranges bytes content-length 2545 x-powered-by Express server cloudflare
GET H2	200	Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg blogapp.bitdefender.com/labs/content/images/size/w1000/2024/10/	34 KB 34 KB	48ms 46ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w1000/2024/10/Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 8e108696de337035c30dce22810814d7ea29fd004d2cb11efc85c43bbacb6104 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control public, max-age=31536000 cf-bgj h2pri etag W/"87ef-192dd82e2c6" age 160625 cf-cache-status HIT cf-ray 8dbbf317fc2c42b5-EWR accept-ranges bytes access-control-allow-origin * content-length 34799 date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg last-modified Wed, 30 Oct 2024 12:59:55 GMT x-powered-by Express server cloudflare vary Accept-Encoding
GET H2	200	minecraft-1106252_1920.jpg blogapp.bitdefender.com/labs/content/images/size/w300/2023/06/	12 KB 12 KB	47ms 44ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/06/minecraft-1106252_1920.jpg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 94c4c63644ae78a9a0ce2307d064e5ece79caee5540a313426ba18886a8917ce Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-bgj h2pri etag W/"30ad-1889bf7b386" age 20108246 cf-cache-status HIT x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg vary Accept-Encoding last-modified Thu, 08 Jun 2023 17:04:41 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf317fc2d42b5-EWR accept-ranges bytes content-length 12461 x-powered-by Express server cloudflare
GET H2	200	old-tv-gab6450206_1920.png blogapp.bitdefender.com/labs/content/images/size/w300/2023/05/	65 KB 66 KB	37ms 35ms	Image image/png	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/05/old-tv-gab6450206_1920.png Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash b8ba912addc89290827f18a10c8a9ba9ba58a42bcb48b527d5b8764fc2817a7e Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-cache-status HIT etag W/"10559-187dcac0112" age 20105027 x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/png vary Accept-Encoding last-modified Tue, 02 May 2023 13:34:32 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf317fc2e42b5-EWR accept-ranges bytes content-length 66905 x-powered-by Express server cloudflare
GET H2	200	eyespy-1.jpg blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/	5 KB 6 KB	49ms 47ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/eyespy-1.jpg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 13dabe6c8ff8332773d4204c6d265bb0eb8d7b2b411d70c18e8ae380bc30791c Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-bgj h2pri etag W/"15f9-185a1638abb" age 20105027 cf-cache-status HIT x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg vary Accept-Encoding last-modified Wed, 11 Jan 2023 15:12:13 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf317fc3142b5-EWR accept-ranges bytes content-length 5625 x-powered-by Express server cloudflare
GET H2	200	decryptors.jpeg blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/	10 KB 10 KB	47ms 46ms	Image image/jpeg	2606:4700::6812:a9de CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/decryptors.jpeg Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 0666b0ecfa117171c374c46aac68a109b4a1be2519e7c330d851c6261cfcc152 Security Headers Name Value Content-Security-Policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cf-bgj h2pri etag W/"2889-185828973a3" age 742578 cf-cache-status HIT x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT content-type image/jpeg vary Accept-Encoding last-modified Thu, 05 Jan 2023 15:25:24 GMT x-frame-options DENY strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests cache-control public, max-age=31536000 cf-ray 8dbbf317fc3442b5-EWR accept-ranges bytes content-length 10377 x-powered-by Express server cloudflare
GET H2	200	js Show response www.googletagmanager.com/gtag/	226 KB 81 KB	54ms 24ms	Script application/javascript	2607:f8b0:4004:c1b::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4baae75c21c842fc0cb1582dfc94e87ba433ea07056e20160d54f8e0669348fd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Fri, 01 Nov 2024 12:39:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Fri, 01 Nov 2024 12:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 82714 x-xss-protection 0 server Google Tag Manager
GET H3	200	en.json Show response api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/	41 KB 9 KB	119ms 118ms	Fetch application/json	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/en.json Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 8c09ece166eebc2ea2a29d84cfad48f6bfbfa89333bfa486e41a19c46789408a Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=uhYvAA==, md5=rNCd0UtNUP3fyfGmpLVVGQ== etag "acd09dd14b4d50fddfc9f1a6a4b55519" age 0 x-goog-stored-content-encoding gzip expires Fri, 01 Nov 2024 12:40:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 8814 x-client-geo-location US,USNY date Fri, 01 Nov 2024 12:39:47 GMT last-modified Thu, 24 Oct 2024 06:56:25 GMT content-type application/json vary Accept-Encoding x-guploader-uploadid AHmUCY0wpWf_31sqGberAj-z_8lbmMW62EfLciv0LgwfMc4tEVFQh-Ml-qq6serHwlYYoDFvh9Y strict-transport-security max-age=7776000 cache-control public, max-age=1800, s-maxage=60 x-goog-storage-class MULTI_REGIONAL accept-ranges bytes access-control-allow-origin * x-goog-generation 1729752985093252 content-length 8814 server UploadServer
OPTIONS H3	200	en.json api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/ Frame	0 0	111ms 110ms	Preflight text/html	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/settings/GKbE5wIoT1zsTY/latest/en.json Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://www.bitdefender.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,POST,DELETE access-control-allow-origin * access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Fri, 01 Nov 2024 12:39:47 GMT expires Fri, 01 Nov 2024 12:39:47 GMT server UploadServer strict-transport-security max-age=7776000 x-client-geo-location US,USNY x-guploader-uploadid AHmUCY12Medgzb1dletalIz08h90XXQXivJL-TiUT2pCkaRbqRgttPkaibQui2OQH0vERptwq_Y
GET H2	200	cf43f35.css www.bitdefender.com/nuxt/_nuxt/css/	279 B 291 B	34ms 31ms	Stylesheet text/css	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/css/cf43f35.css Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3f2069e4f379291c013b2ac6b33c3770c98737524f80ccdfca1ea8586169622e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"117-1924738b640" age 8164 cf-bgj minify cf-ray 8dbbf3184afac46b-EWR date Fri, 01 Nov 2024 12:39:47 GMT content-type text/css; charset=UTF-8 last-modified Tue, 01 Oct 2024 08:35:52 GMT vary Accept-Encoding server cloudflare
GET H2	200	bedcc18.js Show response www.bitdefender.com/nuxt/_nuxt/	53 KB 14 KB	39ms 37ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/bedcc18.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 398bc8ea8cc9d46825ff276c3feed57df8f3eecec462705f2deacb59f1ab7ce2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"d597-192d363fb70" age 8164 cf-ray 8dbbf3184b00c46b-EWR date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 13:49:58 GMT vary Accept-Encoding server cloudflare
GET H2	200	b8b5ed9.css www.bitdefender.com/nuxt/_nuxt/css/	106 B 180 B	35ms 33ms	Stylesheet text/css	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/css/b8b5ed9.css Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a2207e1dfdac97cdf65dce070c145d2f8251b726777b5073bb79308e69e1a68 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"6a-1924738b640" age 8164 cf-bgj minify cf-ray 8dbbf3184afdc46b-EWR date Fri, 01 Nov 2024 12:39:47 GMT content-type text/css; charset=UTF-8 last-modified Tue, 01 Oct 2024 08:35:52 GMT vary Accept-Encoding server cloudflare
GET H2	200	5792574.js Show response www.bitdefender.com/nuxt/_nuxt/	45 KB 12 KB	42ms 40ms	Script application/javascript	2606:4700::6812:1a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bitdefender.com/nuxt/_nuxt/5792574.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 75ded79ed5480f340280281aec92a8cf2b1a6dc33eea51d70a132b43f7c4aced Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=31536000, s-maxage=86400 content-encoding gzip cf-cache-status HIT etag W/"b41b-192d37c03c8" age 8164 cf-ray 8dbbf3184b01c46b-EWR date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 last-modified Mon, 28 Oct 2024 14:16:13 GMT vary Accept-Encoding server cloudflare
GET H2	200	js Show response www.googletagmanager.com/gtag/	408 KB 130 KB	25ms 23ms	Script application/javascript	2607:f8b0:4004:c1b::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 7408d1b8e564f81e06363273efd64630b1ec8ce04871e17489c66f474036657d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Fri, 01 Nov 2024 12:39:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 133213 x-xss-protection 0 server Google Tag Manager
GET H2	200	js Show response www.googletagmanager.com/gtag/	285 KB 98 KB	28ms 27ms	Script application/javascript	2607:f8b0:4004:c1b::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f87f356a70d06ccb5eb12d9021cfb89e984f161a1779f67de80b7b0fc203a0a8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Fri, 01 Nov 2024 12:39:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Fri, 01 Nov 2024 12:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 99940 x-xss-protection 0 server Google Tag Manager
GET H2	200	js Show response www.googletagmanager.com/gtag/	234 KB 83 KB	26ms 26ms	Script application/javascript	2607:f8b0:4004:c1b::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=DC-5165113&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ee631c53c1f0de41aee3b653f201477a40adf49711cafb12b8a38f8344a7634f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Fri, 01 Nov 2024 12:39:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Fri, 01 Nov 2024 12:00:00 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 85013 x-xss-protection 0 server Google Tag Manager
POST H2	200	s86883336171035 Show response sstats.bitdefender.com/b/ss/bitdefenderproduction/1/JS-2.27.0-LEWM/	43 B 332 B	21ms 19ms	XHR image/gif	63.140.38.112 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://sstats.bitdefender.com/b/ss/bitdefenderproduction/1/JS-2.27.0-LEWM/s86883336171035 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.38.112 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ip-63-140-38-112.data.adobedc.net Software jag / Resource Hash 55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers etag 3716144834617638912-4618663654522490113 x-content-type-options nosniff expires Thu, 31 Oct 2024 12:39:47 GMT p3p CP="This is not a P3P policy" date Fri, 01 Nov 2024 12:39:47 GMT last-modified Sat, 02 Nov 2024 12:39:47 GMT vary * content-type image/gif;charset=utf-8 strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache, no-store, max-age=0, no-transform, private pragma no-cache access-control-allow-credentials true access-control-allow-origin https://www.bitdefender.com content-length 43 x-xss-protection 1; mode=block server jag
