www.sygnia.co Open in urlscan Pro
2606:4700:3108::ac42:286e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Submission: On July 31 via api (July 31st 2024, 7:14:52 am UTC) from IN — Scanned from DE

Summary HTTP 82 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 25 domains to perform 82 HTTP transactions. The main IP is 2606:4700:3108::ac42:286e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.sygnia.co.
TLS certificate: Issued by E6 on June 7th 2024. Valid for: 3 months.

This is the only time www.sygnia.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2606:4700:310... 2606:4700:3108::ac42:286e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2400:52e0:1e0... 2400:52e0:1e00::1080:1	60068 (CDN77 _) (CDN77 _)
1	104.18.141.119 104.18.141.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:89d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1	172.217.18.99 172.217.18.99	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
3	23.35.237.86 23.35.237.86	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:267... 2600:9000:2670:4600:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	64.202.112.159 64.202.112.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	3.127.196.46 3.127.196.46	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	13.74.129.1 13.74.129.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.152.143.207 52.152.143.207	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
82	30

14 2606:4700:3108::ac42:286e (United States)

ASN13335 (CLOUDFLARENET, US)

www.sygnia.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2400:52e0:1e00::1080:1 (Germany)

ASN60068 (CDN77 _, GB)

sygnia.b-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.141.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89d1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.99 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f99.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.237.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-86.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:4600:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.74.129.1 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.152.143.207 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

o.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	b-cdn.net sygnia.b-cdn.net	778 KB
14	sygnia.co www.sygnia.co	2 MB
7	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 9382 forms-na1.hsforms.com — Cisco Umbrella Rank: 15115 perf-na1.hsforms.com — Cisco Umbrella Rank: 8524	7 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1114 c.clarity.ms — Cisco Umbrella Rank: 1838 o.clarity.ms — Cisco Umbrella Rank: 12757	28 KB
5	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 8139 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8074 track.hubspot.com — Cisco Umbrella Rank: 5359	28 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 4363 tr.outbrain.com — Cisco Umbrella Rank: 4248 wave.outbrain.com — Cisco Umbrella Rank: 4246	10 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	2 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5067	21 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 534 c.bing.com — Cisco Umbrella Rank: 341	17 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	397 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 44158	45 KB
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 46721	1 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	723 B
1	t.co t.co — Cisco Umbrella Rank: 979	377 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7189	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5135	24 KB
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 38565	1 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6716	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	253 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3773
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	2 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 5414	1 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 14516	156 KB
82	25

	Domain	Requested by
17	sygnia.b-cdn.net	www.sygnia.co sygnia.b-cdn.net
14	www.sygnia.co	www.sygnia.co
4	forms-na1.hsforms.com	www.sygnia.co js.hsforms.net
4	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
4	www.googletagmanager.com	www.sygnia.co www.googletagmanager.com
3	track.hubspot.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.sygnia.co
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	x.clearbitjs.com	tag.clearbitscripts.com
2	tr.outbrain.com	amplify.outbrain.com
2	amplify.outbrain.com	www.googletagmanager.com amplify.outbrain.com
2	forms.hsforms.com	js.hsforms.net
1	o.clarity.ms	www.clarity.ms
1	c.bing.com	1 redirects
1	app.clearbit.com	x.clearbitjs.com
1	perf-na1.hsforms.com	www.sygnia.co
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	px4.ads.linkedin.com	www.sygnia.co
1	wave.outbrain.com	amplify.outbrain.com
1	analytics.twitter.com	www.sygnia.co
1	t.co	www.sygnia.co
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	www.google.de	www.sygnia.co
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	cdnjs.cloudflare.com	sygnia.b-cdn.net
1	js.hs-scripts.com	www.sygnia.co
1	js.hsforms.net	www.sygnia.co
82	35

This site contains links to these domains. Also see Links.

Domain
securelist.com
www.linkedin.com
twitter.com

Subject Issuer	Validity	Valid
www.sygnia.co E6	`2024-06-07` - `2024-09-05`	3 months	crt.sh
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA	`2023-11-05` - `2024-11-11`	a year	crt.sh
hsforms.net WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh
hs-scripts.com WE1	`2024-07-29` - `2024-10-27`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.de WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hs-banner.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
hsadspixel.net E6	`2024-06-14` - `2024-09-12`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-16`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-02-15` - `2025-03-16`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Frame ID: 3337B0C25EB6D2EB0712D873BCD9D04D
Requests: 115 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ghost Emperor Hacker Uses Demodex Rootkit to Attack | Sygnia

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

82
Requests

98 %
HTTPS

55 %
IPv6

25
Domains

35
Subdomains

30
IPs

6
Countries

3179 kB
Transfer

5559 kB
Size

28
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
Title: blog

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sygnia

Search URL Search Domain Scan URL

URL: https://twitter.com/sygnia_labs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2&e_ipv6=AQKtj5iqYs-wDwAAAZEHpDMh0X1je0S9eI8fJO1aDoa_fvrBCqB6TWP1bTvYT7KK7JqfAgIZbSFuZA

Request Chain 111

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=787775A2B34E4220BFD9DF05173B1F83&RedC=c.clarity.ms&MXFR=3E5FBAE355F56DFB095FAE2E51F563ED HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=787775A2B34E4220BFD9DF05173B1F83&MUID=3B0E32CB8D136937110926068CB96873

82 HTTP transactions
34 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.sygnia.co/blog/ghost-emperor-demodex-rootkit/ 212 KB
29 KB 709ms
657ms Document
text/html 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

2d3065183d4babeb7c5b26a3803d705f6d3615c925751a6125648ab3d1433ac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8abbcb1b59ec3a5a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 31 Jul 2024 07:14:46 GMT
link: <https://www.sygnia.co/wp-json/>; rel="https://api.w.org/" <https://www.sygnia.co/wp-json/wp/v2/posts/3590>; rel="alternate"; type="application/json" <https://www.sygnia.co/?p=3590>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvqBEB2dw7uCGc9nOP5CoQG%2FYdHoywlNvnFkPwaplRXIB30ZL3bhK4cq66sIiqbujDHbTii7pkFLBYcwq%2BbI3VhMeATA%2FjS%2BL4PzCN9T6Hr0QREn6HpBFU6P2I52wogcSh4uC6ZjiGKxqPo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 2
x-cache-group: normal
x-cacheable: SHORT
x-frame-options: DENY
x-powered-by: WP Engine

GET
H2 200 style.min.css
sygnia.b-cdn.net/wp-includes/css/dist/block-library/ 111 KB
16 KB 128ms
44ms Stylesheet
text/css 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-includes/css/dist/block-library/style.min.css?ver=cdbee9a87da02e41ab2cf1c32a74dad3
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: MISS
cdn-edgestorageid: 1081
cdn-cachedat: 06/26/2024 08:06:46
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Mon, 24 Jun 2024 11:26:05 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667957cd-1bae5"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: b353c53e4100788856605e77aeecd96d
cf-ray: 899bb328ddad68fe-FRA
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 style.css
sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/ 8 KB
3 KB 148ms
63ms Stylesheet
text/css 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/style.css?ver=1722245192

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

389204d6a74b95878e682e9e289a1bfd6ce3322bed4281d56cc37bcae9b6dab2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
cdn-edgestorageid: 1081
cdn-cachedat: 07/18/2024 12:05:17
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Wed, 17 Jul 2024 13:36:48 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6697c8f0-1ed6"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: c1abd185a55f9d9354e5aed6c59a2f70
cf-ray: 8a5256cf786b2c51-FRA
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 start.css
sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/ 32 KB
7 KB 113ms
29ms Stylesheet
text/css 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/start.css?ver=1722245192
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 589e247b78ef6f81b8af0e15e689bdc98f722d18514a67f7d8f06d3d9d20ff0f

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: MISS
cdn-edgestorageid: 1080
cdn-cachedat: 06/26/2024 08:06:46
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Wed, 26 Jun 2024 07:46:47 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667bc767-80e1"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: bba2be89b483601b21249109f5b121fa
cf-ray: 899bb3290df03a76-FRA
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 vendor.css
sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/ 79 KB
14 KB 125ms
42ms Stylesheet
text/css 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/vendor.css?ver=1722245192
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: beb3d3261844647f8ad40783030656786f17ac89edcdf556f2e232bc6ac5656e

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: MISS
cdn-edgestorageid: 1081
cdn-cachedat: 06/26/2024 08:06:47
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Wed, 26 Jun 2024 07:46:47 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667bc767-13a7a"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7e7f8b6edc4951035351a4612f201852
cf-ray: 899bb32d9a029299-FRA
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 main.css
sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/ 415 KB
56 KB 108ms
25ms Stylesheet
text/css 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: c66f94d92b2c733bdcd43fadc9da19fe164bc9f44758d92911d231830af14fc9