GET H2	200	tc_imp.gif obseu.ofgreencolumn.com/tracker/	43 B 79 B	92ms 91ms	Image image/gif	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://obseu.ofgreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269eec333ee40829a9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59108c692017071a10acf9f29f674dd78bdc027a6c4eaf7d7e07d43bd967c255630075c55b065f3c060d93bf624677be26bb25cb43e2916af00665a90b2d7a1bda53ee42f496d2df3dbb2907fe7fcaad0339860e3741761293d60b63f060b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf62e8ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82d4e5699e3758d5fa9a7d1942f7663cad921366ee8afe758807ad40e3d510944fd9d36d9a6d279c9a26dc6c90cefab6cdb3f11338ae6bf2fbb9234e2bfb94248ee61bf711135782030ed092cfc9ccf3c837c465c78ff88876e379363a87783ad9839d4124c1e178a704a885479138be66531907833db309d1d6b878bb893fd753f185ccdc6498164466eb581357794578c0bc2cba46d4ddc832b59d64f48163df8ce4fe7e81ffe85c686a8ff9484fcabc055f4df5efed26f563cdb441abb16ce529e468cb04c94982ec6dda4862a7f7cc337c7c7d437b5c0954b5f3907e8657a54f4f5f3bbae11e9cc7461ef4bbdcb3a07e91ffeeeee39bbded591d2ef1469aa41c3f91496407c521082739b439fa340bc8f9d37f98338f3781b97f95ed4c9d3b4f72321e6e4dcd86bd8c6d3f0cc546579fc187a9acd80454edece428c88b0a2fcad800217be5838f0452eb7ed001db63b72d9100c6da0feaf86ef091e3d19b4e7eece23d7f8376a68db0b7179c6c34151995684350b5bf5e8fec14cd859ac854cf8f9b320e3744bf21aa05aa56b59d688a2f40294226607ce653929c3256bb73dda1f534b4d35fd8312afb03763e9ef6d00d59ee75f38a17d2002f5c11dd455582ced76cab266bfdd816a4cdc1edc3078309472807f36924559f90085abe3beff9df25fa8c8c720326d86c587b58a9540fb38bf20a55d53b25c19d9540d7d5bdcc5926bc34bc0f6d48a4095d78938e7523dcd6898188d56eb028ba7c9765979d08af80e43975abdf52c89ea2a090a2929c481ddfb7610cc461f05fca07beba39a2cdd1c725e7c4c7f2f8457288f3a6a312d35e894e04224f3d88823335df6cf64f95d774bf1d28fe7f018d63e29c7575b9752f5216c9b6ca2786d8573e6b186f839dcfb09234844cedf92034979e0459485363303fe32aafe9221487e7a299bbf5fdf5e2983ae8a3db4369280a&cri=fNkkr7UiM6&ts=488&cb=1730464787529 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, no-store, must-revalidate content-length 43 date Fri, 01 Nov 2024 12:39:47 GMT pragma no-cache content-type image/gif
GET H2	200	cross-domain-bridge.html app.usercentrics.eu/browser-sdk/4.38.5/ Frame 853E	0 0	23ms 9ms	Document text/html	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-sdk/4.38.5/cross-domain-bridge.html Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-origin * access-control-expose-headers Content-Type Content-Length Transfer-Encoding age 341829 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=2592000, no-transform content-encoding gzip content-length 1142 content-type text/html date Mon, 28 Oct 2024 13:42:38 GMT etag "c694926fa8d9549789a56bd1df21b8a8" expires Wed, 27 Nov 2024 13:42:38 GMT last-modified Mon, 28 Oct 2024 13:37:13 GMT server UploadServer strict-transport-security max-age=7776000 x-goog-generation 1730122633298226 x-goog-hash crc32c=CXfLbw== md5=xpSSb6jZVJeJpWvR3yG4qA== x-goog-metageneration 2 x-goog-storage-class STANDARD x-goog-stored-content-encoding gzip x-goog-stored-content-length 1142 x-guploader-uploadid AHmUCY3DwvFWZThAaLRSFhQI43ASpxKJU7T5K2eXGyrWhrGM38yXd-_oFMVWyGks9Imluw96gvZYmm8j8g
GET H2	200	rules.json Show response assets.adobetarget.com/bitdefender/production/v1/	223 KB 29 KB	228ms 21ms	Fetch application/json	2600:1408:c400:389::294d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobetarget.com/bitdefender/production/v1/rules.json Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:389::294d Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash 778a24a54e2c947181165b47d036dd0ff24823055e6ea13c720de9e65a545737 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers access-control-expose-headers x-geo-country-code, x-geo-region-code, x-geo-city, x-geo-latitude, x-geo-longitude content-encoding gzip etag "142e2c5a0cd132a207d1c8fa62244369" x-amz-version-id ujCKxYgPiGpk1t1WZDuza1xhJw.Xffu0 access-control-allow-methods GET x-geo-region-code NJ date Fri, 01 Nov 2024 12:39:47 GMT x-geo-country-code US last-modified Thu, 31 Oct 2024 15:58:54 GMT vary Accept-Encoding content-type application/json x-amz-id-2 D0jNpopAKfsUFPbiV7/triPA+SFem9hdprgJiWAV4k8tRAX/33f8acvyzGzi1gi3VR1Mk4c9xp4= access-control-allow-headers * x-amz-replication-status COMPLETED cache-control max-age=55 x-geo-longitude -74.3955 x-amz-request-id 4YQXNXXMJEDPKCPR accept-ranges bytes access-control-allow-origin * x-geo-latitude 40.5175 content-length 29159 server AmazonS3 x-geo-city EDISON x-amz-server-side-encryption AES256
GET H/1.1	200 OK	1.gif imgsct.cookiebot.com/	35 B 736 B	82ms 18ms	Image image/gif	2600:1408:7:1a5::f09 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://imgsct.cookiebot.com/1.gif?dgi=4a55b566-7010-4633-9b03-7ba7735be0b6 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2600:1408:7:1a5::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software UploadServer / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 Access-Control-Expose-Headers * x-goog-hash crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ== ETag "c2196de8ba412c60c22ab491af7b1409" x-goog-stored-content-encoding identity x-goog-stored-content-length 35 Date Fri, 01 Nov 2024 12:39:47 GMT Last-Modified Mon, 23 Oct 2023 11:39:32 GMT Content-Type image/gif X-GUploader-UploadID AHmUCY2gszDdQU2x2uaqlqGzLIr8NNQk7dC2a0nTy34e1kqb-5SdT_jY9SO66xBZ1xKwhuVm0A Cache-Control public,max-age=1800 x-goog-storage-class STANDARD Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * x-goog-generation 1698061172769999 Content-Length 35 Server UploadServer
GET H2	200	341979.js Show response js-na1.hs-scripts.com/	2 KB 806 B	26ms 24ms	Script application/javascript	2606:4700::6810:8dd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-na1.hs-scripts.com/341979.js Requested by Host: js.hs-analytics.net URL: https://js.hs-analytics.net/analytics/1730464500000/341979.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ab2151de7ea5b27cf02fc3afae405a5e481ad45e56da397bffd9f2fda4a74a96 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT age 2639 x-content-type-options nosniff date Fri, 01 Nov 2024 12:39:47 GMT x-hubspot-correlation-id 2589227c-6e97-4e37-a6ff-9bc26f82f6b6 content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Fri, 01 Nov 2024 11:15:36 GMT access-control-allow-credentials true cf-ray 8dbbf31add4e438c-EWR accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 663 server cloudflare
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	87ms 64ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1639347869&v=1.1&a=341979&rcu=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&pu=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&t=Unmasking+the+SYS01+Infostealer+Threat%3A+Bitdefender+Labs+Tracks+Global+Malvertising+Campaign+Targeting+Meta+Business+Pages&cts=1730464787645&vi=68a953f0c895f6137c6dd7603d75d46c&nc=true&u=27765283.68a953f0c895f6137c6dd7603d75d46c.1730464787640.1730464787640.1730464787640.1&b=27765283.1.1730464787640&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-robots-tag none x-request-id 2acee319-05d1-490e-8f15-004c73dd915a cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LH3yXDLsf5TdUbuvXZ9ZVOExSEJlCze2hqr9AgrzY1qURelyPDHOOe6cpYmcPgDf3pEalIOMgIRMIek0aziWTA6xB6d3VU4DP9TrkHBaZ2iEhpnNOt5MWWMqDayjh5MvuDrSRg9wi1WK5ErnDMFg"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Fri, 01 Nov 2024 12:39:47 GMT x-hubspot-correlation-id 2acee319-05d1-490e-8f15-004c73dd915a content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-8grjl x-envoy-upstream-service-time 7 access-control-allow-credentials false cf-ray 8dbbf31afa3d0c96-EWR x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H2	200	1px.png app.usercentrics.eu/session/	489 B 825 B	11ms 9ms	Image image/png	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://app.usercentrics.eu/session/1px.png?settingsId=GKbE5wIoT1zsTY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 content-encoding gzip x-goog-hash crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw== etag "3702ada73b8951017b8451cbd6a96523" age 1251 x-goog-stored-content-encoding gzip expires Fri, 01 Nov 2024 12:48:56 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 522 date Fri, 01 Nov 2024 12:18:56 GMT last-modified Fri, 08 May 2020 09:06:13 GMT content-type image/png x-guploader-uploadid AHmUCY0OgMRFKEHUkXrmD0YZbXbSfULdk49o5qRMSmalkh5Jj5UDtoRAxy74tHle0Ez299SLGWLrXDUZYA strict-transport-security max-age=7776000 cache-control public,max-age=1800,no-transform x-goog-storage-class STANDARD accept-ranges bytes x-goog-generation 1588928773413784 content-length 522 server UploadServer
GET H3	200	DefaultData-d851236d-75928269.js Show response app.usercentrics.eu/browser-ui/3.56.0/	2 KB 1001 B	11ms 10ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/DefaultData-d851236d-75928269.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash fcf4ad57046af8b44b9f85d4398ca15757c54cdbdecfdfdf438266ff0bd996f8 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=XWJu0g==, md5=SaMto8XMmp9E1vKcwePDjA== etag "49a32da3c5cc9a9f44d6f29cc1e3c38c" age 341940 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:40:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 970 date Mon, 28 Oct 2024 13:40:47 GMT last-modified Mon, 28 Oct 2024 13:37:23 GMT content-type text/javascript x-guploader-uploadid AHmUCY09kevRRHt8o3DMX0Te22QdEq3XgUag69wUhnF2FtNJ_mGM41rM8ZpB9LEpRg6amRr-x3c strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122643162145 content-length 970 server UploadServer
GET H2	200	favicon-32x32.png download.bitdefender.com/resources/images/favicon/	568 B 761 B	164ms 10ms	Other image/png	2600:141b:e800:2a::1721:2c84 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://download.bitdefender.com/resources/images/favicon/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:e800:2a::1721:2c84 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash fab8294d35a12278bfd9179ac66940d6d77145b986fc04e5826a8521f7aa1d49 Security Headers Name Value X-Frame-Options SAMEORIGIN *.bitdefender.com Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=4071 etag "53bea05c-238" expires Fri, 01 Nov 2024 13:47:38 GMT accept-ranges bytes access-control-allow-origin * content-length 568 date Fri, 01 Nov 2024 12:39:47 GMT last-modified Thu, 10 Jul 2014 14:17:00 GMT content-type image/png server nginx x-frame-options SAMEORIGIN *.bitdefender.com
GET H3	200	translations-en.json Show response api.usercentrics.eu/translations/	7 KB 2 KB	10ms 9ms	Fetch application/json	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/translations/translations-en.json Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 293c213205cd107ec18a50ae1f8a7b79915117d162cc58701a575def7c295d39 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=8/rfvQ==, md5=3gvV2wFCHwyIlwHnbgqquQ== etag "de0bd5db01421f0c889701e76e0aaab9" age 28487 x-goog-stored-content-encoding gzip expires Sat, 02 Nov 2024 04:45:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 2491 x-client-geo-location US,USNY date Fri, 01 Nov 2024 04:45:00 GMT last-modified Mon, 07 Oct 2024 11:53:10 GMT content-type application/json vary Accept-Encoding x-guploader-uploadid AHmUCY1M0vr4X_erDWoBLiIQ2912EXkc6mNUxAYL64scnvq_ATKiyAdx0YcQdrFTYHxksZz2m8Y strict-transport-security max-age=7776000 cache-control public, max-age=86400, s-maxage=86400 x-goog-storage-class MULTI_REGIONAL accept-ranges bytes access-control-allow-origin * x-goog-generation 1725363151058862 content-length 2491 server UploadServer
OPTIONS H3	200	translations-en.json api.usercentrics.eu/translations/ Frame	0 0	109ms 109ms	Preflight text/html	2600:1901:0:c07c:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.usercentrics.eu/translations/translations-en.json Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:c07c:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://www.bitdefender.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,POST,DELETE access-control-allow-origin * access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Fri, 01 Nov 2024 12:39:47 GMT expires Fri, 01 Nov 2024 12:39:47 GMT server UploadServer strict-transport-security max-age=7776000 x-client-geo-location US,USNY x-guploader-uploadid AHmUCY2ZdivCZVvGlobS7QqE9HUZEpV12pdmFvkajsaXbMYVGzegRJCu-qC6Ol8AWzqHbbpNrBo
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	178 B 1 KB	67ms 65ms	XHR application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=341979&utk=68a953f0c895f6137c6dd7603d75d46c&__hstc=27765283.68a953f0c895f6137c6dd7603d75d46c.1730464787640.1730464787640.1730464787640.1&__hssc=27765283.1.1730464787640&currentUrl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6cbd6c2036f5138ba9e0569ef934e0b0dc259a031d8e30927497690323e0a137 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-robots-tag none access-control-max-age 180 x-request-id f9f89d38-7c1e-47fd-a691-e01a64d0f543 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0wC20KRqavB63PE6eahT1y1hGnsG%2FvoJvxu6ZO071HEm0mP%2FkdVzO4NgMMmpv4OmY2SxgEaaJXOyrcWIfzfmZ6cJYmMym0R%2BBJdFUs8CEYyXDGoD8Dw7AHmW4BmC%2BZ8JFhPqhF2lG2pbLQoQkkT"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-evy-trace-listener listener_https date Fri, 01 Nov 2024 12:39:47 GMT x-hubspot-correlation-id f9f89d38-7c1e-47fd-a691-e01a64d0f543 content-type application/json;charset=utf-8 vary origin access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control max-age=0, no-cache, no-store nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-mx5kh x-envoy-upstream-service-time 31 access-control-allow-credentials false cf-ray 8dbbf31b3beb42a9-EWR access-control-allow-origin https://www.bitdefender.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H3	200	DefaultUI-ce15e383-091a4d59.js Show response app.usercentrics.eu/browser-ui/3.56.0/	2 KB 789 B	11ms 11ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 043b96d186740cbc6123374ca605a0d64dab716490de8139c5ad850752f3035b Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=Beo4JQ==, md5=Em0QAeYPeJr7d+FPthYoHw== etag "126d1001e60f789afb77e14fb616281f" age 341940 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:40:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 758 date Mon, 28 Oct 2024 13:40:47 GMT last-modified Mon, 28 Oct 2024 13:37:23 GMT content-type text/javascript x-guploader-uploadid AHmUCY2mYKHei3-tjLDoHEceLFyqBmlRFzP2kCEgAwxKonqFIppnKQClvPp6EkT0RG4cs6JoK8w strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122643609939 content-length 758 server UploadServer
GET H3	200	FirstLayerCustomization-6bbfcebc-788df697.js Show response app.usercentrics.eu/browser-ui/3.56.0/	3 KB 1 KB	12ms 11ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/FirstLayerCustomization-6bbfcebc-788df697.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 1a639c6b443b17ec6c6f50d2de9487ec53d78fd91adec25c8d84f4668be31242 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=UpnfjQ==, md5=2LDc/qcgegTTxLD6UhkpRw== etag "d8b0dcfea7207a04d3c4b0fa52192947" age 341940 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:40:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 1076 date Mon, 28 Oct 2024 13:40:47 GMT last-modified Mon, 28 Oct 2024 13:37:24 GMT content-type text/javascript x-guploader-uploadid AHmUCY0TkvBnocwMtGzwPsymeT3_zazro2hbooFa8FGKYEbkQDiuSdOOZx8mDxTzt_RDVFOSca4 strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122644078383 content-length 1076 server UploadServer
GET H3	200	ButtonsCustomization-1f94048f-20aa0dd3.js Show response app.usercentrics.eu/browser-ui/3.56.0/	473 B 267 B	13ms 12ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/ButtonsCustomization-1f94048f-20aa0dd3.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash ebbf51132ac80c2070995d82e1b1237526521386eaced499d94c36a05804141f Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=k1elSQ==, md5=xS0HojXBjZIGTVYd3VNb6g== etag "c52d07a235c18d92064d561ddd535bea" age 341940 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:40:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 236 date Mon, 28 Oct 2024 13:40:47 GMT last-modified Mon, 28 Oct 2024 13:37:22 GMT content-type text/javascript x-guploader-uploadid AHmUCY0FTcXJCPvUyJOsEp4i2muAfGvkVATSwDrJ-ovKLYjYx9znhsbntdHtmgR45VTpcN6OwOQ strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122642449928 content-length 236 server UploadServer
GET H3	200	SecondLayerUI-9cac3b05-6f65af64.js Show response app.usercentrics.eu/browser-ui/3.56.0/	567 B 349 B	13ms 12ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/SecondLayerUI-9cac3b05-6f65af64.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 8395d72ab340a6fb7923d93b019bffa5570553f6762dc56eeb4e5ee603ae3dda Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=Jv1vrA==, md5=lRsDP24MElAPmZcJkLrX2g== etag "951b033f6e0c12500f99970990bad7da" age 341940 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:40:47 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 318 date Mon, 28 Oct 2024 13:40:47 GMT last-modified Mon, 28 Oct 2024 13:37:26 GMT content-type text/javascript x-guploader-uploadid AHmUCY3V7Hmui2s1Zixk3_1RgD1nWUIzBBl01mR-3IyxVCSXAFjXwbrzhyDbWJl1RDeIunVRmKo strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122645978523 content-length 318 server UploadServer
GET H3	200	Taglogger-e8de1530-77a1d15a.js Show response app.usercentrics.eu/browser-ui/3.56.0/	1 KB 721 B	10ms 10ms	Script text/javascript	2600:1901:0:5987:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://app.usercentrics.eu/browser-ui/3.56.0/Taglogger-e8de1530-77a1d15a.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:0:5987:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash fab5cda5682da8425e7110db62aa4c2163e2bbd8e2eec76139e3b1451520fa92 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://www.bitdefender.com Referer https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Response headers x-goog-metageneration 2 access-control-expose-headers Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace content-encoding gzip x-goog-hash crc32c=AmlEtA==, md5=LO8Zegi54c1kSelQAmBIZQ== etag "2cef197a08b9e1cd6449e95002604865" age 341830 x-goog-stored-content-encoding gzip expires Tue, 28 Oct 2025 13:42:37 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 687 date Mon, 28 Oct 2024 13:42:37 GMT last-modified Mon, 28 Oct 2024 13:37:26 GMT content-type text/javascript x-guploader-uploadid AHmUCY3jcCmhG58W11cfBL3Y5E6Lx48U1Xxb-jwViKD8ZVhzlTKzJPm7J2Y4eLufbtPX7tvMPW4 strict-transport-security max-age=7776000 cache-control public, max-age=31536000, no-transform x-goog-storage-class STANDARD accept-ranges bytes access-control-allow-origin * x-goog-generation 1730122646492664 content-length 687 server UploadServer
OPTIONS H2	204	3 consent-api.service.consent.usercentrics.eu/consent/uw/ Frame	0 0	119ms 90ms	Preflight text/html	2600:1901:0:1e38:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://consent-api.service.consent.usercentrics.eu/consent/uw/3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:1e38:: Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers Accept */* Access-Control-Request-Headers access-control-allow-origin,content-type,x-request-id Access-Control-Request-Method POST Origin https://www.bitdefender.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-headers access-control-allow-origin,content-type,x-request-id access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin * access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/html date Fri, 01 Nov 2024 12:39:47 GMT server Google Frontend strict-transport-security max-age=7776000 vary Origin, Access-Control-Request-Headers via 1.1 google x-cloud-trace-context 2642780715d6f3c382b4ab20a9998c2f
POST H2	201	3 Show response consent-api.service.consent.usercentrics.eu/consent/uw/	0 87 B	98ms 79ms	Fetch text/html	2600:1901:0:1e38:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://consent-api.service.consent.usercentrics.eu/consent/uw/3 Requested by Host: app.usercentrics.eu URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:1e38:: Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=7776000 Request headers X-Request-ID ab0e0257-24fa-4cb5-abac-18aa16e145f0 Access-Control-Allow-Origin * Referer https://www.bitdefender.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept application/json Content-Type application/json Response headers strict-transport-security max-age=7776000 via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT x-cloud-trace-context 97c331c2cd232b4c34d9683aae634892 vary Origin server Google Frontend content-type text/html
POST H3	200	collect www.google.com/ccm/	0 0	61ms 29ms	Ping text/plain	2607:f8b0:4004:c21::68 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=2097212772.1730464788&auid=452225301.1730464788&npa=0&us_privacy=1YNY&gdid=dMWZhNz&gtm=45fe4au0v9190968901za200&gcs=G111&gcd=13r3r3r3r5l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tft=1730464787876&tfd=1828&apve=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c21::68 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers
GET H2	200	activityi;fledge=1;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infosteale... td.doubleclick.net/td/fls/rul/ Frame C12F	0 0	73ms 37ms	Document text/html	2607:f8b0:4004:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=DC-5165113&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-encoding br content-length 1866 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 01 Nov 2024 12:39:47 GMT expires Fri, 01 Jan 1990 00:00:00 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
POST H3	204	1040562098 google.com/ccm/form-data/	0 20 B	57ms 22ms	Ping text/plain	2607:f8b0:4004:c09::64 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://google.com/ccm/form-data/1040562098?gtm=45be4au0pfv9164188826za200zb9190968901&gcs=G111&gcd=13r3r3r3r5l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&did=dMWZhNz&gdid=dMWZhNz&npa=0&frm=0&pscdl=noapi&auid=452225301.1730464788&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&em=tv.1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c09::64 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:57:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:57:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitdefender.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:47 GMT content-type text/plain server Golfe2
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/	5 KB 2 KB	75ms 37ms	Script text/javascript	2607:f8b0:4004:c0b::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040562098/?random=1730464787469&cv=11&fst=1730464787469&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=452225301.1730464788&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c0b::9d Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash dc44f20f3c0033368b68c9635d0cba60139e7d7a811b8ea9c0137fe59b9d3e05 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, must-revalidate timing-allow-origin * content-encoding br pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-length 2524 date Fri, 01 Nov 2024 12:39:47 GMT x-xss-protection 0 content-type text/javascript; charset=UTF-8 content-disposition attachment; filename="f.txt" server cafe