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: MISS
cdn-edgestorageid: 1079
cdn-cachedat: 06/26/2024 08:06:47
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Wed, 26 Jun 2024 07:46:47 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667bc767-67c2a"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: e24c36d39fe58fd49f29ed7c2069807d
cf-ray: 899bb32dca1a5d88-FRA
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
sygnia.b-cdn.net/wp-includes/js/jquery/ 86 KB
31 KB 28ms
28ms Script
application/javascript 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: HIT
cdn-edgestorageid: 1081
age: 157324
cdn-cachedat: 06/26/2024 08:02:22
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Mon, 24 Jun 2024 11:26:04 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667957cc-15601"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: 645c3798e00ef8a210ed0e25169786a0
cf-ray: 899bacbbb8dd30c6-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery-migrate.min.js Show response
sygnia.b-cdn.net/wp-includes/js/jquery/ 13 KB
5 KB 22ms
22ms Script
application/javascript 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: HIT
cdn-edgestorageid: 1079
age: 157324
cdn-cachedat: 06/26/2024 08:02:22
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Mon, 24 Jun 2024 11:26:04 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667957cc-3509"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: 9f05bfc2472a07517e0d98c41351e54a
cf-ray: 899bacbc0d374d9d-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 483 KB
156 KB 72ms
43ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f448091ffb8bf95d1e8982f5967cf2fa233086f7ec618e21db785e83d42730a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 80
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5697/bundles/project-v2.js&cfRay=8abbc92e8dfd18fb-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c3acce865ec7befed636b13488913fba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5697/bundles/project-v2.js
date: Wed, 31 Jul 2024 07:14:46 GMT
x-amz-version-id: uLAG2OEm9KisMZQZCwgvQjjoaQdq8CGL
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: c28009c7-faf7-4e74-b001-8490b57d6b72
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: c28009c7-faf7-4e74-b001-8490b57d6b72
last-modified: Mon, 29 Jul 2024 13:09:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESMqBTvNDT1j5AGL1VDWC%2FozZlOZPSACpP6e6SyiDXXqOl2%2FVf%2F7Q9ZgDTywFFHqcsawkvHZPGc7W%2FeVOTFvdJnWLAJzva24NG2VE7FuNicfHYUeAeAXiy4GqTD8s6la"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-kt4hg
cf-ray: 8abbcb1fb8483625-FRA
x-amz-cf-id: loLv9dICkJc_TH4Fr0BlEppOzCymTTVpzDm6YvN73V4A2HlBKsYtjw==

GET
H2 200 8776530.js Show response
js.hs-scripts.com/ 2 KB
1 KB 250ms
182ms Script
application/javascript 2606:4700::6810:89d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/8776530.js

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:89d1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a960190b683ce8f241308c9f6c411474f61450a3e89594102961e45da9ca4e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 064b1118-01db-4c2c-ae0f-728f52a53ce6
x-envoy-upstream-service-time: 5
content-length: 634
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 064b1118-01db-4c2c-ae0f-728f52a53ce6
last-modified: Wed, 31 Jul 2024 07:14:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.sygnia.co
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-6vzgw
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 8abbcb2148c05d59-FRA
expires: Wed, 31 Jul 2024 07:16:16 GMT

GET
H2 200 main_logo.svg
www.sygnia.co/wp-content/uploads/2024/01/ 2 KB
1 KB 52ms
50ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/uploads/2024/01/main_logo.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d635cb5df71d3b41ecf01e08f469d63957b1f4eaa39944e9787e0a267ae22c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 580098
last-modified: Wed, 17 Jul 2024 12:54:18 GMT
server: cloudflare
etag: W/"6697befa-6c1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ko5wQ6KZp%2F%2BLnc%2FToLu2Xcwb5epp1MKAQ39gUZ12Q55dXET9Aga2Ym5Hdm3iOI2yWa5Xfiti3uOJIk0UORIJvFv3AM1919qpzUWeT69TDOfrnJWiYY%2F3jivB3Pw3mvbLVdfIpxoWWSvjhzU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb1f98b13a5a-FRA

GET
H2 200 icon_info.svg
www.sygnia.co/wp-content/uploads/2024/01/ 274 B
522 B 49ms
46ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/uploads/2024/01/icon_info.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

482bfcc25fc36b5ca7cfdbb76380da0a6df7000a0c238edfaa82b1dfaa0d8526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 556472
last-modified: Wed, 17 Jul 2024 12:54:18 GMT
server: cloudflare
etag: W/"6697befa-112"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DM45s31X%2FS1qQtckqNkLN6GfU6VgHQZubUBh9bW8gD%2FM80eM8MmmM1khRJwcBBOfbuDJm63DW4%2FktfMxrDdovWWjIa17oQq8ilXniTpbsuuZ3MJSXQHSTRVECP%2BKJufOCgFojzUDyT2KKnE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea6f3a5a-FRA

GET
H2 200 share_item_facebook.svg
www.sygnia.co/wp-content/themes/sygnia-theme/images/ 284 B
565 B 47ms
45ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_facebook.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab45f33a794552f8e14ae66eaf6af4ba0bd9f1cc02896012ff4968fad5a9713b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 187793
last-modified: Wed, 17 Jul 2024 12:54:19 GMT
server: cloudflare
etag: W/"6697befb-11c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LUU4GAHs7Smpe7%2F%2Bsr%2F7B7LJpZMsSTX1hWWowOo00YEvxka%2BQhMI%2Bwjb8HLPvfLcBqgoLafQ3O0GcEMZ%2FVNNuRCV7PvgY83Pcl1E%2BV6JRXb074gp9aFv6IJWSsonXs3ENK2JY5L4d%2FsrumE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea753a5a-FRA

GET
H2 200 share_item_x.svg
www.sygnia.co/wp-content/themes/sygnia-theme/images/ 321 B
621 B 701ms
699ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_x.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bf0b35b5dce9e77690dafd5e5ea233b31e02101cc6a73f5d0416ac114792e35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 29 Jul 2024 09:22:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66a75f4d-141"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8z%2Fkedl%2FsFHD%2BwYQ06wCrn%2Bntn4wockc4SMhsG%2BsH4hH%2Bs8ng9l%2BEK%2BJkRzj7HzrLJjN3eHKmlNXmWt4GRfkgecV38USWFQEQsoxSLRqcDDBj2w08yDgggRE%2Bp5hVPhHvoCWjF1T0FwRHrA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea763a5a-FRA

GET
H2 200 share_item_linkedin.svg
www.sygnia.co/wp-content/themes/sygnia-theme/images/ 516 B
742 B 50ms
48ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_linkedin.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88934ea7e6d53babd8bae2f0d386a9a8f40104b1fdd9c52e7a62cfe15bb47b63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 187793
last-modified: Wed, 17 Jul 2024 12:54:19 GMT
server: cloudflare
etag: W/"6697befb-204"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hx37XUp%2Fej7aV4nHc2K7Fk5aJEv7Qw%2Ba%2FKiamaJbKyyYhb0IKlRK0U2YwKuY2e4jtG2PcXWGtPNGHxJuBgznxz0DEhFCWxDXWj3hZEDk6mJZAqC14Ck3P1A4CDQojeebo0vWZ%2FtU1OyVVnE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea793a5a-FRA

GET
H2 200 share_item_mail.svg
www.sygnia.co/wp-content/themes/sygnia-theme/images/ 319 B
546 B 45ms
43ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/themes/sygnia-theme/images/share_item_mail.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da53520a115493051abcf091908a7515afea76d2c9a707a0493f2021cafd20a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 187793
last-modified: Wed, 17 Jul 2024 12:54:19 GMT
server: cloudflare
etag: W/"6697befb-13f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=imvxBoazFYKZnNGRyGpmxCLNUBxpkgv0JvSQZxwj0mnpxvgODovlRhxV6fs%2FlceHSwo1SEwMm3Ac7kPU30NPuP3%2B76%2FIL0ZfODoU%2B2T2u42xY3UY7UMym1PKOwZhKzxKyQVEIM6bgA4b7SE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea7a3a5a-FRA

GET
H2 200 email-decode.min.js Show response
www.sygnia.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 28ms
27ms Script
application/javascript 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sygnia.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:35:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"669fdbbe-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FQxEOkK5haXFH%2BTh4tzZSppkDDJSGkzB%2BNpCQLi4DG1tIekmvI4KOB4f4xfCU7YJATmplZgvlk%2BLEsZEUWzBsTW0A1Iqb%2BZerwevQgU%2BKpJhoAjsNNBLSG%2BXm6xeZdhp%2Bn3lmX5LaoZGYPc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8abbcb1f98b63a5a-FRA
expires: Fri, 02 Aug 2024 07:14:46 GMT

GET
H2 200 article_card_lines_decor.svg
www.sygnia.co/wp-content/themes/sygnia-theme/images/ 5 KB
1 KB 63ms
52ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/themes/sygnia-theme/images/article_card_lines_decor.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03f49a978258eb1f89518f68f6ece0bdf3dde0344349569ee8817b36e7189876

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 187795
last-modified: Wed, 17 Jul 2024 12:54:19 GMT
server: cloudflare
etag: W/"6697befb-12a6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NB2UYfV35fi7tgNd8HJ30OYsPlKTKj9%2B2Y6fC6WVpr%2BhObGVjOwH9KCAdXHbTexFfmTT73pzN%2FgiRgkO4kN3dLw7f9d3YQqC9RCiqgXHR6vd8bUWrc6r7DyyeFkG3TySk1XfIVumUZFCUAA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb1ff9403a5a-FRA

GET
H2 200 social_linkedin_white.svg
www.sygnia.co/wp-content/uploads/2024/05/ 530 B
649 B 58ms
56ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/uploads/2024/05/social_linkedin_white.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6783e593b49bb9261e7639dea5b37b3bbe225c4b3827310940ce752b3b6add

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 556472
last-modified: Wed, 17 Jul 2024 12:54:13 GMT
server: cloudflare
etag: W/"6697bef5-212"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sXQVuKA5eFuiP%2FvFryTDPkQF0VGAAU%2BoTQAIg95gJLyGs6MJR%2BKV9fz2N65wZdHscZc4M2UjzJGsrsLnXvggj62zYeK6fFZ23tgNWrVJFRhyabS2HKvAHKO2Zsif0btP3SQz66%2FvM74cLm4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea7e3a5a-FRA

GET
H2 200 social_x_white.svg
www.sygnia.co/wp-content/uploads/2024/05/ 346 B
594 B 54ms
52ms Image
image/svg+xml 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/uploads/2024/05/social_x_white.svg

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60951d4152b680cf26897b16cf061939b15b33e76066bdaea8a8398703ee5d19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 580097
last-modified: Wed, 17 Jul 2024 12:54:13 GMT
server: cloudflare
etag: W/"6697bef5-15a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MSfsMRyVu5YdZsKYyAGMMsfESwwOVBQALYfKgF46h2hkA9lA83NqhraV8aByl%2FQafrpGXO0%2FxSyuyIlBckzpIJqPQuVEhKsXnqWPm1RYxMs%2FDuIl89tYjHwFqV6%2FZBcnoakVbYb1Sc%2BVE4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
cf-ray: 8abbcb20ea7f3a5a-FRA

GET
H2 200 jquery.selectric.min.js Show response
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/ 14 KB
5 KB 32ms
30ms Script
application/javascript 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/jquery.selectric.min.js?ver=1.0.94
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 570131c06e2b9e41ab9917ab39ecb6bbb063c2433abbaff89ea3335c7bd7d5ee

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: HIT
cdn-edgestorageid: 1082
age: 10333
cdn-cachedat: 06/26/2024 08:02:23
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Mon, 24 Jun 2024 11:26:14 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667957d6-384b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: 0eab72d4eff9935c1b89c6221372f4b9
cf-ray: 899bacc0cb953837-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery.mCustomScrollbar.concat.min.js Show response
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/ 39 KB
12 KB 29ms
27ms Script
application/javascript 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/scripts/jquery.mCustomScrollbar.concat.min.js?ver=1.0.94
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 3ac859f905d1e38eed93ebb76953499f9078693adfeb41668915a47e4acebb1e

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
cf-cache-status: HIT
cdn-edgestorageid: 1079
age: 157325
cdn-cachedat: 06/26/2024 08:02:23
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Mon, 24 Jun 2024 11:26:14 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"667957d6-9cae"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: 14e2834c1db2b171ca501d1b0b252173
cf-ray: 899bacc0aae54d9d-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 lazyload.min.js Show response
sygnia.b-cdn.net/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
4 KB 31ms
30ms Script
application/javascript 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://sygnia.b-cdn.net/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
cdn-edgestorageid: 1081
age: 926221
cdn-cachedat: 07/21/2024 18:13:09
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Wed, 10 Jul 2024 13:24:23 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"668e8b87-22bc"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: b97e581d8886d6ff5e60a55c7b7d3592
cf-ray: 8a6d29ce284c3808-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 333 KB
107 KB 127ms
71ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

97fd7002c3f56c65408c46fe3b8a0696c928ec29da9a197db8e4dbd51a8caaa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109872
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 31 Jul 2024 07:14:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 336 KB
108 KB 96ms
41ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bfc661ee18709b1578f2ef0bfa58e12782fbd4caee588245331ff001ca7de3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110547
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 31 Jul 2024 07:14:46 GMT

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: acfaaf62bff0119246c65258ed4eddfff3758441c562b3726627e377d6939118

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55f2070c8b70a278df0a01dfdae3f5a93b0a18487cf1259ea874862980e16e4f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a523c7a11a8ae5b1c33232c7a1522f9f0f82aeb0ce357861e9cda197182299d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5580d46d80a0fc3b81e22b5f7c82a42435c04d5b7817586034145a22798c44c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7eea271ac12ff6eedb436dd5243bad87e3650ed0130edf791c1715c5c52e0238

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a79ab27932539f962adfc0ddeafa76ead563e75fdfab0cdb8b9dbc5051920fdd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0822174f1245d688147a792a6a8763b45ecddabff93fb1fe2353921e7798a6f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33f6f08e5af1be365855243892c9236b59b9500d1fbc2ba8fc2ad0828ae9aaf5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60c3a2ff2748a6e23648e55e965aaa4c9a12a2a27d23a86ee68071ce60edd24e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6004cc3ebe58ae4014aff5bafabee6510527938fb5005c127c55f14ba1f860fc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b2d970ace9c1edeb4a41375002d382ab596775b362c7544d8e93a0ba496e16

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b3051b7c441a1b36a48e665ba9776d6f072d9edf8468d0865cead0cc5ba8cf7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09fd5271feb2529d52b6022583773161a3d75c8878a43c7420ac8e6eff88c380

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a42ae76d76d68601c7dcd9459108402c88c9e1c47fcf51995ad69d0c9b7eac0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a618c3a73198596bfcd32f002b917508f3b897c456a7f30eac27f90e1abd4b07

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52159cd23e4772dfb80bd92e3d5da72a09bfc6cc3598cc76b34f2f75bf709ce1

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f2b2fe1fd99a02d71973dff2ad40e9b4ebbd0a90cd646be2914d66ae4b9efe4

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66b18f55d52bd73ce40f783a0d028aa94cd441b3a1eb874fbc132b2e27f4c455

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2899b0bf1e6531f0eed6e5d22d038618b596d4cf77ab3509f61ba4400eeab1f0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d831a9404aeac74687f51307469c3f403ea6ae2e4d8b9edfd649202da438da0d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 697b927f8e0617dfbcf2299023a57f4b6e98ed88ed692deaa5533b9eaeb7316b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efb458a0104ae400a4388bd5bc3842b8aa2b01291fc05399a6a5cb3f907e397d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 253 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8746996314732452443328c9005778a65f59fb3ce23886256f4ce5cc826f36cf

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 685 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6363e009d5233d3a07b75315cea4838f87d86cedef07bc9e7b2fe80b4b6707f3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a6d94bba3091f01e612c8a679efbb3eb688b7d20da216fa254a92cecd6572865

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04ecc921a16e8836f1479f6b04e16114c1273410eda3be11428581d344afbfdd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 article_card_lines_decor_huge.svg
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/images/ 5 KB
1 KB 23ms
22ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/images/article_card_lines_decor_huge.svg

Requested by

Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

b9859c9773072556f0e8de582865e66fc2ee3a01853385e9b44c3e3a1fa652ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: MISS
cdn-edgestorageid: 1080
cdn-cachedat: 07/12/2024 21:25:31
cdn-pullzone: 2091526
alt-svc: h3=":443"
last-modified: Wed, 10 Jul 2024 13:24:22 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"668e8b86-1268"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: e61cbfd44b0c2c798f2a14fee83b7d8d
cf-ray: 8a241b344a843a88-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ATFFranklinGothic-Medium.otf
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ 97 KB
98 KB 82ms
40ms Font
application/octet-stream 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Medium.otf
Requested by: Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 5d47d588556711a601728fc8a6d02c6b4fe8069210b411d2408359fee9a2ed6f

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
cf-cache-status: MISS
cdn-edgestorageid: 1079
cdn-cachedat: 06/26/2024 08:06:53
cdn-pullzone: 2091526
alt-svc: h3=":443"
content-length: 99492
last-modified: Mon, 24 Jun 2024 11:26:14 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "667957d6-184a4"
content-type: application/octet-stream
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: d8b3ec1cee8ba29dead9cf6d73af44c8
accept-ranges: bytes
cf-ray: 899bb351ba895d67-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ATFAlternateGothic-Medium.otf
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ 132 KB
133 KB 82ms
41ms Font
application/octet-stream 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFAlternateGothic-Medium.otf
Requested by: Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 7d3d1b5a7db60fd338b0765356fd2813d0d6d9600639845d645c49e2c61e5bf8