GET H2	200	1040562098 td.doubleclick.net/td/rul/ Frame E4CE	0 0	47ms 39ms	Document text/html	2607:f8b0:4004:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://td.doubleclick.net/td/rul/1040562098?random=1730464787469&cv=11&fst=1730464787469&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=452225301.1730464788&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-encoding br content-length 2805 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 01 Nov 2024 12:39:47 GMT expires Fri, 01 Jan 1990 00:00:00 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
POST H2	204	collect analytics.google.com/g/	0 0	85ms 23ms	Fetch text/plain	2001:4860:4802:38::181 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://analytics.google.com/g/collect?v=2&tid=G-6M0GWNLLWF&gtm=45je4au0v869430580za200zb9190968901&_p=1730464787194&_gaz=1&gcs=G111&gcd=13r3r3r3r5l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&gdid=dMWZhNz&cid=266114143.1730464788&ecid=10830842&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_eu=EA&_s=1&uid=&dl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&sid=1730464787&sct=1&seg=0&dt=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=&ep.anonymize_ip=true&ep.geoRegion=us&ep.pageSubSection=labs&ep.login_status=false&ep.source=&ep.medium=&ep.cid=&ep.page_name=blog%3Alabs%3Aantimalware-research%3Aunmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages&ep.fingerprint=&ep.siteSection=blog&ep.pageSubSubSection=antimalware-research&tfd=1894 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitdefender.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:48 GMT content-type text/plain server Golfe2
POST H2	204	collect stats.g.doubleclick.net/g/	0 557 B	75ms 15ms	Ping text/plain	2607:f8b0:4004:c17::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6M0GWNLLWF&cid=266114143.1730464788&gtm=45je4au0v869430580za200zb9190968901&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.bitdefender.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 01 Nov 2024 12:39:48 GMT content-type text/plain server Golfe2
GET H2	200	rul td.doubleclick.net/td/ga/ Frame 6C81	0 0	31ms 28ms	Document text/html	2607:f8b0:4004:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://td.doubleclick.net/td/ga/rul?tid=G-6M0GWNLLWF&gacid=266114143.1730464788&gtm=45je4au0v869430580za200zb9190968901&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1084519031 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-encoding br content-length 16 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 01 Nov 2024 12:39:47 GMT expires Fri, 01 Jan 1990 00:00:00 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=*;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-th... adservice.google.com/ddm/fls/z/ Redirect Chain https://ad.doubleclick.net/activity;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the... https://ad.doubleclick.net/activity;dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fe... https://adservice.google.com/ddm/fls/z/dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=*;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Fla...	42 B 63 B	67ms 35ms	Image image/gif	2607:f8b0:4004:c1d::9c GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=*;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F Protocol H3 Server 2607:f8b0:4004:c1d::9c Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, must-revalidate timing-allow-origin * pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-length 42 date Fri, 01 Nov 2024 12:39:48 GMT x-xss-protection 0 content-type image/gif server cafe Redirect headers cache-control no-cache, must-revalidate timing-allow-origin * location https://adservice.google.com/ddm/fls/z/dc_pre=CPXR8teTu4kDFYklTwgd1Lw7mw;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=*;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT x-xss-protection 0 content-type text/html; charset=UTF-8 server cafe
GET H3	200	activity;register_conversion=1;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys0... ad.doubleclick.net/	0 22 B	110ms 47ms	Image image/png	172.253.63.149 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ad.doubleclick.net/activity;register_conversion=1;src=5165113;type=na-c;cat=allpages;ord=6824936603521;npa=0;auiddc=452225301.1730464788;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz;ps=1;pcor=839692540;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G111;gcd=13r3r3r3r5l1;dma=0;tag_exp=101533422~101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F? Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.149 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f149.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, must-revalidate timing-allow-origin * pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT attribution-reporting-register-trigger {"aggregatable_deduplication_keys":[{"deduplication_key":"13507769303379110008"}],"aggregatable_trigger_data":[{"filters":[{"14":["2831056"]}],"key_piece":"0x920c800b15f76221","source_keys":["12","13","14","15","16","17","18","19","20","21","20449812","20449813","20449814","20449815","22088680","22088681","22088682","22088683","22932268","22932269","22932270","22932271","628496680","628496681","628496682","628496683","628738860","628738861","628738862","628738863","628893860","628893861","628893862","628893863","642837504","642837505","642837506","642837507"]},{"key_piece":"0x7bc1612c00b1078f","not_filters":{"14":["2831056"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","20449812","20449813","20449814","20449815","22088680","22088681","22088682","22088683","22932268","22932269","22932270","22932271","628496680","628496681","628496682","628496683","628738860","628738861","628738862","628738863","628893860","628893861","628893862","628893863","642837504","642837505","642837506","642837507"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"20449812":34,"20449813":34,"20449814":34,"20449815":3345,"21":6356,"22088680":65,"22088681":65,"22088682":65,"22088683":6356,"22932268":32,"22932269":32,"22932270":32,"22932271":3177,"628496680":32,"628496681":32,"628496682":32,"628496683":3177,"628738860":32,"628738861":32,"628738862":32,"628738863":3177,"628893860":32,"628893861":32,"628893862":32,"628893863":3177,"642837504":38,"642837505":38,"642837506":38,"642837507":3739},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"4371272994223096767","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"13507769303379110008","filters":[{"14":["2831056"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"13507769303379110008","filters":[{"14":["2831056"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"13507769303379110008","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"13507769303379110008","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["5165113"]}} content-type image/png x-xss-protection 0 server cafe
GET H2	200	sw_iframe.html www.googletagmanager.com/static/service_worker/4al0/ Frame 2086	0 0	42ms 14ms	Document text/html	2607:f8b0:4004:c1b::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.bitdefender.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 60150 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 1476 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving content-type text/html cross-origin-opener-policy same-origin; report-to="analytics-container-tag-serving" cross-origin-resource-policy cross-origin date Thu, 31 Oct 2024 19:57:18 GMT expires Fri, 31 Oct 2025 19:57:18 GMT last-modified Mon, 21 Oct 2024 16:58:00 GMT report-to {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]} server sffe service-worker-allowed /static/service_worker vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	RC38554e1d609e4fba82fd1a7d64e0c4fd-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	870 B 776 B	67ms 60ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC38554e1d609e4fba82fd1a7d64e0c4fd-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 2b961509132c08044e387c124645336947ea3ddd14c1dd2aa02684ba0a9587d7 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 493 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
POST H2	200	mon Show response obseu.ofgreencolumn.com/	0 150 B	99ms 96ms	XHR application/json	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/mon Requested by Host: euob.ofgreencolumn.com URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers access-control-allow-origin https://www.bitdefender.com content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE
GET H3	200	/ www.google.com/pagead/1p-user-list/1040562098/	42 B 64 B	28ms 27ms	Image image/gif	2607:f8b0:4004:c21::68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/1040562098/?random=1730464787469&cv=11&fst=1730462400000&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9164188826za200zb9190968901&gcd=13r3r3r3r5l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=452225301.1730464788&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7dAXY-8nwWazTP4XPLUQ8DSsL5wAz5KQpUCntwZH0oqEBjb88-&random=2666039998&rmt_tld=0&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c21::68 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-security-policy script-src 'none'; object-src 'none' cache-control no-cache, no-store, must-revalidate timing-allow-origin * pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-length 42 date Fri, 01 Nov 2024 12:39:48 GMT x-xss-protection 0 content-type image/gif server cafe
GET H2	200	hotjar-37798.js Show response static.hotjar.com/c/	27 KB 8 KB	80ms 20ms	Script application/javascript	18.160.41.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-37798.js?sv=6 Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.160.41.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-41-112.iad55.r.cloudfront.net Software / Resource Hash 375db08a052e2dcbb4dbe6ec41000c7486af238744dd0d48862be32cec7ec91b Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding br etag W/69e3220b85e0aea66fbb32508a45fb65 age 52 x-content-type-options nosniff x-cache-hit 1 x-cache Hit from cloudfront x-amz-cf-id SzJkLjWgijG3sbY_dHavhrObU47yq1vAOzM_C6ly3MvRhOt8snrWaw== date Fri, 01 Nov 2024 12:39:48 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=60 cross-origin-resource-policy cross-origin via 1.1 0003b3450f3f9fac44312c4622a410c2.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-cf-pop IAD55-P1
GET H2	200	RCc9985e39ac1a4eac9a81593fa8dd4eb3-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	1 KB 1000 B	36ms 35ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCc9985e39ac1a4eac9a81593fa8dd4eb3-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 0b42f5fc9fdeb7f339a89cd8f247e6f96e1cf0ad60ce0ede77e2e48e4890b259 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 717 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	RC04a791acf2cc461f99983b3870a108eb-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	690 B 718 B	60ms 59ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC04a791acf2cc461f99983b3870a108eb-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 86f1803a5904d8da3fa87b934c8b92ee22432ff830d6855ad61f19e00c976f1a Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 435 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	bat.js Show response bat.bing.com/	50 KB 15 KB	103ms 24ms	Script application/javascript	2620:1ec:33:1::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 content-encoding gzip etag "028e0691d20db1:0" accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 26ADB397626647F98F81BE6A6C8D921B Ref B: EWR311000104045 Ref C: 2024-11-01T12:39:48Z accept-ranges bytes x-cache CONFIG_NOCACHE content-length 14570 date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript last-modified Wed, 16 Oct 2024 22:47:44 GMT vary Accept-Encoding
GET H2	200	RCf606fb6930ae4c3f9500524beb70c59a-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	860 B 772 B	34ms 34ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCf606fb6930ae4c3f9500524beb70c59a-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 68bf6234be80a74ffd1dcd5206e5bceca1e6b6fe6c6ee393411283052375bb3a Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 489 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	events.js Show response analytics.tiktok.com/i18n/pixel/	6 KB 3 KB	201ms 33ms	Script application/javascript	23.212.249.5 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CQPLM2BC77UF32CPVDG0&lib=ttq Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.212.249.5 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-212-249-5.deploy.static.akamaitechnologies.com Software nginx / Resource Hash a4461e231730426f8bbbe822567601cb02a50f10690c5010f8c09fc36fe219b3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding gzip expires Fri, 01 Nov 2024 12:39:48 GMT server-timing inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=9 x-cache TCP_MISS from a23-220-105-11.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-) date Fri, 01 Nov 2024 12:39:48 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding x-akamai-request-id 6a8dc927 x-tt-trace-host 01805dd5b33f2fecd0b1907d90c6a9fae69966fe4271606a630baf7163c82094fea830ff0e99400535f2ed6b0f45bd78c1d91caeaca8a013853e7aee77060782e611df4f3d0cd4314d3e85ec405c037cfdaaf76f1e676e1e678f9bb2efb1432e1a x-origin-response-time 9,23.220.105.11 cache-control max-age=0, no-cache, no-store pragma no-cache x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2411011239488DCF37961A0DBCF40C8D-0A6E35177C024D4A-00 content-length 2061 x-tt-logid 202411011239488DCF37961A0DBCF40C8D server nginx
GET H2	200	uwt.js Show response static.ads-twitter.com/	57 KB 16 KB	55ms 13ms	Script application/javascript	146.75.28.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers vary Accept-Encoding,Host cache-control no-cache content-encoding gzip etag "4328e910de583ad53b3a7a76455af005+gzip" accept-ranges bytes x-cache HIT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" content-length 15926 date Fri, 01 Nov 2024 12:39:48 GMT x-tw-cdn FT last-modified Tue, 29 Oct 2024 01:22:31 GMT content-type application/javascript; charset=utf-8 x-served-by cache-iad-kiad7000078-IAD x-amz-server-side-encryption AES256
GET H2	200	RC462f2d04fb5e49cca2f3d2d10bac9a0c-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	594 B 654 B	53ms 53ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC462f2d04fb5e49cca2f3d2d10bac9a0c-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash adc5d3182a1a39bf68784f4455a220ac86c5658d7c3c934511dfe5b2b802dd8c Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 371 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	modules.625495a901d247c3e8d4.js Show response script.hotjar.com/	221 KB 55 KB	67ms 14ms	Script application/javascript	3.167.56.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.625495a901d247c3e8d4.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-37798.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.167.56.16 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-167-56-16.iad61.r.cloudfront.net Software / Resource Hash c0d57eff0936a57e0c8d6bc93314585c734e5ade88d6de970e1e305ae5d87224 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-robots-tag none content-encoding br etag "862c1be6e71cd836a43ce679991261fd" age 333401 x-content-type-options nosniff x-cache Hit from cloudfront x-amz-cf-id orm7bB-NMXtFnzT4a7fMZTMPHLghzxqE9vr-udqdBqGG8agg-1D1FQ== date Mon, 28 Oct 2024 16:03:06 GMT content-type application/javascript; charset=utf-8 last-modified Mon, 28 Oct 2024 16:02:55 GMT vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 cross-origin-resource-policy cross-origin via 1.1 bbed065fe40633182aa7cd97dcf661b2.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 56056 x-amz-cf-pop IAD61-P5
GET H2	200	5104414.js Show response bat.bing.com/p/action/	4 KB 2 KB	23ms 23ms	Script application/javascript	2620:1ec:33:1::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/5104414.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 6f841062b74fb641a2ba0cd8640d13627dfc8878344542abaaea8e9f05c5d524 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=60 content-encoding br accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: E70CEEEBC6EA498B9CAABDFC1AB76AD9 Ref B: EWR311000104045 Ref C: 2024-11-01T12:39:48Z x-cache CONFIG_NOCACHE date Fri, 01 Nov 2024 12:39:47 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding
GET H/1.1	200 OK	scarab-v2.js Show response cdn.scarabresearch.com/js/198DE47607F5EBDB/	95 KB 23 KB	81ms 16ms	Script application/javascript	3.162.125.64 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.scarabresearch.com/js/198DE47607F5EBDB/scarab-v2.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.162.125.64 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-162-125-64.iad61.r.cloudfront.net Software / Resource Hash 70c8a6b390b1be2c62932aa85ea633523bd3cd4919e8f7f559fd039b3a34bc5f Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers Transfer-Encoding chunked Cache-Control max-age=3600,public Timing-Allow-Origin * Content-Encoding gzip ETag "d74662d85574d7bf454f47a76d21e0db--gzip" Age 157 Connection keep-alive Via 1.1 44b13d2e12ad74e58c5a56d9c368da6c.cloudfront.net (CloudFront) X-Cache Hit from cloudfront X-Amz-Cf-Id dsbLaf5rds2FdnPL1cArRm52le2g_6l7fWCimc32xX3tX5uhOX_-rA== Date Fri, 01 Nov 2024 12:37:22 GMT Content-Type application/javascript;charset=utf-8 Vary Accept-Encoding X-Amz-Cf-Pop IAD61-P3
GET H2	200	RC2ca1e93fcfbd4937beadbcd54f4d3ebb-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	709 B 627 B	15ms 14ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC2ca1e93fcfbd4937beadbcd54f4d3ebb-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash f5d2f53e9cb536c8612a444d04480a7fc10e7d3c86cdc238c0971f30af130ee2 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 344 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	adsct t.co/1/i/	43 B 627 B	131ms 71ms	Image image/gif	172.66.0.227 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=55b65804-5258-416a-9628-a1b405cb15a8&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=460499c6-ee04-454d-b08d-1bbd24bdc630&tw_document_href=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&tw_iframe_status=0&txn_id=nvfwk&type=javascript&version=2.3.31 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=0 x-transaction-id 15abec28b8a87cc4 cache-control no-cache, no-store, max-age=0 x-connection-hash 5ab07425a248b29d53649cbf07f0ad3deccafdbe2ca6a78fae99712e58bce05d cf-cache-status DYNAMIC cf-ray 8dbbf31e98fe19bf-EWR x-response-time 5 content-length 43 date Fri, 01 Nov 2024 12:39:48 GMT content-type image/gif;charset=utf-8 perf 7402827104 server cloudflare tsa_b
GET H2	200	adsct analytics.twitter.com/1/i/	43 B 603 B	110ms 38ms	Image image/gif	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=55b65804-5258-416a-9628-a1b405cb15a8&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=460499c6-ee04-454d-b08d-1bbd24bdc630&tw_document_href=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&tw_iframe_status=0&txn_id=nvfwk&type=javascript&version=2.3.31 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=631138519 x-transaction-id 678f17a0e7cdcbda cache-control no-cache, no-store, max-age=0 x-connection-hash ebdbec66bc7f6f06eb53173ceb788278c372b42858ea6d9c33f7601c179366af x-response-time 5 content-length 43 date Fri, 01 Nov 2024 12:39:47 GMT perf 7402827104 content-type image/gif;charset=utf-8 server tsa_b
GET H2	200	5104414 Show response www.clarity.ms/tag/uet/	878 B 1 KB	78ms 27ms	Script application/x-javascript	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/uet/5104414?insights=1 Requested by Host: bat.bing.com URL: https://bat.bing.com/p/action/5104414.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 419904cf2ac033c7f0a3e6b7f4225ac96dd347292961b2b8db72003e0cf08ed1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control no-cache, no-store request-context appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d expires -1 accept-ranges bytes x-cache CONFIG_NOCACHE content-length 878 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript x-azure-ref 20241101T123948Z-r18584dbfb9x7ccwya0nc955ec0000000amg00000000ks68
GET H2	204	0 bat.bing.com/action/	0 361 B	26ms 25ms	Image text/plain	2620:1ec:33:1::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=5104414&tm=al001&Ver=2&mid=f24dc004-206f-43e4-b9c3-b6cbc6effba2&bo=1&sid=617990b0984e11efb1ddc3d5da3ee488&vid=6179c2d0984e11ef88e83b76635e1213&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&p=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&r=&lt=1604&pt=1730464786048,,,,,1,1,6,6,31,13,31,89,216,99,347,967,967,1589,1590,1604&pn=0,0&evt=pageLoad&sv=1&cdb=AQIR&rn=321907 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, must-revalidate pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 6233514C1F154F4CBDD504218BF7BDBC Ref B: EWR311000104045 Ref C: 2024-11-01T12:39:48Z expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * x-cache CONFIG_NOCACHE date Fri, 01 Nov 2024 12:39:47 GMT
GET H2	200	RCae3aa4b9849447d785847af246462d1f-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	684 B 710 B	19ms 17ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCae3aa4b9849447d785847af246462d1f-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 17ebab252506a49244826b0b915310082bdb89d2219c849c8b94de3dcdc06329 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 427 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	54ms 15ms	Script application/javascript	2600:1408:c400:5::17c7:371d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:5::17c7:371d Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=9676 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 14628 date Fri, 01 Nov 2024 12:39:48 GMT last-modified Thu, 22 Aug 2024 11:06:54 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	RC0425550650094a6689c84789f6096b85-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	727 B 738 B	17ms 16ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RC0425550650094a6689c84789f6096b85-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 96a62ab971b354a81cd7fcf3cd601a397f16e7be1d3e8a8729e0e28cf0e1b559 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 455 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	RCeedc5502d4fe45bbb8e99a685c44acf1-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	529 B 618 B	18ms 17ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCeedc5502d4fe45bbb8e99a685c44acf1-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 5783beee6cf7f61770dbbf542109b0051a7541fa47ee5268136f96ffdb4daadf Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 335 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