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
cf-cache-status: HIT
cdn-edgestorageid: 1079
age: 10964
cdn-cachedat: 06/26/2024 08:12:55
cdn-pullzone: 2091526
alt-svc: h3=":443"
content-length: 135264
last-modified: Mon, 24 Jun 2024 11:26:15 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "667957d7-21060"
content-type: application/octet-stream
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: b3f7b063e5166a105cfa4696ad5e06d7
accept-ranges: bytes
cf-ray: 899bbc2dccae9036-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ATFFranklinGothic-Regular.otf
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ 94 KB
95 KB 105ms
63ms Font
application/octet-stream 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Regular.otf

Requested by

Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

d893fa560a64242185cfccd40f02e2267432daab306ca89dc8e4176b62d9cf3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
cdn-edgestorageid: 1081
age: 800879
cdn-cachedat: 07/23/2024 12:56:05
cdn-pullzone: 2091526
alt-svc: h3=":443"
content-length: 96116
last-modified: Wed, 10 Jul 2024 13:24:23 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "668e8b87-17774"
x-frame-options: DENY
content-type: application/octet-stream
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: a6dd2ccea9cc395f33ebc1b5f967ce8c
accept-ranges: bytes
cf-ray: 8a7bd416ac35bba3-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ATFFranklinGothic-Light.otf
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ 94 KB
94 KB 105ms
63ms Font
application/octet-stream 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Light.otf
Requested by: Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 6db159af02a213a7d4058f5ffe508392ca8d46478f1ded5a446ef9a0226fe52f

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
cf-cache-status: HIT
cdn-edgestorageid: 1081
age: 10964
cdn-cachedat: 06/26/2024 08:12:55
cdn-pullzone: 2091526
alt-svc: h3=":443"
content-length: 96140
last-modified: Mon, 24 Jun 2024 11:26:15 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "667957d7-1778c"
content-type: application/octet-stream
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: f61cf502f70fa18a2fdf7d9706127a0f
accept-ranges: bytes
cf-ray: 899bbc2e28ef913c-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ATFFranklinGothic-Heavy.otf
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ 102 KB
103 KB 105ms
64ms Font
application/octet-stream 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Heavy.otf
Requested by: Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: cc2b240009df1ede0c3884229e7e7d14a04752dca62910c215f871188b1c91f0

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
cf-cache-status: HIT
cdn-edgestorageid: 1082
age: 1818
cdn-cachedat: 06/26/2024 08:06:52
cdn-pullzone: 2091526
alt-svc: h3=":443"
content-length: 104484
last-modified: Mon, 24 Jun 2024 11:26:14 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "667957d6-19824"
content-type: application/octet-stream
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: bf36b29eb5ef28e2dc8963418a4a1052
accept-ranges: bytes
cf-ray: 899bb3523afb2c4a-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 ATFFranklinGothic-Bold.otf
sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ 100 KB
100 KB 105ms
64ms Font
application/octet-stream 2400:52e0:1e00::1080:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://sygnia.b-cdn.net/wp-content/themes/sygnia-theme/fonts/ATFFranklinGothic-Bold.otf
Requested by: Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 9d205ce526929a67b4b7f36717fd842e28b560d1837d46a552a55988f13fe898

Request headers

Referer: https://sygnia.b-cdn.net/wp-content/cache/min/1/wp-content/themes/sygnia-theme/styles/main.css?ver=1722245192
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
cf-cache-status: HIT
cdn-edgestorageid: 1082
age: 10964
cdn-cachedat: 06/26/2024 08:12:55
cdn-pullzone: 2091526
alt-svc: h3=":443"
content-length: 102192
last-modified: Mon, 24 Jun 2024 11:26:15 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "667957d7-18f30"
content-type: application/octet-stream
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: c737fb98-f208-4fd9-aceb-be987d849faa
cache-control: public, max-age=31536000
cdn-requestid: 30a83c0ab4a404a8269fa81a3e20ddc1
accept-ranges: bytes
cf-ray: 899bbc2dcd903a4f-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e35d99ea250fc939dbc2ca64df4fea67c26986a322c077027be9c2df1973c936

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f2761185afcd8afc85ad752e72412dd24b048bc166237dc2be0078193acf760

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aefdd073a5a00a2b6959db7818278d0fdef8f0ef5d65312542de0d5bd32ca0f7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ea5fb260d4b5370cf7050e2e921c6a1bd6117d4ae54058649b803177fb6bcd9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 255 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65f8b1c674f201983d6930f4670a451f2677db1f2352921ea3ec16d2a00c5d7e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 243 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c9d2afbb789c07d465dddd42752f23d3c74c414f2baa27bc5193bbfdd6f6596

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
2 KB 64ms
33ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: sygnia.b-cdn.net
URL: https://sygnia.b-cdn.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 570476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1046
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9Jt3fwHriRdPdtEy5EA9EZqAj%2BZgBh1Hv8uITiPrPd8XQKgBPhBwOSUPo1TNBQjDi9qDYovQTOl7sEjddrcMjPoiWpo7KMYQ%2FNf0kS9zRiIaqq6AehPMAQJ%2Bsgh1b%2BahxKKB6Jo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8abbcb21ed2d9055-FRA
expires: Mon, 21 Jul 2025 07:14:46 GMT

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/ 2 KB
2 KB 214ms
176ms XHR
application/json 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/json?hs_static_app=forms-embed&hs_static_app_version=1.5697&X-HubSpot-Static-App-Info=forms-embed-1.5697

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64f7076b90e5ec9269bbe2c036b735c2de2c10f20f63df85970a7ecfa214d8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 17461737-1010-439c-bc19-355f6bcf9173
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
content-length: 1129
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 17461737-1010-439c-bc19-355f6bcf9173
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.sygnia.co
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8abbcb21fe518ed0-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-h29cs

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/ 2 KB
2 KB 359ms
146ms XHR
application/json 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/8776530/1ad9c304-415a-4d9d-ba10-a5145c1db1c3/json?hs_static_app=forms-embed&hs_static_app_version=1.5697&X-HubSpot-Static-App-Info=forms-embed-1.5697

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

459636c01082e4bac03af3901bf4f05ccb11a6bce59bb567d3f3edfb557508d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 31 Jul 2024 07:14:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 14d8cb82-9c7d-4b4a-824c-913c55033e01
x-envoy-upstream-service-time: 14
alt-svc: h3=":443"; ma=86400
content-length: 1128
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 14d8cb82-9c7d-4b4a-824c-913c55033e01
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.sygnia.co
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8abbcb23181b8ed0-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-nlgnj

GET
H2 200 blog_GhostEmperor_v2_2.png
www.sygnia.co/wp-content/uploads/2024/07/ 2 MB
2 MB 74ms
74ms Image
image/webp 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sygnia.co/wp-content/uploads/2024/07/blog_GhostEmperor_v2_2.png

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83711f638fdd3ca089793e59562e1216c927f4b875c3e3cfc693b93950df054e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=2121626
content-disposition: inline; filename="blog_GhostEmperor_v2_2.webp"
content-length: 1623200
cf-bgj: imgq:100,h2pri
last-modified: Mon, 29 Jul 2024 09:22:16 GMT
server: cloudflare
etag: "66a75f48-205f9a"
vary: Accept, Accept-Encoding
x-frame-options: DENY
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tnNXtysfMw2a0NchHAo2R0f2IHQS%2F0GeZR25ZFN%2FdEF8vC9ARygzN%2Fy0xBulhGxZW5tnJO%2F%2BVNBHKzlipIDTC370K5QOgi7ufy0cD5imEK4dpypPcVHWe%2FxpYUD3AFaKkqJ8YRHUTOSDwts%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8abbcb21dbbc3a5a-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 103ms
40ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3XBPCMRFD6&gtm=45je47t0v9100139776za200&_p=1722410086529&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250753&cid=640853153.1722410087&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722410086&sct=1&seg=0&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&dt=Ghost%20Emperor%20Hacker%20Uses%20Demodex%20Rootkit%20to%20Attack%20%7C%20Sygnia&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1181
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jul 2024 07:14:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sygnia.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 103ms
36ms Ping
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3XBPCMRFD6&cid=640853153.1722410087&gtm=45je47t0v9100139776za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250753
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3XBPCMRFD6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jul 2024 07:14:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sygnia.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 83ms
50ms Image
image/gif 172.217.18.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3XBPCMRFD6&cid=640853153.1722410087&gtm=45je47t0v9100139776za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250753&tag_exp=95250753&z=428793940

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f99.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jul 2024 07:14:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 262 KB
90 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10796050850&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

64026dad4e318e0e93c97b928a64615f5c08eeda6bee7d55cc78ada07d278920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92552
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 31 Jul 2024 07:14:46 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 262 KB
90 KB 41ms
40ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10796050850&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