POST H2	200	/ Show response content.hotjar.io/	56 B 171 B	665ms 252ms	XHR application/json	54.76.153.143 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.hotjar.io/?site_id=37798&gzip=1 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.625495a901d247c3e8d4.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.76.153.143 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-76-153-143.eu-west-1.compute.amazonaws.com Software / Resource Hash e2652130b41e632a74858835de939d00606b2ef2f20fa455437bc40895b8009f Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain; charset=UTF-8 Referer https://www.bitdefender.com/ Response headers access-control-max-age 86400 access-control-allow-origin * content-length 56 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	42 KB 13 KB	66ms 13ms	Script application/javascript	2a04:4e42::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control public, max-age=60 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip etag "5e9ac3a42b557bf8ca38cf2e8baba70b" report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 12126 date Fri, 01 Nov 2024 12:39:48 GMT last-modified Tue, 15 Oct 2024 19:34:59 GMT content-type application/javascript vary Accept-Encoding,Origin server snooserv x-amz-server-side-encryption AES256
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/	239 KB 61 KB	66ms 15ms	Script application/x-javascript	2a03:2880:f003:c0e:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-KhkMzzUH' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding gzip report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} x-content-type-options nosniff expires Sat, 01 Jan 2000 00:00:00 GMT alt-svc h3=":443"; ma=86400 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" priority u=3,i x-frame-options DENY strict-transport-security max-age=31536000; preload; includeSubDomains reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" content-security-policy default-src 'self' data: blob: *;script-src 'nonce-KhkMzzUH' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; cache-control public, max-age=1200 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups x-fb-connection-quality EXCELLENT; q=0.9, rtt=13, rtx=0, c=23, mss=1232, tbw=4455, tp=9, tpl=0, uplat=1, ullat=-1 pragma public x-fb-debug 7dh4zRoX4hzupwUkSIr4NdfPV5nCi2dUjvYJJx2G2UT8p7IbA1SztSeb2NCKIIARXT03yDesVY20cJHOFMX/cQ== cross-origin-resource-policy cross-origin permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" document-policy force-load-at-top content-length 62068 x-xss-protection 0 origin-agent-cluster ?1
GET H2	200	ee38c350.min.js Show response tag.demandbase.com/	61 KB 18 KB	87ms 17ms	Script application/javascript	18.160.10.40 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.demandbase.com/ee38c350.min.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.160.10.40 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-10-40.iad12.r.cloudfront.net Software AmazonS3 / Resource Hash 0e266e2074011da24ec37bf38def3f05871a3c82c7ba279dbee8fe78ddabe680 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding gzip x-amz-version-id 5lfo7NMWhqmgBYDkUZou_YpfsRAD1.RZ etag W/"34ef7df10787ded6fe22deed1f86878c" age 3488 x-cache Hit from cloudfront x-amz-cf-id zWiAHV7eN-SxGbcteu_SHeuHCI0Z_yPQs5Va5OiLM6JJ-YSxoOmz_w== date Fri, 01 Nov 2024 11:41:41 GMT content-type application/javascript; charset=utf-8 vary accept-encoding last-modified Thu, 17 Oct 2024 13:52:04 GMT strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=3600 via 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront) permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-pop IAD12-P3 server AmazonS3 x-amz-server-side-encryption AES256
POST H2	200	ip.json Show response api.company-target.com/api/v3/	491 B 1 KB	45ms 44ms	XHR application/json	13.249.39.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v3/ip.json?&page=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&referrer=&page_title=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.249.39.123 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-249-39-123.iad89.r.cloudfront.net Software nginx / Resource Hash 4d9cffcc2365a3bd401c73a2d2e5f769c1730cdeb289dab56fe185ecd6279ec3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitdefender.com/ Response headers access-control-max-age 7200 access-control-expose-headers x-amz-cf-id content-encoding gzip identification-source CENTRAL access-control-allow-methods GET, POST, OPTIONS request-id 217cd0e1-c29b-4bba-a105-ca7fcc286308 expires Thu, 31 Oct 2024 12:39:48 GMT x-cache Miss from cloudfront x-amz-cf-id x72s3XyKNUZNPYpfIeceQh3XWnsLaxdQ6ljrQjOFDFrD6jFS3lRuCQ== date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json;charset=utf-8 vary Accept-Encoding, Origin access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache api-version v3 access-control-allow-credentials true via 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront) access-control-allow-origin https://www.bitdefender.com x-amz-cf-pop IAD89-C1 server nginx
GET H2	200	RCfc30b75f2f2842d78674735429229857-source.min.js Show response assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/	655 B 703 B	25ms 25ms	Script application/x-javascript	2600:1408:c400:380::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/0296d100a56d/RCfc30b75f2f2842d78674735429229857-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:380::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash a878ee750f8da5a23d6cea75fc3ce2b2e36bd5afe02c38508b48d7680a3fc1c6 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=3600 timing-allow-origin * content-encoding gzip etag "c37bbeb3350da82eaf316cdde5920611:1726835529.255559" x-content-type-options nosniff expires Fri, 01 Nov 2024 13:39:48 GMT accept-ranges bytes access-control-allow-origin https://www.bitdefender.com content-length 421 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Fri, 20 Sep 2024 12:32:09 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	39ms 8ms	Script application/x-javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyd/D12D) / Resource Hash 166f62c7a9aa03e83bd045e8469101d00f6f7dc09549cb4e5f350f128e5a92b8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSub cache-control max-age=86400 content-encoding gzip etag "1e22f88dd629db1:0" age 55463 accept-ranges bytes x-cache HIT content-length 25393 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript last-modified Tue, 29 Oct 2024 07:45:41 GMT server ECS (nyd/D12D) vary Accept-Encoding
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 766 B	131ms 105ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=359890&time=1730464788353&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept * Referer https://www.bitdefender.com/ Response headers x-li-pop afd-prod-lor1-x content-encoding gzip x-fs-uuid 000625d93b02a8c4cd073cdfbdfafa7c x-msedge-ref Ref A: DC5DBCBFA4FD4AEBB3A4906B90EDB8C6 Ref B: EWR30EDGE0408 Ref C: 2024-11-01T12:39:48Z x-li-fabric prod-lor1 x-restli-protocol-version 1.0.0 access-control-allow-methods GET, OPTIONS x-li-uuid AAYl2TsCqMTNBzzfvfr6fA== x-li-proto http/2 access-control-allow-origin * x-cache CONFIG_NOCACHE date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json access-control-allow-headers *
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-th... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-th... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D359890%26time%3D1730464788353%26li_adsId%3D66a83857-670a-48dd-8b13-52056b8ae9ef%2... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-th... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-t...	0 490 B	129ms 79ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&cookiesTest=true&liSync=true&e_ipv6=AQK94LJ3wdVN1gAAAZLnvTFSa8mF_DSEb4g2C_6mn5gttSawbqS0dwd5Z2Zq7VF2w0pmwoFwM9PSdkfDmgIRi-gyyRrYrQ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers linkedin-action 1 x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 9859DECCF0E9430D9F944CC8E3536556 Ref B: EWR311000104009 Ref C: 2024-11-01T12:39:48Z x-li-fabric prod-lva1 x-li-uuid AAYl2TsKCAS59tu6haJWug== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/javascript Redirect headers linkedin-action 1 x-li-pop afd-prod-lva1-x location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1730464788353&li_adsId=66a83857-670a-48dd-8b13-52056b8ae9ef&url=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&cookiesTest=true&liSync=true&e_ipv6=AQK94LJ3wdVN1gAAAZLnvTFSa8mF_DSEb4g2C_6mn5gttSawbqS0dwd5Z2Zq7VF2w0pmwoFwM9PSdkfDmgIRi-gyyRrYrQ x-msedge-ref Ref A: 67C8E660C9364DCD8E1A94AB27495F26 Ref B: EWR311000106017 Ref C: 2024-11-01T12:39:48Z x-li-fabric prod-lva1 x-li-uuid AAYl2TsIatkj10t/tymXHQ== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Fri, 01 Nov 2024 12:39:47 GMT
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.49/	64 KB 27 KB	28ms 27ms	Script application/javascript	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.49/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/uet/5104414?insights=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 09fa04e84d7038cc32f19bedcba454b9e637a35f4de496e8ec9148c47550f0fc Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-azure-ref 20241101T123948Z-r18584dbfb9x7ccwya0nc955ec0000000amg00000000ks6e cache-control public, max-age=86400 x-ms-version 2018-03-28 content-encoding br etag W/"0x8DCF3CA14C9A428" x-fd-int-roxy-purgeid 51562430 x-ms-request-id 6bd93a27-901e-007b-354c-286c47000000 access-control-allow-origin * x-cache TCP_HIT date Fri, 01 Nov 2024 12:39:48 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding last-modified Thu, 24 Oct 2024 01:20:43 GMT
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8D0A34AE8F2A4369879A420C6D2C3E34&RedC=c.clarity.ms&MXFR=19D5DF7296D660452305CA5892D66EEE https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0A34AE8F2A4369879A420C6D2C3E34&MUID=2A71B283C6526BF33B22A7A9C7D86A86	42 B 443 B	18ms 18ms	Image image/gif	20.110.205.119 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0A34AE8F2A4369879A420C6D2C3E34&MUID=2A71B283C6526BF33B22A7A9C7D86A86 Protocol H2 Server 20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control private, no-cache, proxy-revalidate, no-store pragma no-cache etag "8d3dafd6e71fdb1:0" accept-ranges bytes p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" content-length 42 date Fri, 01 Nov 2024 12:39:48 GMT content-type image/gif last-modified Wed, 16 Oct 2024 16:24:13 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET Redirect headers cache-control private, no-cache, proxy-revalidate, no-store location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0A34AE8F2A4369879A420C6D2C3E34&MUID=2A71B283C6526BF33B22A7A9C7D86A86 pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 2A3D02CC0E384F4EA19D11C3F6BB91AC Ref B: EWR311000108051 Ref C: 2024-11-01T12:39:48Z x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" content-length 0 date Fri, 01 Nov 2024 12:39:47 GMT x-powered-by ASP.NET
GET H2	200	main.MTJhNGMzN2YwMQ.js Show response analytics.tiktok.com/i18n/pixel/static/	342 KB 95 KB	20ms 20ms	Script application/javascript	23.212.249.5 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/main.MTJhNGMzN2YwMQ.js Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CQPLM2BC77UF32CPVDG0&lib=ttq Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.212.249.5 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-212-249-5.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 15bb0889ad69cbc01dce2d9a2df36be01b6ae97e0e57510dca89a56d095bf0d5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-cache TCP_MEM_HIT from a23-220-105-11.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-) vary Accept-Encoding cache-control public, max-age=31536000, immutable content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server-timing cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3 x-tt-trace-id 00-2410241235067F37014D38C0E74B9E48-5F19FE088E4BEC3A-00 content-length 96914 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/javascript; charset=UTF-8 x-tt-logid 202410241235067F37014D38C0E74B9E48 server nginx x-akamai-request-id 6a8dc9fd x-tt-trace-host 01389d7d867f97d8ca542db9978b9e93e23e697cd734251a5381ad38e04fbf76ca23a04111240ac389fc5cdd18797ecaeae26ed3824a9a1c8ec7d35c9da2ba9e6e7bc3f8ace1b3e80f5b3df1a27670486959d35923ce8293ff39326054b00edd0e
GET H2	200	A254030-1420-4f36-87b0-178a4806cb111.js Show response utt.impactcdn.com/	46 KB 20 KB	421ms 69ms	Script text/javascript	35.186.249.72 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://utt.impactcdn.com/A254030-1420-4f36-87b0-178a4806cb111.js Requested by Host: www.bitdefender.com URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 72.249.186.35.bc.googleusercontent.com Software UploadServer / Resource Hash 8ff77f902a2589dbc58ac28a0591769abfea679e63b8a74d751768fbee0e1431 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-goog-metageneration 1 content-encoding gzip x-goog-hash crc32c=4WERvw==, md5=IsTVimwircavxE0cuHsSTg== etag "22c4d58a6c22adc6afc44d1cb87b124e" age 274 x-goog-stored-content-encoding gzip expires Fri, 01 Nov 2024 12:40:14 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-goog-stored-content-length 19519 date Fri, 01 Nov 2024 12:35:14 GMT last-modified Fri, 20 Sep 2024 17:02:44 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding x-guploader-uploadid AHmUCY2yNCcfPjfjnILjFoASrgQPGA0cHYgu91NIgrlJifN60YBAg0vA0QnP5MPK-yFGZoWl5PlsNusMCQ cache-control public,max-age=900,s-maxage=300 x-goog-storage-class MULTI_REGIONAL accept-ranges bytes access-control-allow-origin * x-goog-generation 1726851764660991 content-length 19519 server UploadServer
GET H2	200	ipv cdn.bizible.com/	43 B 305 B	11ms 9ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=98cbd4cc67f24a6dac6d8cd9c5fd61a8&_biz_l=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&_biz_t=1730464788453&_biz_i=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&_biz_n=0&a=bitdefender.com&rnd=913828&cdn_o=a&_biz_z=1730464788455 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyd/D164) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 573864 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Fri, 01 Nov 2024 12:39:48 GMT content-type Image/GIF last-modified Fri, 25 Oct 2024 21:15:24 GMT server ECS (nyd/D164)
GET H2	200	u cdn.bizibly.com/	43 B 169 B	52ms 9ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=98cbd4cc67f24a6dac6d8cd9c5fd61a8&_biz_l=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&_biz_t=1730464788458&_biz_i=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&a=bitdefender.com&rnd=181991&cdn_o=a&_biz_z=1730464788458 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyd/D12D) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 573864 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Fri, 01 Nov 2024 12:39:48 GMT content-type Image/GIF last-modified Fri, 25 Oct 2024 21:15:24 GMT server ECS (nyd/D12D)
GET H2	200	identify_7bf75739.js Show response analytics.tiktok.com/i18n/pixel/static/	146 KB 39 KB	25ms 25ms	Script application/javascript	23.212.249.5 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTJhNGMzN2YwMQ.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.212.249.5 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-212-249-5.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-cache TCP_MEM_HIT from a23-220-105-11.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-) vary Accept-Encoding cache-control public, max-age=31536000, immutable content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server-timing cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4 x-tt-trace-id 00-2408300225309E26824450D79083B8CE-1327C1FD8211C43D-00 content-length 39446 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/javascript; charset=UTF-8 x-tt-logid 202408300225309E26824450D79083B8CE server nginx x-akamai-request-id 6a8dcb38 x-tt-trace-host 019419b9a709c8b41f0068c3018ade35a0fcc2ce1b9e410ca17f899d6d9523cf06330ff7d250e7d0d666e9f37a556e864f346ddd43f81760b574f2dc92c5f970917a93e0910e8faa33dea59cba558f35acc2dae2b73aba9dfd4be47ef45399fd18
POST H2	200	pixel analytics.tiktok.com/api/v2/	0 714 B	66ms 60ms	Ping text/plain	23.212.249.5 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTJhNGMzN2YwMQ.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.212.249.5 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-212-249-5.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitdefender.com/ Response headers access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE expires Fri, 01 Nov 2024 12:39:48 GMT server-timing inner; dur=37, cdn-cache; desc=MISS, edge; dur=9, origin; dur=41 x-cache TCP_MISS from a23-220-105-11.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-) date Fri, 01 Nov 2024 12:39:48 GMT x-akamai-request-id 6a8dcb59 access-control-allow-headers Authorization,* x-tt-trace-host 01805dd5b33f2fecd0b1907d90c6a9fae69966fe4271606a630baf7163c82094fe3b7785085197b435f4817ec28d1eef16795197b5d89d44061526ac4ee2050ecab0aa76a2184cc7394330df2a1d3978415a474f9194d1e31f5c315032d1f896c4 x-origin-response-time 41,23.220.105.11 cache-control max-age=0, no-cache, no-store pragma no-cache x-tt-trace-tag id=16;cdn-cache=miss;type=dyn access-control-allow-origin * x-tt-trace-id 00-241101123948091076371A8605F2725A-716B62C74BE6DA51-00 content-length 0 x-tt-logid 20241101123948091076371A8605F2725A server nginx
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_twxv2a69/	3 B 124 B	214ms 8ms	XHR application/json	151.101.129.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_twxv2a69/config Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=14400 content-encoding gzip via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 27 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json
GET H2	200	t2_twxv2a69_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	34ms 17ms	XHR application/json	2a04:4e42::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_twxv2a69_telemetry Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers cache-control max-age=300 nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-encoding gzip report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 98 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json vary Accept-Encoding,Origin server snooserv
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	211ms 7ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1730464788528&id=t2_twxv2a69&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=658a5cfa-603a-45bc-abe0-f8515a61a12c&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_49267bce&dpm=&dpcc=&dprc= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} retry-after 0 cross-origin-resource-policy cross-origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} via 1.1 varnish accept-ranges bytes content-length 42 date Fri, 01 Nov 2024 12:39:48 GMT content-type image/gif server Varnish
GET H2	200	sync s.company-target.com/s/ Frame 0836	0 0	173ms 20ms	Document text/html	34.96.71.22 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://s.company-target.com/s/sync?exc=lr Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/ee38c350.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 22.71.96.34.bc.googleusercontent.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.bitdefender.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers access-control-allow-methods GET,OPTIONS alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 634 content-type text/html; charset=UTF-8 date Fri, 01 Nov 2024 12:39:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google
POST H2	200	ip.json Show response api.company-target.com/api/v3/	491 B 1 KB	107ms 104ms	XHR application/json	13.249.39.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&page_title=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.249.39.123 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-249-39-123.iad89.r.cloudfront.net Software nginx / Resource Hash 4d9cffcc2365a3bd401c73a2d2e5f769c1730cdeb289dab56fe185ecd6279ec3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitdefender.com/ Response headers access-control-max-age 7200 access-control-expose-headers x-amz-cf-id content-encoding gzip identification-source CENTRAL access-control-allow-methods GET, POST, OPTIONS request-id f9bc1824-b1bd-4651-92a0-3a9d6f8162e6 expires Thu, 31 Oct 2024 12:39:48 GMT x-cache Miss from cloudfront x-amz-cf-id _uHCBPVwRh4RGjCljmFU0IwwxIUicPbNPOZHgotYyGxj7TQhyaGwZQ== date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json;charset=utf-8 vary Accept-Encoding, Origin access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache api-version v3 access-control-allow-credentials true via 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront) access-control-allow-origin https://www.bitdefender.com x-amz-cf-pop IAD89-C1 server nginx
POST H/1.1	204 No Content	collect Show response p.clarity.ms/	0 283 B	227ms 40ms	XHR text/plain	20.122.63.128 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://p.clarity.ms/collect Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept application/x-clarity-gzip Referer https://www.bitdefender.com/ Response headers Request-Context appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64 Access-Control-Allow-Origin https://www.bitdefender.com Date Fri, 01 Nov 2024 12:39:48 GMT Vary Origin Server nginx Connection keep-alive Access-Control-Allow-Credentials true
GET H2	200	xdc.js Show response cdn.bizible.com/	111 B 320 B	35ms 34ms	Script text/javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=98cbd4cc67f24a6dac6d8cd9c5fd61a8&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.10.17&a=bitdefender.com Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyd/D132) / Resource Hash 5fab1b78f9ae87afca760149333302f6f8f29129c8babdb6e2c3b2af16bdad59 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSub cache-control private, must-revalidate, max-age=21600 content-encoding gzip etag D8B44512 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 214 date Fri, 01 Nov 2024 12:39:48 GMT content-type text/javascript; charset=utf-8 vary Accept-Encoding server ECS (nyd/D132)