90efc71d3fcfd9610c6f5336b007ecc094a8b3052ee70a54d6251a49f415d4c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92503
x-xss-protection: 0
last-modified: Wed, 31 Jul 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 31 Jul 2024 07:14:46 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 139ms
45ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:33:09 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=35938
accept-ranges: bytes
content-length: 14597

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 138ms
45ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220078-FRA

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 148ms
55ms Script
application/x-javascript 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 31 Jul 2024 07:14:46 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jul 2024 07:46:01 GMT
Server: AkamaiNetStorage
ETag: "484f007d650a3fc9fe7590700b8bf590:1721634587.188058"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-RG: EU
Cache-Control: max-age=1200
X-CC: DE
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8617
Expires: Wed, 31 Jul 2024 07:34:46 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 147ms
54ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 31 Jul 2024 07:14:46 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EE4E5E64041D473A8BC87A6BC1DB5DB0 Ref B: DUS30EDGE0721 Ref C: 2024-07-31T07:14:46Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/ 2 KB
1 KB 271ms
193ms Script
application/javascript 2600:9000:2670:4600:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L47WTV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:4600:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

26289e926f95ac9932d88178c690daf5df8af203ffa3b982657e35b3f72d71ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 e3824a4cc698f190d3fa6fe687f1a600.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
etag: W/"9a419a5608a8efc4f0736c99a790fcb8"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: WnssOXwLpfFGXysaCs5IZABGlwdC6zxPjqlTT-21I-Q6OqebXKwB0w==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
24 KB 137ms
61ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8776530.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

720b43e5950b3ef9c934b9253a76353a916cc4399cc2d17bdc5a508ce2569d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
Origin: https://www.sygnia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 512
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1294/bundles/project.js&cfRay=8abbbe9f285cbbf1-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"ca106ef78092107b8d4a40131d641c01"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1294/bundles/project.js
date: Wed, 31 Jul 2024 07:14:46 GMT
x-amz-version-id: GMZ9HyPHjtzB9hq9Kp4nuMbTlOz7NvmB
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 180cf0f4-d63b-44e2-b40a-c0a9d1b769c4
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 180cf0f4-d63b-44e2-b40a-c0a9d1b769c4
last-modified: Mon, 29 Jul 2024 11:16:10 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U9pZuXYLlsjJOzm1Gf42LIHcOWZYpGGZ9PkBjNlN7bbFQER4KiMbh5OpBuuK0zQrZQ6oHZFBbZQRys3iQAfXBhN%2Fw6%2Bhozk1G2aBABmWOriCxbc5qnk%2FmQLOyu%2FxjaefjEY%2FaNIjAFmIPn5H"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-nvlm8
cf-ray: 8abbcb236e243a5a-FRA
x-amz-cf-id: mfDCURbvMdQFlRwHwpaxTtbVWANF9DRhM2wQsFUOBp3PdL7CyzJCAQ==

GET
H2 200 8776530.js Show response
js.hs-banner.com/ 67 KB
20 KB 387ms
337ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/8776530.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8776530.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f66e1ef9a371d1a074cf0073e611a58f36fbf597f3f36c17c640858b26855aa

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
x-amz-version-id: CC2qVRQcf3o55BOtZC7NstcrtfQP3Kbv
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: 9HP1C1N7D9HQGH9V
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: b4b637db-b4db-4bd1-a967-0cc9d7bd9d87
x-envoy-upstream-service-time: 32
x-amz-id-2: yY7Kpb0s+U1/MNqePyGPAJyZOOnXxqKluWxM12y+7LBXbaX1TBMLKJLvXz7ElMRdyRhCUDHzq4jr4ipcxiXwrAiSfVzI6/jc
x-evy-trace-listener: listener_https
x-request-id: b4b637db-b4db-4bd1-a967-0cc9d7bd9d87
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 22 Jul 2024 06:38:53 GMT
server: cloudflare
etag: W/"318a47d89a0f34bbe1aae80d4b920fc3"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.sygnia.co
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-762px
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8abbcb2348ad6969-FRA
expires: Wed, 31 Jul 2024 07:19:47 GMT

GET
H2 200 8776530.js Show response
js.hs-analytics.net/analytics/1722409800000/ 68 KB
24 KB 89ms
38ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1722409800000/8776530.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8776530.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1c843d03bd51303159f079e1342d9590b177b16a74658649bf466646301c299

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: WHZZWBB94M93P168
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 412632aa-eb13-4760-83d7-77c000ac0b70
age: 93
x-envoy-upstream-service-time: 52
x-amz-id-2: uBAcWV/m1pwVXEzO02nsoJsDa6XwtU5ALa1udaLzlma8btvh5wVPrAO6NMNTTg6d/PE9QFTPLL0=
x-evy-trace-listener: listener_https
x-request-id: 412632aa-eb13-4760-83d7-77c000ac0b70
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 29 Jul 2024 20:33:45 GMT
server: cloudflare
etag: W/"4cd602d0198c050171fd7e040c4abf91"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-792r6
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8abbcb234d4c2bf0-FRA
expires: Wed, 31 Jul 2024 07:18:13 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 94ms
34ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8776530.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dea7d93054c054d6908de184845b8db289207bb4928bbdd07d0ad8d52ec0708f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
x-amz-version-id: kl1dxvjzkssE.fV_O4PhpuAJA5n_6jGg
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 41
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.571/bundles/pixels-release.js&cfRay=8abbca1db9fe65d9-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 4c3ed533-0bc3-4b67-847b-4ff78ecfd0fb
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4c3ed533-0bc3-4b67-847b-4ff78ecfd0fb
last-modified: Fri, 19 Jul 2024 20:16:33 UTC
server: cloudflare
etag: W/"5d8f21e5e9508f10da257acb3360bbbd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-nvlm8
cf-ray: 8abbcb237b939b4b-FRA
x-amz-cf-id: A0EHw1_U3fr5eU9PIpw0a6CyAK_v4uZeG3W9R59VDdrZHGjqr_qR7w==
x-hs-target-asset: adsscriptloaderstatic/static-1.571/bundles/pixels-release.js

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
884 B 158ms
132ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4050f60c-8893-4520-b74a-ec9351ce8fc7
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4050f60c-8893-4520-b74a-ec9351ce8fc7
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvsp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8abbcb2348938eda-FRA

GET
DATA 200
OK truncated
/ 246 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7780e9c2bb62d651ef56f3d7800e3ef686e424c0c27d9cead2e15b075d28174

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
850 B 143ms
143ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: bd70dbb5-3032-4b65-a47d-289591a19489
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: bd70dbb5-3032-4b65-a47d-289591a19489
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-lnx6f
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8abbcb2398fb8eda-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
539 B 137ms
136ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a1095f49-c597-4fb6-86e0-48e56ef67492
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a1095f49-c597-4fb6-86e0-48e56ef67492
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-lnx6f
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8abbcb2429f98eda-FRA

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 255ms
155ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4b446c16-c0ee-4917-9ebf-985134de59ea&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=9783cc2d-88cb-45be-9386-eafd61afcd7d&tw_document_href=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tw_iframe_status=0&txn_id=o706g&type=javascript&version=2.3.30

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 108
date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 333ee4ab6e52c8f6
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: df6ed4482e373fc6662ee03b73747645dd39923f2ffa619f99c1fc974fed0637
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
723 B 179ms
129ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4b446c16-c0ee-4917-9ebf-985134de59ea&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=9783cc2d-88cb-45be-9386-eafd61afcd7d&tw_document_href=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tw_iframe_status=0&txn_id=o706g&type=javascript&version=2.3.30

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 109
date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 5c3ad0580357b33a
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 78da31235319f9189a7ee6f9215f5b2841100a6f65c0e69edd1e9b6e7d40c05a
content-length: 43

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 342ms
111ms Fetch
image/gif 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=false&bust=08610049742179853&referrer=&cht=gtm&marketerId=0022184d276f78b50ef9abadeb48eabd8c&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&g=1&obApiVersion=2.0-gtm&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
cache-control: no-cache
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 64492f7b8effc74aadf455e57d04f2c7
content-length: 54
content-type: image/gif;

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 364ms
134ms Script
application/javascript 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=0022184d276f78b50ef9abadeb48eabd8c

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 6fbdfa497ff53d43ec180aabd7906745
content-length: 39
content-type: application/javascript

GET
H/1.1 200
OK 0022184d276f78b50ef9abadeb48eabd8c Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
516 B 118ms
36ms Script
text/html 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/0022184d276f78b50ef9abadeb48eabd8c

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-86.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 31 Jul 2024 07:14:47 GMT
ob-sent-time: 1722404283423
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-RG: EU
Cache-Control: max-age=60
X-CC: DE
Connection: keep-alive
x-traceid: 54df677522ea0ada698e6935e1d7bada
Content-Length: 22
Expires: Wed, 31 Jul 2024 07:15:47 GMT

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 103ms
40ms Fetch
text/html 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 31 Jul 2024 07:14:47 GMT
Observe-Browsing-Topics: ?1
Content-Type: text/html
Access-Control-Allow-Origin: *
X-RG: EU
Cache-Control: max-age=1200
X-CC: DE
Connection: keep-alive
Content-Length: 26
Expires: Wed, 31 Jul 2024 07:34:47 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
616 B 253ms
193ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7F6F0FC5192741F0AD2232ABB5FFE3F0 Ref B: FRAEDGE1713 Ref C: 2024-07-31T07:14:47Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.sygnia.co
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYehdloNGuQ6w2fGVJdGA==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
814 B 277ms
216ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1FD5B9A673C546E69958B5A9AC521926 Ref B: DUS30EDGE0916 Ref C: 2024-07-31T07:14:47Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lor1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYehdloVG7mjo0OSodNzA==
x-fs-uuid: 00061e85d968546ee68e8d0e4a874dcc

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2&e_ipv6=AQKtj5iqYs-wDwAAAZEHpDMh0X1j...

0
266 B

187ms
127ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2&e_ipv6=AQKtj5iqYs-wDwAAAZEHpDMh0X1je0S9eI8fJO1aDoa_fvrBCqB6TWP1bTvYT7KK7JqfAgIZbSFuZA
Requested by: Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D84CF1DE63CF458B995D5AA5BEC4E646 Ref B: FRAEDGE1817 Ref C: 2024-07-31T07:14:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYehdlqjnkI+GziSgP3QQ==

Redirect headers

date: Wed, 31 Jul 2024 07:14:47 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D1819CE5FC5B437B8E660C64C0290629 Ref B: FRAEDGE1713 Ref C: 2024-07-31T07:14:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4003889&time=1722410087088&url=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&tm=gtmv2&e_ipv6=AQKtj5iqYs-wDwAAAZEHpDMh0X1je0S9eI8fJO1aDoa_fvrBCqB6TWP1bTvYT7KK7JqfAgIZbSFuZA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYehdlnoayiqBxaslb+Fg==

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1 KB 158ms
148ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8776530&currentUrl=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c3ac9c2b-2482-42e7-9179-12456ddaae64
content-encoding: br
x-envoy-upstream-service-time: 14
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c3ac9c2b-2482-42e7-9179-12456ddaae64
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.sygnia.co
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYdBnibMkxNAFiFx2wqQngXXGcQkzmIg%2B%2F3NP%2BRLidyPPd8AmZ78HhU4A1FBh46KWD6VragoaVJ9khJ6BHYvpmP95r0UOgBjzJLyL1qpaO4vbASXUv658Y89yTWQJsN%2FMUyETT%2BBZNmyT0OIlQhTGeDDKdQo6vkod7U%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8abbcb247fda3a5a-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-bsbgp

GET
H2 200 187039095.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 48ms
46ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187039095.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3e3d8607022b8531fc358f2dc923c8f859c00642f6ae17cf3581af03904895c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 31 Jul 2024 07:14:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 655DAF09ADE54A0997527C53DBF1D7E0 Ref B: DUS30EDGE0721 Ref C: 2024-07-31T07:14:47Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
539 B 132ms
132ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3e91c997-16e6-445b-9957-41c6ae433ed3
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3e91c997-16e6-445b-9957-41c6ae433ed3
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-24kf4
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8abbcb248aa68eda-FRA

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/ 0
21 B 312ms
232ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/ 168 KB
45 KB 272ms
201ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

70ab4589cd875991dcba608ed58a37c165dda5645b767690b14587c7444a38d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

GET
H2 200 187039095 Show response
www.clarity.ms/tag/uet/ 829 B
1 KB 425ms
348ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/187039095?insights=1
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/187039095.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0f8192e1ffedc10b6f92b66809b25f3f919e9645dc2fe871469b47f4b30a5cb2

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
date: Wed, 31 Jul 2024 07:14:47 GMT
x-azure-ref: 20240731T071447Z-16b8f8f97cf2g2q7wmv2q8u4r400000006eg00000000hxpk
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 829
expires: -1

GET
H2 204 0
bat.bing.com/action/ 0
178 B 49ms
47ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187039095&Ver=2&mid=c125e784-0d8c-4153-8ed1-6427dfc23aca&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Ghost%20Emperor%20Hacker%20Uses%20Demodex%20Rootkit%20to%20Attack%20%7C%20Sygnia&p=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&r=&lt=1078&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=77645

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 31 Jul 2024 07:14:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B67284223B6401F9B83833AA6CC9157 Ref B: DUS30EDGE0721 Ref C: 2024-07-31T07:14:47Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cf-location Show response
js.hs-banner.com/cookie-banner-public/v1/ 2 B
145 B 87ms
46ms Fetch
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/8776530.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=1500
cf-ray: 8abbcb25b92435fe-FRA
content-length: 2

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
581 B 149ms
137ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.sygnia.co
URL: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e203d035-e4ec-4667-a516-0e96705ed760
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e203d035-e4ec-4667-a516-0e96705ed760
last-modified: Wed, 31 Jul 2024 07:14:47 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-xvndp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8abbcb258c9e8eda-FRA

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
131 B 161ms
159ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/8776530.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 919e2c3c-fe81-4c8a-828a-dd9250145513
x-envoy-upstream-service-time: 15
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 919e2c3c-fe81-4c8a-828a-dd9250145513
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.sygnia.co
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-792r6
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8abbcb26dac935fe-FRA

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
0 134ms
134ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.sygnia.co
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.sygnia.co
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8abbcb26097735fe-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 31 Jul 2024 07:14:47 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-792r6
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 35ddd775-00b0-4c60-a3c5-4868f4d42b84
x-request-id: 35ddd775-00b0-4c60-a3c5-4868f4d42b84

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 235ms
180ms XHR
application/json 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_b4fb7f423bd8c1db206dc4c6bf3a9e56/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Origin
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.sygnia.co
access-control-expose-headers
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials: true
content-type: application/json

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.41/ 62 KB
26 KB 46ms
46ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.41/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187039095?insights=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
content-encoding: br
last-modified: Fri, 26 Jul 2024 23:49:00 GMT
etag: W/"0x8DCADCD85F8E42A"
vary: Accept-Encoding
x-azure-ref: 20240731T071447Z-16b8f8f97cf2g2q7wmv2q8u4r400000006eg00000000hxq9
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: f43bf423-101e-0028-05d3-df4f73000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
753 B 221ms
162ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1240600147&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&t=Ghost+Emperor+Hacker+Uses+Demodex+Rootkit+to+Attack+%7C+Sygnia&cts=1722410087684&vi=3eeba6d14f18215d212b203fb7e7abd7&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5bf4624e-b71f-490d-aab2-1d023278d1b4
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5bf4624e-b71f-490d-aab2-1d023278d1b4
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DmAc5iN%2FsgISoPLRH99P7Idc5Bo6LKcbBQFSFg4SC37PfxeZ%2BSFJvh8dqU7BOmr1sVIHJl56ftEZuFzUbD47PiU47lWugRo1%2FA3kDRg%2FvGF3uiVTkSKyoE%2FseOI1TV0XBBpjSs3Ojpgj%2FvwUEcVx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-f56xp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8abbcb287b061903-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 196ms
143ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=1ad9c304-415a-4d9d-ba10-a5145c1db1c3&fci=626a1503-e124-491a-afb9-97447cd0bdef&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1240600147&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&t=Ghost+Emperor+Hacker+Uses+Demodex+Rootkit+to+Attack+%7C+Sygnia&cts=1722410087685&vi=3eeba6d14f18215d212b203fb7e7abd7&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f949ab25-a3ff-44cb-861b-665737752798
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f949ab25-a3ff-44cb-861b-665737752798
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RoJDwL7k%2FvChBJw1yAPKrxDh2puWshSUwMo4hxy2tPvtKZFYIq23NGqC7Ul2q4OtXl%2Bi5J4rtutbrvBjp9qL8tpD%2BOKNu5O63ElL82kMujl6Jx2sevKwCTzs6nwmwz2d309CqKf9oMo4nXX0LapI"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-652hd
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8abbcb287b081903-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
751 B 200ms
150ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=1ad9c304-415a-4d9d-ba10-a5145c1db1c3&fci=c9537b1b-f4d6-465d-aeea-c964b99208f3&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1240600147&v=1.1&a=8776530&rcu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&pu=https%3A%2F%2Fwww.sygnia.co%2Fblog%2Fghost-emperor-demodex-rootkit%2F&t=Ghost+Emperor+Hacker+Uses+Demodex+Rootkit+to+Attack+%7C+Sygnia&cts=1722410087686&vi=3eeba6d14f18215d212b203fb7e7abd7&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e710830e-0b5b-415d-aa15-aa33fcf5d3c4
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e710830e-0b5b-415d-aa15-aa33fcf5d3c4
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfYuf8cdrH8YWQ3nLx4gHbVCknyRzxzD%2BfTocL6%2BHTOWkuxCQq%2BUhCEnWYeFNr66ntliKXEwx%2BvT%2Brhvv8vSzisBxfMCGte2amVCmJiAHTLXLTiC9%2FC3xxWUOKI32toEONWnQdv8XB7o3CUGnOgl"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-b74rx
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8abbcb287b091903-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=787775A2B34E4220BFD9DF05173B1F83&RedC=c.clarity.ms&MXFR=3E5FBAE355F56DFB095FAE2E51F563ED
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=787775A2B34E4220BFD9DF05173B1F83&MUID=3B0E32CB8D136937110926068CB96873

42 B
441 B

50ms
50ms

Image
image/gif

13.74.129.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=787775A2B34E4220BFD9DF05173B1F83&MUID=3B0E32CB8D136937110926068CB96873
Protocol: H2
Server: 13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Jul 2024 07:14:47 GMT
last-modified: Tue, 25 Jun 2024 19:30:12 GMT
server: Microsoft-IIS/10.0
etag: "7473f1936c7da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 31 Jul 2024 07:14:47 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5D788B018CBF4CDBB16CBC287F584003 Ref B: DUS30EDGE0721 Ref C: 2024-07-31T07:14:47Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=787775A2B34E4220BFD9DF05173B1F83&MUID=3B0E32CB8D136937110926068CB96873
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 favicon.png
www.sygnia.co/wp-content/uploads/2023/12/ 511 B
861 B 51ms
51ms Other
image/png 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sygnia.co/wp-content/uploads/2023/12/favicon.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

550e78bf6d6c0ae691f44ff83367c4f35cd49e4d83a1e82c0ef9b17cc4b411fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 580090
cf-polished: origSize=551
content-length: 511
cf-bgj: imgq:100,h2pri
last-modified: Wed, 17 Jul 2024 12:54:18 GMT
server: cloudflare
etag: "6697befa-227"
vary: Accept, Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y6AwbIaA42zqvVMBd2BVK7dOpDmcfLe47CkAYcevNKhEaPt3zesEd2whY%2Brtm2js2qIvCRydRQDNapTng2Gv%2FdJ95dF8myPdvpPdgmq0kEueYS6z8lFHDrgkfQfFZd5UfWpGs%2B3yG2otecg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8abbcb283dff3a5a-FRA

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
277 B 497ms
262ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.sygnia.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.sygnia.co
Date: Wed, 31 Jul 2024 07:14:48 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 favicon-32x32.png
www.sygnia.co/ 839 B
1 KB 57ms
57ms Other
image/png 2606:4700:3108::ac42:286e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sygnia.co/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:286e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c738fca28ad55489bf1c652bd90636152afc4547965561a7fcd9b0f06860be25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Request headers

Referer: https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 31 Jul 2024 07:14:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 580090
cf-polished: origSize=1121
content-length: 839
cf-bgj: imgq:100,h2pri
last-modified: Wed, 17 Jul 2024 12:54:09 GMT
server: cloudflare
etag: "6697bef1-461"
vary: Accept, Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZmZScinNE0YaWXc2F2OKvRD1IXo4gNZV99TUWozvJeRMRgE71H3B%2B2NTcct8SdT1dmtlh0lWfPmaP97AvkRRnN%2BLjCHPsBfO1rAt2Dqp8cECm9AkyBugEobWtIr213%2FqZRkzp%2Fm1bULVq34%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8abbcb289ea73a5a-FRA

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-20 22:26:51	Name: __cf_bm Value: RIOiPTjdpsLjhA0j2XrFMyaWCGVBhoWyHsjBOiURn4M-1722410086-1.0.1.1-h6buzkK3aA4z02bZjeXke1au_sKd5e7K7kHSJcpO5wyEp3aDdlcQIjPPSp2FwajCzp1.hHpN4wAy8OM0wzge4w
.sygnia.co/	1970-01-21 08:02:50	Name: _ga_3XBPCMRFD6 Value: GS1.1.1722410086.1.0.1722410086.60.0.0
.sygnia.co/	1970-01-21 08:02:50	Name: _ga Value: GA1.1.640853153.1722410087
.sygnia.co/	1970-01-21 00:36:26	Name: _gcl_au Value: 1.1.1769093059.1722410087
.hsforms.com/	1970-01-20 22:26:51	Name: __cf_bm Value: 8RJYEfpADsbjE6nCBepZx4EW73EKrkIKXV.NM6ZRv48-1722410087-1.0.1.1-cLvMK9o8LUp0OxAwHmkESsW4GFtmDQq6ViIYEsSuJ5OoBlZBdlhzxoaVEaxABSxgbit9WES48sC.2zPHiCmOVg
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: xB9ILVuI4qY6fwb3uo3fafQCW7XH22z.bzS7HJfZaxo-1722410087088-0.0.1.1-604800000
.twitter.com/	1970-01-21 08:02:50	Name: guest_id_marketing Value: v1%3A172241008718015733
.twitter.com/	1970-01-21 08:02:50	Name: guest_id_ads Value: v1%3A172241008718015733
.twitter.com/	1970-01-21 08:02:50	Name: personalization_id Value: "v1_/N2nS+2JSAvr0patIvY9fg=="
.twitter.com/	1970-01-21 08:02:50	Name: guest_id Value: v1%3A172241008718015733
.t.co/	1970-01-21 08:02:50	Name: muc_ads Value: eb352fe6-648b-453c-988b-7886ad99efb2
.linkedin.com/	1970-01-21 07:12:26	Name: bcookie Value: "v=2&848ad452-1e33-4c0d-8a4d-bc6da6f6c31d"
.linkedin.com/	1970-01-21 02:46:02	Name: li_gc Value: MTswOzE3MjI0MTAwODc7MjswMjGn11U5qDrtwOrl9RrHc2TZwrl4zglu2/wFpABzpmQQjw==
.linkedin.com/	1970-01-20 22:28:16	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3261:u=1:x=1:i=1722410087:t=1722496487:v=2:sig=AQECbCAocql0e2jGhLMT0Ob3hCpWCGTb"
www.sygnia.co/	1970-01-20 22:26:50	Name: dicbo_id Value: %7B%22dicbo_fetch%22%3A1722410087436%7D
.sygnia.co/	1970-01-21 07:12:26	Name: cb_user_id Value: null
.sygnia.co/	1970-01-21 07:12:26	Name: cb_group_id Value: null
.sygnia.co/	1970-01-21 07:12:26	Name: cb_anonymous_id Value: %2246a47dc8-43b8-41e6-b88b-f0df2ef2dfee%22
www.clarity.ms/	1970-01-21 07:12:26	Name: CLID Value: ae6f4c63908e424b8a5cca1df1020e40.20240731.20250731
.hubspot.com/	1970-01-20 22:26:51	Name: __cf_bm Value: uuvjasgOutrroz3jazbU2aONm7lNyLPNIM2j2gwY.d8-1722410087-1.0.1.1-3TRjjh5Fr458p_33bRQ2xDVY6WqM9JK7ZeLIl.JmKHrs7m0hM2FjZQ6ePtPY.UTwmSLbLXDtZCIFH0PSp0C_qw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: f5fH_B3ZGq0GwVrHnd9ykuarFTlzDw3JSdmuCbsTA0U-1722410087893-0.0.1.1-604800000
.bing.com/	1970-01-21 07:48:26	Name: MUID Value: 3B0E32CB8D136937110926068CB96873
.c.bing.com/	1970-01-20 22:36:54	Name: MR Value: 0
.c.bing.com/	1970-01-21 07:48:26	Name: SRM_B Value: 3B0E32CB8D136937110926068CB96873
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 07:48:26	Name: MUID Value: 3B0E32CB8D136937110926068CB96873
.c.clarity.ms/	1970-01-20 22:36:54	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 22:26:50	Name: ANONCHK Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amplify.outbrain.com
analytics.twitter.com
app.clearbit.com
bat.bing.com
c.bing.com
c.clarity.ms
cdnjs.cloudflare.com
cta-service-cms2.hubspot.com
forms-na1.hsforms.com
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hubspot.com
o.clarity.ms
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
sygnia.b-cdn.net
t.co
tag.clearbitscripts.com
tr.outbrain.com
track.hubspot.com
wave.outbrain.com
www.clarity.ms
www.google.de
www.googletagmanager.com
www.sygnia.co
x.clearbitjs.com
104.17.24.14
104.18.141.119
104.18.80.204
104.244.42.67
13.107.42.14
13.74.129.1
146.75.120.157
172.217.18.99
2001:4860:4802:34::36
23.35.237.86
2400:52e0:1e00::1080:1
2600:9000:2670:4600:7:d7d6:3c40:93a1
2606:4700:3108::ac42:286e
2606:4700:4400::ac40:991b
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:89d1
2606:4700::6810:a0a8
2606:4700::6811:df98
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::237
2a00:1450:4001:82f::2008
2a00:1450:400c:c04::9c
2a02:26f0:3500:10::210:a99
3.127.196.46
52.152.143.207
64.202.112.159
93.184.221.165
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
03f49a978258eb1f89518f68f6ece0bdf3dde0344349569ee8817b36e7189876
04ecc921a16e8836f1479f6b04e16114c1273410eda3be11428581d344afbfdd
09fd5271feb2529d52b6022583773161a3d75c8878a43c7420ac8e6eff88c380
0c9d2afbb789c07d465dddd42752f23d3c74c414f2baa27bc5193bbfdd6f6596
0f66e1ef9a371d1a074cf0073e611a58f36fbf597f3f36c17c640858b26855aa
0f8192e1ffedc10b6f92b66809b25f3f919e9645dc2fe871469b47f4b30a5cb2
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25b2d970ace9c1edeb4a41375002d382ab596775b362c7544d8e93a0ba496e16
26289e926f95ac9932d88178c690daf5df8af203ffa3b982657e35b3f72d71ab
2899b0bf1e6531f0eed6e5d22d038618b596d4cf77ab3509f61ba4400eeab1f0
2d3065183d4babeb7c5b26a3803d705f6d3615c925751a6125648ab3d1433ac2
33f6f08e5af1be365855243892c9236b59b9500d1fbc2ba8fc2ad0828ae9aaf5
389204d6a74b95878e682e9e289a1bfd6ce3322bed4281d56cc37bcae9b6dab2
3ac859f905d1e38eed93ebb76953499f9078693adfeb41668915a47e4acebb1e
3e3d8607022b8531fc358f2dc923c8f859c00642f6ae17cf3581af03904895c9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
459636c01082e4bac03af3901bf4f05ccb11a6bce59bb567d3f3edfb557508d3
478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1
482bfcc25fc36b5ca7cfdbb76380da0a6df7000a0c238edfaa82b1dfaa0d8526
4a523c7a11a8ae5b1c33232c7a1522f9f0f82aeb0ce357861e9cda197182299d
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4f2b2fe1fd99a02d71973dff2ad40e9b4ebbd0a90cd646be2914d66ae4b9efe4
52159cd23e4772dfb80bd92e3d5da72a09bfc6cc3598cc76b34f2f75bf709ce1
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
550e78bf6d6c0ae691f44ff83367c4f35cd49e4d83a1e82c0ef9b17cc4b411fb
55f2070c8b70a278df0a01dfdae3f5a93b0a18487cf1259ea874862980e16e4f
570131c06e2b9e41ab9917ab39ecb6bbb063c2433abbaff89ea3335c7bd7d5ee
589e247b78ef6f81b8af0e15e689bdc98f722d18514a67f7d8f06d3d9d20ff0f
5bf0b35b5dce9e77690dafd5e5ea233b31e02101cc6a73f5d0416ac114792e35
5d47d588556711a601728fc8a6d02c6b4fe8069210b411d2408359fee9a2ed6f
6004cc3ebe58ae4014aff5bafabee6510527938fb5005c127c55f14ba1f860fc
60951d4152b680cf26897b16cf061939b15b33e76066bdaea8a8398703ee5d19
60c3a2ff2748a6e23648e55e965aaa4c9a12a2a27d23a86ee68071ce60edd24e
6363e009d5233d3a07b75315cea4838f87d86cedef07bc9e7b2fe80b4b6707f3
63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69
64026dad4e318e0e93c97b928a64615f5c08eeda6bee7d55cc78ada07d278920
64f7076b90e5ec9269bbe2c036b735c2de2c10f20f63df85970a7ecfa214d8e2
65f8b1c674f201983d6930f4670a451f2677db1f2352921ea3ec16d2a00c5d7e
66b18f55d52bd73ce40f783a0d028aa94cd441b3a1eb874fbc132b2e27f4c455
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
697b927f8e0617dfbcf2299023a57f4b6e98ed88ed692deaa5533b9eaeb7316b
6a42ae76d76d68601c7dcd9459108402c88c9e1c47fcf51995ad69d0c9b7eac0
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
6d635cb5df71d3b41ecf01e08f469d63957b1f4eaa39944e9787e0a267ae22c9
6db159af02a213a7d4058f5ffe508392ca8d46478f1ded5a446ef9a0226fe52f
70ab4589cd875991dcba608ed58a37c165dda5645b767690b14587c7444a38d5
720b43e5950b3ef9c934b9253a76353a916cc4399cc2d17bdc5a508ce2569d74
7d3d1b5a7db60fd338b0765356fd2813d0d6d9600639845d645c49e2c61e5bf8
7ea5fb260d4b5370cf7050e2e921c6a1bd6117d4ae54058649b803177fb6bcd9
7eea271ac12ff6eedb436dd5243bad87e3650ed0130edf791c1715c5c52e0238
7f2761185afcd8afc85ad752e72412dd24b048bc166237dc2be0078193acf760
83711f638fdd3ca089793e59562e1216c927f4b875c3e3cfc693b93950df054e
8746996314732452443328c9005778a65f59fb3ce23886256f4ce5cc826f36cf
88934ea7e6d53babd8bae2f0d386a9a8f40104b1fdd9c52e7a62cfe15bb47b63
8b3051b7c441a1b36a48e665ba9776d6f072d9edf8468d0865cead0cc5ba8cf7
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8f448091ffb8bf95d1e8982f5967cf2fa233086f7ec618e21db785e83d42730a
90efc71d3fcfd9610c6f5336b007ecc094a8b3052ee70a54d6251a49f415d4c6
97fd7002c3f56c65408c46fe3b8a0696c928ec29da9a197db8e4dbd51a8caaa3
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d205ce526929a67b4b7f36717fd842e28b560d1837d46a552a55988f13fe898
a1c843d03bd51303159f079e1342d9590b177b16a74658649bf466646301c299
a618c3a73198596bfcd32f002b917508f3b897c456a7f30eac27f90e1abd4b07
a6d94bba3091f01e612c8a679efbb3eb688b7d20da216fa254a92cecd6572865
a79ab27932539f962adfc0ddeafa76ead563e75fdfab0cdb8b9dbc5051920fdd
a960190b683ce8f241308c9f6c411474f61450a3e89594102961e45da9ca4e0f
ab45f33a794552f8e14ae66eaf6af4ba0bd9f1cc02896012ff4968fad5a9713b
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acfaaf62bff0119246c65258ed4eddfff3758441c562b3726627e377d6939118
aefdd073a5a00a2b6959db7818278d0fdef8f0ef5d65312542de0d5bd32ca0f7
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b9859c9773072556f0e8de582865e66fc2ee3a01853385e9b44c3e3a1fa652ef
beb3d3261844647f8ad40783030656786f17ac89edcdf556f2e232bc6ac5656e
bfc661ee18709b1578f2ef0bfa58e12782fbd4caee588245331ff001ca7de3d8
c0822174f1245d688147a792a6a8763b45ecddabff93fb1fe2353921e7798a6f
c5580d46d80a0fc3b81e22b5f7c82a42435c04d5b7817586034145a22798c44c
c66f94d92b2c733bdcd43fadc9da19fe164bc9f44758d92911d231830af14fc9
c738fca28ad55489bf1c652bd90636152afc4547965561a7fcd9b0f06860be25
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cc2b240009df1ede0c3884229e7e7d14a04752dca62910c215f871188b1c91f0
d7780e9c2bb62d651ef56f3d7800e3ef686e424c0c27d9cead2e15b075d28174
d831a9404aeac74687f51307469c3f403ea6ae2e4d8b9edfd649202da438da0d
d893fa560a64242185cfccd40f02e2267432daab306ca89dc8e4176b62d9cf3d
da53520a115493051abcf091908a7515afea76d2c9a707a0493f2021cafd20a3
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dea7d93054c054d6908de184845b8db289207bb4928bbdd07d0ad8d52ec0708f
e35d99ea250fc939dbc2ca64df4fea67c26986a322c077027be9c2df1973c936
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb458a0104ae400a4388bd5bc3842b8aa2b01291fc05399a6a5cb3f907e397d
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
fb6783e593b49bb9261e7639dea5b37b3bbe225c4b3827310940ce752b3b6add

www.sygnia.co Open in urlscan Pro 2606:4700:3108::ac42:286e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

82 Requests

98 %HTTPS

55 %IPv6

25 Domains

35 Subdomains

30 IPs

6 Countries

3179 kBTransfer

5559 kBSize

28 Cookies

3 Outgoing links

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 34 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sygnia.co Open in urlscan Pro
2606:4700:3108::ac42:286e Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

98 %
HTTPS

55 %
IPv6

25
Domains

35
Subdomains

30
IPs

6
Countries

3179 kB
Transfer

5559 kB
Size

28
Cookies

82 HTTP transactions
34 data transactions