POST H2	200	mon Show response obseu.ofgreencolumn.com/	0 16 B	95ms 93ms	XHR application/json	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/mon Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers access-control-allow-origin https://www.bitdefender.com content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE
GET H3	200	209580512574099 Show response connect.facebook.net/signals/config/	67 KB 13 KB	16ms 15ms	Script application/x-javascript	2a03:2880:f003:c0e:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/209580512574099?v=2.9.175&r=stable&domain=www.bitdefender.com&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ef2b27fbbe48121be519872d01190bad49d11b87c9c0918b68db67fea7275a74 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-qNlAPL46' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding gzip report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} x-content-type-options nosniff expires Sat, 01 Jan 2000 00:00:00 GMT alt-svc h3=":443"; ma=86400 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" priority u=3,i x-frame-options DENY strict-transport-security max-age=31536000; preload; includeSubDomains reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" content-security-policy default-src 'self' data: blob: *;script-src 'nonce-qNlAPL46' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; cache-control public, max-age=1200 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups x-fb-connection-quality EXCELLENT; q=0.9, rtt=13, rtx=0, c=77, mss=1232, tbw=70804, tp=67, tpl=0, uplat=1, ullat=-1 pragma public x-fb-debug 34baj1+ucQQ007DoMpq2JUi3Gs5PE2chFqJdiqte9YYPCH8bYF2AYgZVjhe1p9XR0j5Btb/adAZi3AC7QM4nYg== cross-origin-resource-policy cross-origin permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" document-policy force-load-at-top content-length 13348 x-xss-protection 0 origin-agent-cluster ?1
GET H2	200	u cdn.bizible.com/	43 B 86 B	10ms 9ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/u?mapType=ecid&mapValue=0E920C0F53DA9E9B0A490D45%40AdobeOrg_30574887377667846902907207561215757371&_biz_u=98cbd4cc67f24a6dac6d8cd9c5fd61a8&_biz_l=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&_biz_t=1730464788460&_biz_i=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&_biz_n=1&a=bitdefender.com&rnd=673754&cdn_o=a&_biz_z=1730464788577 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyd/D12D) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSub cache-control no-cache, no-store pragma no-cache age 573864 expires -1 accept-ranges bytes x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-length 43 date Fri, 01 Nov 2024 12:39:48 GMT content-type Image/GIF last-modified Fri, 25 Oct 2024 21:15:24 GMT server ECS (nyd/D12D)
POST H2	200	mon Show response obseu.ofgreencolumn.com/	0 16 B	95ms 93ms	XHR application/json	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/mon Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers access-control-allow-origin https://www.bitdefender.com content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT content-type application/json access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE
GET H2	200	bg9s Show response tag-logger.demandbase.com/	0 419 B	118ms 21ms	XHR text/html	2600:9000:2009:d000:1d:8d6d:3b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=_uHCBPVwRh4RGjCljmFU0IwwxIUicPbNPOZHgotYyGxj7TQhyaGwZQ==&api-version=v3 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2009:d000:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers x-amz-version-id 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH etag "d41d8cd98f00b204e9800998ecf8427e" age 27083 x-cache Error from cloudfront x-amz-cf-id tKmVxOu_NAJ7ZkkxXEvnFCbVanCKgz60E87AW5n9tBge0BI2JLq88A== date Fri, 01 Nov 2024 05:08:26 GMT content-type text/html vary accept-encoding last-modified Tue, 07 Mar 2023 20:47:02 GMT via 1.1 de8f46f8f922c244bbc7d8b62cc964e8.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 0 x-amz-cf-pop IAD66-C2 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	/ www.facebook.com/tr/	0 274 B	74ms 13ms	Image text/plain	2a03:2880:f103:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=209580512574099&ev=PageView&dl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&rl=&if=false&ts=1730464788735&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=4126&fbp=fb.1.1730464788730.592264131428556896&ler=empty&cdl=API_unavailable&it=1730464788573&coo=false&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-fb-connection-quality EXCELLENT; q=0.9, rtt=11, rtx=0, c=10, mss=1328, tbw=2953, tp=-1, tpl=-1, uplat=0, ullat=0 cross-origin-resource-policy cross-origin access-control-allow-credentials true access-control-allow-origin alt-svc h3=":443"; ma=86400 content-length 0 date Fri, 01 Nov 2024 12:39:48 GMT content-type text/plain server proxygen-bolt
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 3 KB	163ms 103ms	Image image/png	2a03:2880:f103:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=209580512574099&ev=PageView&dl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&rl=&if=false&ts=1730464788735&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=4126&fbp=fb.1.1730464788730.592264131428556896&ler=empty&cdl=API_unavailable&it=1730464788573&coo=false&rqm=FGET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://www.bitdefender.com/ Response headers content-encoding zstd report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7432289673173469401"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} x-content-type-options nosniff expires Sat, 01 Jan 2000 00:00:00 GMT alt-svc h3=":443"; ma=86400 date Fri, 01 Nov 2024 12:39:48 GMT content-type image/png vary Accept-Encoding x-fb-debug 8N/BFXbkmXv0DRy/UpQBhB3vedsjhiuzMHTa6YzRNDFH2Fw8E1zzerKyZjeV7juzfm6RFkFXNyhFyvzFgecEHw== x-frame-options DENY strict-transport-security max-age=15552000; preload reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7432289673173469401", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; cache-control private, no-store, no-cache, must-revalidate x-fb-connection-quality EXCELLENT; q=0.9, rtt=12, rtx=0, c=15, mss=1328, tbw=3271, tp=-1, tpl=-1, uplat=88, ullat=0 cross-origin-opener-policy same-origin-allow-popups pragma no-cache cross-origin-resource-policy cross-origin permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" document-policy force-load-at-top x-xss-protection 0 origin-agent-cluster ?0
POST H/1.1	204 No Content	collect Show response p.clarity.ms/	0 283 B	110ms 80ms	XHR text/plain	20.122.63.128 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://p.clarity.ms/collect Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept application/x-clarity-gzip Referer https://www.bitdefender.com/ Response headers Request-Context appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64 Access-Control-Allow-Origin https://www.bitdefender.com Date Fri, 01 Nov 2024 12:39:48 GMT Vary Origin Server nginx Connection keep-alive Access-Control-Allow-Credentials true
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 875 B	61ms 59ms	Ping text/plain	23.212.249.5 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTJhNGMzN2YwMQ.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.212.249.5 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-212-249-5.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://www.bitdefender.com/ Response headers x-cache-remote TCP_MISS from a23-220-106-132.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-2fb65fbfa7ad4f98bbb706cf20e2b5f6) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE expires Fri, 01 Nov 2024 12:39:48 GMT server-timing cdn-cache; desc=MISS, edge; dur=12, origin; dur=26, inner; dur=17 x-cache TCP_MISS from a23-220-105-11.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-) date Fri, 01 Nov 2024 12:39:48 GMT x-akamai-request-id 3f42900c.6a8dce8f access-control-allow-headers Authorization,* x-tt-trace-host 01805dd5b33f2fecd0b1907d90c6a9fae67cf9a6d90eaefcda703ae02f02855308ab100f99fe756e857bbd02e9717033e4818a4f74a383f708fab9330e8039401d7b15c812bc249e8afea3018c8d47db122b208184f792164f4adab8b5406b1949f51580e9d4087c0a61db12254ea167da x-origin-response-time 26,23.220.106.132 cache-control max-age=0, no-cache, no-store pragma no-cache x-tt-trace-tag id=16;cdn-cache=miss;type=dyn access-control-allow-origin * x-tt-trace-id 00-24110112394899FA86F8D97498F2419A-38A1741F762D16F3-00 content-length 0 x-parent-response-time 29,23.220.105.11 x-tt-logid 2024110112394899FA86F8D97498F2419A server nginx
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 200 B	31ms 28ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.bitdefender.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept * Content-Type text/plain;charset=UTF-8 Response headers linkedin-action 1 x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: BFD4F23E13FF4E589CDB253B5BA64504 Ref B: EWR311000106017 Ref C: 2024-11-01T12:39:48Z x-li-fabric prod-lva1 access-control-allow-credentials true x-li-uuid AAYl2TsLZDa+YVO3Z/zL4w== x-li-proto http/2 access-control-allow-origin https://www.bitdefender.com x-cache CONFIG_NOCACHE date Fri, 01 Nov 2024 12:39:48 GMT vary Origin
POST H2	200	mon Show response obseu.ofgreencolumn.com/	0 39 B	96ms 94ms	XHR application/json	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/mon Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers access-control-allow-origin https://www.bitdefender.com content-length 0 date Fri, 01 Nov 2024 12:39:49 GMT content-type application/json access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE
POST H2	200	mon Show response obseu.ofgreencolumn.com/	0 39 B	96ms 93ms	XHR application/json	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/mon Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers access-control-allow-origin https://www.bitdefender.com content-length 0 date Fri, 01 Nov 2024 12:39:50 GMT content-type application/json access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE
POST H/1.1	204 No Content	collect Show response p.clarity.ms/	0 283 B	29ms 28ms	XHR text/plain	20.122.63.128 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://p.clarity.ms/collect Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept application/x-clarity-gzip Referer https://www.bitdefender.com/ Response headers Request-Context appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64 Access-Control-Allow-Origin https://www.bitdefender.com Date Fri, 01 Nov 2024 12:39:50 GMT Vary Origin Server nginx Connection keep-alive Access-Control-Allow-Credentials true
POST H2	200	mon Show response obseu.ofgreencolumn.com/	0 39 B	102ms 93ms	XHR application/json	2a05:d018:56f:b802:834:8d0e:be2f:5ebe AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://obseu.ofgreencolumn.com/mon Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=bitdefender.com Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer https://www.bitdefender.com/ Response headers access-control-allow-origin https://www.bitdefender.com content-length 0 date Fri, 01 Nov 2024 12:39:52 GMT content-type application/json access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE