www.bitdefender.com Open in urlscan Pro
2606:4700::6812:a8de Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Submission: On October 29 via api (October 29th 2021, 12:59:03 pm UTC) from US — Scanned from DE

Summary HTTP 79 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 29 IPs in 4 countries across 25 domains to perform 79 HTTP transactions. The main IP is 2606:4700::6812:a8de, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bitdefender.com.
TLS certificate: Issued by Thawte RSA CA 2018 on October 27th 2020. Valid for: a year.

This is the only time www.bitdefender.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	2606:4700::68... 2606:4700::6812:a8de	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a02:26f0:6c0... 2a02:26f0:6c00:2a6::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:710... 2a02:26f0:7100::687e:25b1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1 6	54.154.124.189 54.154.124.189	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	13.224.94.118 13.224.94.118	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.201.112.186 35.201.112.186	15169 (GOOGLE) (GOOGLE)
1	13.224.94.124 13.224.94.124	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:170... 2a02:26f0:1700:781::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	13.224.94.39 13.224.94.39	16509 (AMAZON-02) (AMAZON-02)
1	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
1	108.128.120.92 108.128.120.92	16509 (AMAZON-02) (AMAZON-02)
2	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	54.154.165.122 54.154.165.122	16509 (AMAZON-02) (AMAZON-02)
1	63.32.151.178 63.32.151.178	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
10	2606:4700:303... 2606:4700:3031::ac43:8d7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	13.224.94.108 13.224.94.108	16509 (AMAZON-02) (AMAZON-02)
1	13.224.94.115 13.224.94.115	16509 (AMAZON-02) (AMAZON-02)
1	63.34.251.77 63.34.251.77	16509 (AMAZON-02) (AMAZON-02)
1 1	52.211.195.119 52.211.195.119	16509 (AMAZON-02) (AMAZON-02)
2 2	54.194.226.253 54.194.226.253	16509 (AMAZON-02) (AMAZON-02)
1 2	34.226.109.28 34.226.109.28	14618 (AMAZON-AES) (AMAZON-AES)
79	29

22 2606:4700::6812:a8de (United States)

ASN13335 (CLOUDFLARENET, US)

www.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:6c00:2a6::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100::687e:25b1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.154.124.189 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-124-189.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.94.118 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-118.zrh50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba13 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.112.186 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.124 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-124.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:781::f09 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.39 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-39.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.194.58 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.120.92 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-120-92.eu-west-1.compute.amazonaws.com

bitdefender.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.36.218.177 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

sstats.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.165.122 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-165-122.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.151.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-151-178.eu-west-1.compute.amazonaws.com

starget.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3031::ac43:8d7f (United States)

ASN13335 (CLOUDFLARENET, US)

blogapp.bitdefender.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.108 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-108.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.115 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-115.zrh50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.251.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-251-77.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.195.119 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.226.253 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.226.109.28 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-109-28.compute-1.amazonaws.com

mid.rkdms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	bitdefender.com www.bitdefender.com sstats.bitdefender.com starget.bitdefender.com	528 KB
10	bitdefender.work blogapp.bitdefender.work	3 MB
7	demdex.net 1 redirects dpm.demdex.net bitdefender.demdex.net	9 KB
6	adobedtm.com assets.adobedtm.com	135 KB
5	gstatic.com fonts.gstatic.com	71 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	68 KB
3	doubleclick.net googleads.g.doubleclick.net fls.doubleclick.net	4 KB
3	cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com	86 KB
2	rkdms.com 1 redirects mid.rkdms.com	71 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com	807 B
2	google.de www.google.de	656 B
2	google.com www.google.com	656 B
2	fullstory.com edge.fullstory.com rs.fullstory.com	65 KB
2	company-target.com api.company-target.com	2 KB
1	ml314.com 1 redirects ml314.com	474 B
1	demandbase.com tag.demandbase.com	16 KB
1	googleadservices.com www.googleadservices.com	15 KB
1	everesttech.net 1 redirects cm.everesttech.net	517 B
1	licdn.com snap.licdn.com	2 KB
1	googletagmanager.com www.googletagmanager.com	50 KB
1	googleapis.com fonts.googleapis.com	1 KB
0	nmbapp.net Failed sentry.nmbapp.net Failed
0	geolocation-db.com Failed geolocation-db.com Failed
79	25

	Domain	Requested by
22	www.bitdefender.com	www.bitdefender.com
10	blogapp.bitdefender.work	www.bitdefender.com
6	dpm.demdex.net	1 redirects www.bitdefender.com
6	assets.adobedtm.com	www.bitdefender.com assets.adobedtm.com
5	fonts.gstatic.com	fonts.googleapis.com
2	mid.rkdms.com	1 redirects www.bitdefender.com
2	sync.crwdcntrl.net	2 redirects
2	idsync.rlcdn.com	2 redirects
2	www.google.de	www.bitdefender.com
2	www.google.com	www.bitdefender.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	sstats.bitdefender.com	assets.adobedtm.com
2	px.ads.linkedin.com	2 redirects
2	api.company-target.com	assets.adobedtm.com www.bitdefender.com
2	consent.cookiebot.com	www.bitdefender.com consent.cookiebot.com
1	ml314.com	1 redirects
1	in.hotjar.com	www.bitdefender.com
1	tag.demandbase.com	www.bitdefender.com
1	vars.hotjar.com	static.hotjar.com
1	fls.doubleclick.net	assets.adobedtm.com
1	www.googleadservices.com	www.googletagmanager.com
1	starget.bitdefender.com	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	bitdefender.demdex.net	assets.adobedtm.com
1	rs.fullstory.com	edge.fullstory.com
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	www.bitdefender.com
1	www.linkedin.com	1 redirects
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	static.hotjar.com	www.bitdefender.com
1	edge.fullstory.com	www.bitdefender.com
1	snap.licdn.com	www.bitdefender.com
1	www.googletagmanager.com	assets.adobedtm.com
1	fonts.googleapis.com	www.bitdefender.com
0	sentry.nmbapp.net Failed	www.bitdefender.com
0	geolocation-db.com Failed	www.bitdefender.com
79	36

This site contains links to these domains. Also see Links.

Domain
www.jazzhr.com
www.bitdefender.nl
www.zendesk.com
www.cookiebot.com
policies.google.com
legal.hubspot.com
www.linkedin.com
outgrow.co
www.bizible.com
www.adobe.com
www.scarabresearch.com
twitter.com
unsplash.com
privacy.microsoft.com
www.lotame.com
liveramp.com
www.spiceworks.com
login.bitdefender.com
gravityzone.bitdefender.com
community.bitdefender.com
businessresources.bitdefender.com
threatmap.bitdefender.com
businessinsights.bitdefender.com
pan.bitdefender.com
research.bitdefender.com
facebook.com
instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
*.bitdefender.com Thawte RSA CA 2018	`2020-10-27` - `2021-11-23`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
consent.cookiebot.com DigiCert ECC Extended Validation Server CA	`2020-06-11` - `2022-06-11`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-20` - `2022-09-26`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
edge.fullstory.com GTS CA 1D4	`2021-10-20` - `2022-01-18`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.cookiebot.com DigiCert SHA2 Secure Server CA	`2021-07-05` - `2022-07-13`	a year	crt.sh
*.fullstory.com R3	`2021-09-21` - `2021-12-20`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
sstats.bitdefender.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-02` - `2022-04-02`	a year	crt.sh
starget.bitdefender.com DigiCert SHA2 High Assurance Server CA	`2020-04-29` - `2022-05-03`	2 years	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-30` - `2022-06-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-18` - `2022-10-14`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Frame ID: 3BE9A395108C127493CDEEFFAA1290A3
Requests: 77 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Frame ID: 30A11D228FBD93E2AC72A727580FEF49
Requests: 1 HTTP requests in this frame

Frame: https://bitdefender.demdex.net/dest5.html?d_nsid=0
Frame ID: 3EAD37F2A701375D03321B4D7F9B3FC5
Requests: 5 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-d09a446edefba0dcce5d5143e1840e9a.html
Frame ID: 971C1D486CA781D2D12F3730567CD4D1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions

Page Statistics

79
Requests

89 %
HTTPS

41 %
IPv6

25
Domains

36
Subdomains

29
IPs

4
Countries

3677 kB
Transfer

5960 kB
Size

40
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://www.jazzhr.com/privacy-policy/
Title: Jazzhr

Search URL Search Domain Scan URL

URL: https://www.bitdefender.nl/site/view/legal-privacy-policy-for-bitdefender-websites.html
Title: Bitdefender

Search URL Search Domain Scan URL

URL: https://www.zendesk.com/company/customers-partners/privacy-policy/
Title: Zendesk

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Google

Search URL Search Domain Scan URL

URL: https://legal.hubspot.com/privacy-policy?_ga=2.250808134.1581177119.1522931914-1869930087.1510729546
Title: Hubspot

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://outgrow.co/privacy-policy/?utm_source=footer
Title: Outgrow

Search URL Search Domain Scan URL

URL: https://www.bizible.com/privacy-policy
Title: Bizible

Search URL Search Domain Scan URL

URL: https://www.bizible.com/?utm_medium=redir&utm_source=bizibly
Title: Bizibly

Search URL Search Domain Scan URL

URL: https://www.adobe.com/privacy.html
Title: Adobe

Search URL Search Domain Scan URL

URL: https://www.scarabresearch.com/privacy/
Title: Scarap Research

Search URL Search Domain Scan URL

URL: https://twitter.com/en/privacy
Title: Twitter

Search URL Search Domain Scan URL

URL: https://unsplash.com/
Title: Unsplash

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-us/privacystatement
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://www.lotame.com/about-lotame/privacy/lotames-products-services-privacy-policy/
Title: Lotame

Search URL Search Domain Scan URL

URL: https://www.adobe.com/uk/privacy.html
Title: Adobe

Search URL Search Domain Scan URL

URL: https://liveramp.com/privacy/
Title: LiveRamp

Search URL Search Domain Scan URL

URL: https://www.spiceworks.com/privacy/?source=navbar-footer
Title: Spiceworks

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://login.bitdefender.com/central/login.html?lang=en_US&redirect_url=https:%2F%2Fcentral.bitdefender.com%2F
Title: Bitdefender Central

Search URL Search Domain Scan URL

URL: https://gravityzone.bitdefender.com/
Title: GravityZone CLOUD Control Center

Search URL Search Domain Scan URL

URL: https://community.bitdefender.com/
Title: Join the community!

Search URL Search Domain Scan URL

URL: https://businessresources.bitdefender.com/replace-symantec?utm_campaign=symrep2020&utm_source=web&utm_medium=menu
Title: Switching from Symantec?

Search URL Search Domain Scan URL

URL: https://businessresources.bitdefender.com/gartner-datacenter-revolution-security
Title: Datacenter Revolution and Security

Search URL Search Domain Scan URL

URL: https://threatmap.bitdefender.com/
Title: Threat Map

Search URL Search Domain Scan URL

URL: https://businessresources.bitdefender.com/business-threat-landscape-report-2020
Title: Annual Threat Report

Search URL Search Domain Scan URL

URL: https://businessinsights.bitdefender.com/
Title: Business Insights Blog

Search URL Search Domain Scan URL

URL: https://pan.bitdefender.com/partners/save/
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://pan.bitdefender.com/
Title: Log in to PAN Portal

Search URL Search Domain Scan URL

URL: https://research.bitdefender.com/
Title: Research

Search URL Search Domain Scan URL

URL: https://facebook.com/Bitdefender/

Search URL Search Domain Scan URL

URL: https://twitter.com/bitdefender/

Search URL Search Domain Scan URL

URL: https://instagram.com/bitdefender/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/Bitdefender/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1635512338009 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1635512338009

Request Chain 34

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D359890%26time%3D1635512338140%26url%3Dhttps%253A%252F%252Fwww.bitdefender.com%252Fblog%252Flabs%252Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&liSync=true&e_ipv6=AQJvFvTDjEV3EQAAAXzMIcpXmKqZ5cdoqyCrksE-G-x8uNuWIFwDQ1v-Y-5DXvy_39ME3GCdEg

Request Chain 42

https://cm.everesttech.net/cm/dd?d_uuid=44927482897234176074546902473237365052 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YXvwEgAAAEfk_gQD

Request Chain 63

https://idsync.rlcdn.com/365868.gif?partner_uid=44927482897234176074546902473237365052 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNDQ5Mjc0ODI4OTcyMzQxNzYwNzQ1NDY5MDI0NzMyMzczNjUwNTIQABoNCJLg74sGEgUI6AcQAEIASgA HTTP 307
https://dpm.demdex.net/ibs:dpid=477&dpuuid=380dc8e0d037c0b476e34f9078d0319477e6af4393d651c7b9f875a4f5c735bbb0da87c991749652

Request Chain 71

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3622629340752642162

Request Chain 80

https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=44927482897234176074546902473237365052?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/tpid=44927482897234176074546902473237365052?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=53987511c9cd3098059181d409118cac

Request Chain 81

https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=44927482897234176074546902473237365052&_ct=img HTTP 302
https://mid.rkdms.com/restricted

79 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions Show response
www.bitdefender.com/blog/labs/ 643 KB
109 KB 2027ms
1968ms Document
text/html 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca592fbf9a1c5c07371a818a71e847658b9a00d9797fade1bab265d353f938f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-type: text/html; charset=utf-8
etag: "a0a1f-g9+NEruGZ+V9IO6Sks1iTQV5n+E"
accept-ranges: none
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a5c94026b585a2b-MXP

GET
H2 200 mega_menu.css
www.bitdefender.com/themes/draco/menu_json/ 179 KB
24 KB 117ms
117ms Stylesheet
text/css 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/themes/draco/menu_json/mega_menu.css
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40dbc3181f817a9cb12062ad8bc7fa1a7acdaf340a6b192b9a633e903b120bd9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 16 Aug 2021 14:03:12 GMT
server: cloudflare
etag: W/"611a7020-2ca55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 6a5c940ed8045a2b-MXP

GET
H2 200 fontawesome.css
www.bitdefender.com/themes/draco/menu_json/font-awesome/css/ 99 KB
17 KB 100ms
100ms Stylesheet
text/css 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/themes/draco/menu_json/font-awesome/css/fontawesome.css
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c72d06f598a03fc5ea94f19031891b97f4b4abb3a42fc94974cbe7ccd26dd6fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 10 Jun 2020 15:46:57 GMT
server: cloudflare
etag: W/"5ee10071-18d6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 6a5c940ed80b5a2b-MXP

GET
H2 200 light.css
www.bitdefender.com/themes/draco/menu_json/font-awesome/css/ 679 B
357 B 118ms
117ms Stylesheet
text/css 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/themes/draco/menu_json/font-awesome/css/light.css
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c660fbb2eafabfce77b9c08b7203202a6f81dba21555196c56d1cbd433e75c4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 10 Jun 2020 15:46:57 GMT
server: cloudflare
etag: W/"5ee10071-2a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 6a5c940ed80f5a2b-MXP

GET
H2 200 launch-b77a56f2d5f1.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/ 393 KB
111 KB 76ms
16ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8a6dd07e18b423b791404cd18e1ee9d6558c87616efa6550e06171747504c79c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 06:12:03 GMT
server: AkamaiNetStorage
etag: "7e7990f73ca08b265f875cf15d4f9730:1634623923.424844"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.bitdefender.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 113479
expires: Fri, 29 Oct 2021 13:58:57 GMT

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 90 KB
28 KB 63ms
10ms Script
application/javascript 2a02:26f0:7100::687e:25b1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:25b1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 3269900957596b797ed22998c3ecebc6d76fc59144716c4c196f33307627b776

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 08:01:15 GMT
server: Microsoft-IIS/10.0
etag: "6c8cc17dbfc4d71:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=548
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
accept-ranges: bytes
content-length: 27966
expires: Fri, 29 Oct 2021 13:08:05 GMT

GET
H2 200 352bbb0.js Show response
www.bitdefender.com/blog/_nuxt/ 3 KB
1 KB 79ms
79ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/352bbb0.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08f286f95f075fed860429914ab750799becda340013640b56df16e1140e9260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 10:10:56 GMT
server: cloudflare
age: 1218020
etag: W/"a08-17c836ee780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed8135a2b-MXP

GET
H2 200 1c2e758.js Show response
www.bitdefender.com/blog/_nuxt/ 220 KB
76 KB 72ms
71ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/1c2e758.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

526468e2761ea62dfe18b048c9f47ebfb026f1826fa87ff6151a0507c51ecb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 10:43:21 GMT
server: cloudflare
age: 1303447
etag: W/"37162-17c7e663928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed8185a2b-MXP

GET
H2 200 bae6d12.js Show response
www.bitdefender.com/blog/_nuxt/ 89 KB
31 KB 53ms
53ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/bae6d12.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78cc0c0aac90c165f26d09a518917dad0954f7e6d5a647a3bfc9a7ae6aea8bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 10:43:21 GMT
server: cloudflare
age: 1303447
etag: W/"1656a-17c7e663928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed81c5a2b-MXP

GET
H2 200 6041e3a.css
www.bitdefender.com/blog/_nuxt/css/ 75 KB
16 KB 59ms
59ms Stylesheet
text/css 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/css/6041e3a.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f64a69cb9ca7e38fd8f931dab77248f97e55d26bd48032523f661ccabf9ed45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 10:43:21 GMT
server: cloudflare
age: 1303447
etag: W/"12d52-17c7e663928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
cf-polished: origSize=77138
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed8205a2b-MXP
cf-bgj: minify

GET
H2 200 28c878a.js Show response
www.bitdefender.com/blog/_nuxt/ 115 KB
31 KB 46ms
46ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/28c878a.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9a46e66b96e693c44274b063fff34c7734f72d981bf9f53d44cda8a16b4db3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 10:10:56 GMT
server: cloudflare
age: 1218020
etag: W/"1cb49-17c836ee780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed8255a2b-MXP

GET
H2 200 cb8bf81.js Show response
www.bitdefender.com/blog/_nuxt/ 8 KB
3 KB 62ms
62ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/cb8bf81.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bcc1fb91b5a336d809a81aa0eeb8000f6d94e2aa6b7e4972b40fdae250c4ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 10:43:21 GMT
server: cloudflare
age: 1303441
etag: W/"1fc9-17c7e663928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed8295a2b-MXP

GET
H2 200 61d8236.js Show response
www.bitdefender.com/blog/_nuxt/ 920 B
623 B 62ms
61ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/61d8236.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71334b511b80d76d66fba3f0c142d758c0f0a0c45f329f7bd987d8536e8c7fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 10:43:21 GMT
server: cloudflare
age: 1303446
etag: W/"398-17c7e663928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ed82c5a2b-MXP

GET
H2 200 TagIT.v1.min.js Show response
www.bitdefender.com/scripts/ 15 KB
4 KB 122ms
122ms Script
application/x-javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Fri, 15 Mar 2019 11:31:57 GMT
server: cloudflare
etag: W/"5c8b8d2d-3b83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 6a5c940ed8325a2b-MXP

GET
H2 200 loader.svg
www.bitdefender.com/blog/images/ 3 KB
564 B 156ms
155ms Image
image/svg+xml 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bitdefender.com/blog/images/loader.svg

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2202c4d20285e4859ee85d4e0cb1ef2816bedfb127e6505cf97f790ebf388db0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Fri, 15 Oct 2021 10:07:30 GMT
server: cloudflare
etag: W/"b14-17c836bc2d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c940ffc305a2b-MXP

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 61ms
24ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,600,700,800,900&display=swap

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/themes/draco/menu_json/mega_menu.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e1f98ccf79d380deb41bb2c3a281390b81ccee0e182e47827847a15a4f8e9411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 12:58:57 GMT
server: ESF
date: Fri, 29 Oct 2021 12:58:57 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Fri, 29 Oct 2021 12:58:57 GMT

GET
H2 200 / Show response
www.bitdefender.com/site/Main/TagIT/newsessioninit/ 33 B
709 B 128ms
128ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/site/Main/TagIT/newsessioninit/?callback=&l=en&ch=1635512339

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
p3p: CP="NOI ADM DEV COM NAV OUR STP"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6a5c940ffc335a2b-MXP
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 logo-white.svg
www.bitdefender.com/themes/draco/menu_json/img/ 5 KB
2 KB 44ms
44ms Image
image/svg+xml 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bitdefender.com/themes/draco/menu_json/img/logo-white.svg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/themes/draco/menu_json/mega_menu.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50da0a45caa286f3feaca26be0d29e6984161f2d16364d34fab40a3245ddc604

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/themes/draco/menu_json/mega_menu.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 05 Dec 2019 12:26:34 GMT
server: cloudflare
age: 4
etag: W/"5de8f77a-1592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 6a5c94100c595a2b-MXP

GET
H2 200 fa-light-300.woff2
www.bitdefender.com/themes/draco/menu_json/font-awesome/webfonts/ 167 KB
167 KB 55ms
54ms Font
application/octet-stream 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/themes/draco/menu_json/font-awesome/webfonts/fa-light-300.woff2

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/themes/draco/menu_json/font-awesome/css/light.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83a4f7d376db994e499b627611104adbe197dc7a8e5d4d1069abad0840d5d368

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Referer: https://www.bitdefender.com/themes/draco/menu_json/font-awesome/css/light.css
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 10 Jun 2020 15:46:57 GMT
server: cloudflare
age: 2478
etag: W/"5ee10071-29cd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
strict-transport-security: max-age=63072000; includeSubdomains; preload
cf-ray: 6a5c94100c735a2b-MXP

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 53ms
14ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,600,700,800,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 08:58:25 GMT
x-content-type-options: nosniff
age: 14432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 29 Oct 2022 08:58:25 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 60ms
21ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,600,700,800,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 17:36:17 GMT
x-content-type-options: nosniff
age: 69760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 17:36:17 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 62ms
24ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,600,700,800,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 17:27:37 GMT
x-content-type-options: nosniff
age: 329480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 25 Oct 2022 17:27:37 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/ 12 KB
12 KB 47ms
28ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,600,700,800,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 09:43:56 GMT
x-content-type-options: nosniff
age: 98101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11860
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 09:43:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ 12 KB
12 KB 45ms
30ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,600,700,800,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 01:47:56 GMT
x-content-type-options: nosniff
age: 40261
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11836
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:22 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 29 Oct 2022 01:47:56 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1635512338009
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1635512338009

1 KB
1 KB

31ms
31ms

XHR
application/json

54.154.124.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1635512338009

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

HTTP/1.1

Server

54.154.124.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-124-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ade4dafe1d99e85eeab3b6a1820928858d28749b4acf3d0bd2e7b88034353778

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0fd187a7f.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: UQjrF27RTeY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.bitdefender.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 584
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v019-02e73bb60.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.bitdefender.com
X-TID: 9y1MXJtLSa0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1635512338009
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/ 33 KB
12 KB 15ms
15ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 02e1c4508320ee6bc6b884c4de9a0d73e541b6735fa139cbd957a27f42c72140

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 19:44:20 GMT
server: AkamaiNetStorage
etag: "b135e36e0ffbaaaebca4ed5a17a3a5c5:1631821460.47263"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.bitdefender.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12201
expires: Fri, 29 Oct 2021 13:58:58 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/ 3 KB
2 KB 16ms
16ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a176b44662d7eb55562527b7df840e6eb620d9f326989674a16f0765dc94f360

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 19:44:20 GMT
server: AkamaiNetStorage
etag: "92ba45f9116eed843514845165336fae:1631821460.690196"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.bitdefender.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Fri, 29 Oct 2021 13:58:58 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/ 25 KB
9 KB 17ms
17ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1ee5f7b094d98b34cd4ceca892f1ddbc501f44830edb892fb03ffaf18e6bc3bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 19:44:20 GMT
server: AkamaiNetStorage
etag: "2aedef11dbffdfffc7e7348927f0f82e:1631821460.959901"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.bitdefender.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8766
expires: Fri, 29 Oct 2021 13:58:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 132 KB
50 KB 59ms
23ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-674268845

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a326033cd4dc339c5df35a721871396f9ba3d2f003ff9ba27ff129cd933aed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50362
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 12:58:58 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 434 B
941 B 130ms
59ms XHR
application/json 13.224.94.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=b7702e4099c19fbb2580e68d489df700&page=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&referrer=&page_title=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&src=adobelaunch
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-118.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 73ab4134891bc03f73ec07bb004c94aea2614dc964987c79a056202fdb5d94ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
request-id: 07d27cb0-4ce9-4eb9-8f0b-1236e16c4613
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.bitdefender.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _ER120nMFurq0JbMRvgqun1cAEv0apTW8w5Veil5dabNBH3D10Eeyw==
expires: Thu, 28 Oct 2021 12:58:58 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 44ms
10ms Script
application/x-javascript 2a02:26f0:6c00::210:ba13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba13 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 12:58:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=74068
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 214 KB
65 KB 33ms
9ms Script
application/javascript 35.201.112.186
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6e32f63dd434ba2ad979baf3505dd9799fdba147d42c741499570b0f89772485

Request headers

Referer: https://www.bitdefender.com/
Origin: https://www.bitdefender.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:37:55 GMT
content-encoding: gzip
age: 1263
x-guploader-uploadid: ADPycduOVEJrZByp6EnVTDxHJvq8lxkIHBL2JNpfn2C7hYhqAglW1tLwHlabu92bEq5n07pqr8j-4tLR-sqi72xlfCUKI5NiLg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 65756
last-modified: Fri, 22 Oct 2021 13:31:18 GMT
server: UploadServer
etag: "78bfcd9e787ee51c630b345c13628ef7"
x-goog-hash: crc32c=bWNSkA==, md5=eL/Nnnh+5RxjCzRcE2KO9w==
x-goog-generation: 1634909478215473
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 65756
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 29 Oct 2021 13:37:55 GMT

GET
H2 200 hotjar-37798.js Show response
static.hotjar.com/c/ 38 KB
7 KB 57ms
25ms Script
application/javascript 13.224.94.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-37798.js?sv=6

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.94.124 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-94-124.zrh50.r.cloudfront.net

Software

Resource Hash

2c51837297bbcbd5bf37d277d31bce1884df71842600ed8ed36719d07a26df05

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:10 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 48
etag: W/ab93cdf055c0639197b57faa24100682
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: EllK0AfCe6eaFagr08iXvGH6E0c4LJLv0vz4xLQl0fMq4ds9VvPtIA==
via: 1.1 8455bcb2c0203b0c4ee93b610d75e69b.cloudfront.net (CloudFront)

GET
H2 200 bc-v3.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame 30A1 2 KB
1 KB 65ms
19ms Document
text/html 2a02:26f0:1700:781::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:781::f09 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0297ba54fff0a052c5761457790e80dc093b93b152edee473485af46c022ad75

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/

Response headers

accept-ranges: bytes
content-type: text/html
etag: "b10de1f5f615a79259ac9e34f470ce1d:1615283706.572935"
last-modified: Tue, 09 Mar 2021 09:55:06 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=447
expires: Fri, 29 Oct 2021 13:06:25 GMT
date: Fri, 29 Oct 2021 12:58:58 GMT
content-length: 895
server-timing: cdn-cache; desc=HIT edge; dur=1

GET
H2 200 / Show response
www.bitdefender.com/site/Main/TagIT/getparams/ 53 B
202 B 142ms
141ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/site/Main/TagIT/getparams/?callback=TagIT_getParams_callback&callback2=&l=en&ch=1635512340

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
p3p: CP="NOI ADM DEV COM NAV OUR STP"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6a5c941168b35a2b-MXP
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D359890%26time%3D1635512338140%26url%3Dhttps%253A%252F%252Fwww.bitdefender.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions...

0
155 B

362ms
175ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&liSync=true&e_ipv6=AQJvFvTDjEV3EQAAAXzMIcpXmKqZ5cdoqyCrksE-G-x8uNuWIFwDQ1v-Y-5DXvy_39ME3GCdEg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:59 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: A6Mrrc6BshZQY0wjNysAAA==

Redirect headers

date: Fri, 29 Oct 2021 12:58:59 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=359890&time=1635512338140&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&liSync=true&e_ipv6=AQJvFvTDjEV3EQAAAXzMIcpXmKqZ5cdoqyCrksE-G-x8uNuWIFwDQ1v-Y-5DXvy_39ME3GCdEg
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: XzFIl86BshZQt8T7lSsAAA==

GET
H2 200 modules.d4630e91cffbd6b56a37.js Show response
script.hotjar.com/ 222 KB
59 KB 48ms
16ms Script
application/javascript 13.224.94.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.d4630e91cffbd6b56a37.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-37798.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.94.39 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-94-39.zrh50.r.cloudfront.net

Software

Resource Hash

dd8bce41d0be6d4e5449bef910b493bcf872a4189a361451102996bfe0082f3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 10:41:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94673
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59861
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 10:40:59 GMT
etag: "fe2e85deda154f5a6e0e0112bec8a18c"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e6b325a976b10aa826ec63757afbdedb.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: gwOSuaZdVpFPwQSU89cALcgJyK-8VF8hi5eNF3xVZRLvbpNqpdg3MQ==

GET
H2 200 jquery.js Show response
www.bitdefender.com/blog/js/ 87 KB
30 KB 177ms
177ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/js/jquery.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c5553217c782b518e313cb40a8de37438437a417df3f61e0cf020eadfd64f15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Fri, 15 Oct 2021 10:07:30 GMT
server: cloudflare
etag: W/"15d9e-17c836bc2d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c941178c75a2b-MXP

GET
H2 200 jquery.highlight.js Show response
www.bitdefender.com/themes/draco/menu_json/js/vendor/ 4 KB
1 KB 99ms
98ms Script
application/x-javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/themes/draco/menu_json/js/vendor/jquery.highlight.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12f3a300c0e1986c56f2f186dfc63605f495e882996e2ea671050862e73c3c9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Thu, 05 Dec 2019 12:26:34 GMT
server: cloudflare
etag: W/"5de8f77a-f8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 6a5c941178df5a2b-MXP

GET
H2 200 main.js Show response
www.bitdefender.com/themes/draco/menu_json/js/ 16 KB
3 KB 86ms
86ms Script
application/x-javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/themes/draco/menu_json/js/main.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95d238ddebd5c0c7b63f3d3c235cff439860f7406e98b997ec170c1072507b28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 05 Oct 2021 07:35:36 GMT
server: cloudflare
etag: W/"615c0048-3f42"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 6a5c941178e25a2b-MXP

POST
H2 202 page Show response
rs.fullstory.com/rec/ 52 B
230 B 139ms
115ms XHR
text/plain 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rs.fullstory.com/rec/page

Requested by

Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.194.58 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

58.194.186.35.bc.googleusercontent.com

Software

Resource Hash

1776651e4a3c9aeb0124d70ef86c2832dc6900251e7771124b482283256d710d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bitdefender.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
via: 1.1 google
x-content-type-options: nosniff
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.bitdefender.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 52

GET
H/1.1 200
OK dest5.html Show response
bitdefender.demdex.net/ Frame 3EAD 7 KB
3 KB 138ms
33ms Document
text/html 108.128.120.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bitdefender.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.120.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-120-92.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 29 Oct 2021 12:58:58 GMT
DCS: dcs-prod-irl1-2-v019-0550d3c00.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 14 Oct 2021 11:09:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: l2dWbLq5QQk=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
sstats.bitdefender.com/ 48 B
514 B 64ms
15ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sstats.bitdefender.com/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&mid=44901075848190829444544330479019521019&ts=1635512338201

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

fe6ca05308b5bac925635c3cfa3eb50b8c1bd01ece66e45d40d1ab959fba457e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bitdefender.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-b4c7fdd79-77jdn
vary: Origin
x-c: main-1540.I13d07b.M0-522
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bitdefender.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YXvwEgAAAEfk_gQD
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=44927482897234176074546902473237365052
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YXvwEgAAAEfk_gQD

42 B
945 B

34ms
34ms

Image
image/gif

54.154.124.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YXvwEgAAAEfk_gQD

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

HTTP/1.1

Server

54.154.124.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-124-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-026df6ecb.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: hLRK+ZNQSqU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YXvwEgAAAEfk_gQD
Date: Fri, 29 Oct 2021 12:58:58 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 284 B
511 B 135ms
49ms XHR
application/json 63.32.151.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=9bb0973dc51340128b3a2f256de3e60d&version=2.6.1
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.151.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-151-178.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c3843320907494f7d2006acb67749810a3a7d13358e4e3cbad413c2071b9ae4c

Request headers

Referer: https://www.bitdefender.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.bitdefender.com
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
access-control-allow-credentials: true
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
x-request-id: 78126199786a19431906df69707ac63a
content-type: application/json;charset=UTF-8

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 67ms
18ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-674268845

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

afc9ea91964f1089ed3afcc20604ffa0107862a6d992ddc37ae0d21afa441b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14418
x-xss-protection: 0
server: cafe
etag: 2987026233222861869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Oct 2021 12:58:58 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/674268845/ 2 KB
2 KB 47ms
22ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674268845/?random=1635512338295&cv=9&fst=1635512338295&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&tiba=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&hn=www.googleadservices.com&us_privacy=1YNY&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f29c0ca60c52cdb53cc8a1e6e938f8a3ccaef68968b0c8ed7b1ee5466ee60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1116
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
fls.doubleclick.net/ 40 B
846 B 59ms
22ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fls.doubleclick.net/json?spot=5165113&src=&var=s_3_Integrate_DFA_get_0&host=integrate.112.2o7.net%2Fdfa_echo%3Fvar%3Ds_3_Integrate_DFA_get_0%26AQE%3D1%26A2S%3D1&ord=2683869624191

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

121d7327471295d2aa1878ef94c8ab756375856d08ae24d3df11fa549e241633

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60
x-xss-protection: 0
pragma: no-cache
server: cafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
geolocation-db.com/json/ 0
0

GET
H2 200 RCcc4046503e554f9d879079476ec89322-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/fc50dab9bd6e/ 494 B
569 B 15ms
14ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/fc50dab9bd6e/RCcc4046503e554f9d879079476ec89322-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 345918ac49e929b4473abc5662491e2583de13ba9b4967fdc2c3fb10bad42e57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 06:12:04 GMT
server: AkamaiNetStorage
etag: "86044a1e5d42778fd0b1375fc7acf9bc:1634623924.316144"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.bitdefender.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 301
expires: Fri, 29 Oct 2021 13:58:58 GMT

GET
H2 200 istrate-cristian-bio.jpg
blogapp.bitdefender.work/labs/content/images/2021/10/ 33 KB
33 KB 73ms
35ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/10/istrate-cristian-bio.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 83c552e01c80588493e5c4fcdefce7f00cfbe8ef6f462f38425b218e69a9def9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 28761
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 33559
last-modified: Tue, 26 Oct 2021 18:32:27 GMT
server: cloudflare
etag: W/"8317-17cbde0049b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFXOu23582HFGL%2BiGZcd%2FzB5kThq1qnLxw8xCHm8iWIJ7RHDxBWrvSLnnuEfEa4XuIyygaELqbzAfgxFZl64GKf%2FDMZRw2KFTfl2ncp9rsMcqLQy1bJYeMIZfujNRX1jQg9eZtDSClB7gXECZ8ZdhwftzBzPP2o%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140dd77051-FRA

GET
H2 200 bbiro.jpg
blogapp.bitdefender.work/labs/content/images/2021/10/ 164 KB
164 KB 73ms
36ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/10/bbiro.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4b0ca769395c7807c623e64dc4338fb5875522f4856c99293d16b19c8bf99dbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 517375
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 167687
last-modified: Sat, 23 Oct 2021 13:07:20 GMT
server: cloudflare
etag: W/"28f07-17cad434838"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwvUY2eMN9jcjpR9pSHNyrn35VSyWZZ9%2BqQwyRXR6VbrX14%2FHpOfygSPDR00XPWk4%2FWaq38eV0G3GABnPMxPt6zaWxd11uEaozH4zlHHS2TSOgf4z4aHsKM4R1FTGdEjo8qKoi6mho4zrODoNVRhdoihKukCvN0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94141df27051-FRA

GET
H2 200 rbleotu.jpg
blogapp.bitdefender.work/labs/content/images/2021/10/ 39 KB
39 KB 70ms
33ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/10/rbleotu.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4c65142bbf6d5f9d3ba699d382942003313c384f348b87098aa067d557256228

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 517374
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 39553
last-modified: Sat, 23 Oct 2021 13:13:09 GMT
server: cloudflare
etag: W/"9a81-17cad489e6c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2B326eM69o3bg97U9rmzh4A%2BCBpvYrGJ2Y660ThWW6K00%2Fbd9BkBZt23g%2FcGmQWUUuQ0bRJPR5e5Dw%2FC%2Fv%2FpmNyCi%2BdlV%2B1zi6KDDkTT9tlYCI3172RhTo4UF%2F%2F%2B21TexAyJUYN1H4WC1VWurJiuPY7ULa%2Bl0f0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140ddd7051-FRA

GET
H2 200 claudiu_coblis.jpg
blogapp.bitdefender.work/labs/content/images/2021/10/ 399 KB
400 KB 73ms
36ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/10/claudiu_coblis.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 74972ad3cb122fcad6d803479d4577adc67f1ffe63e7800398c074cbbd517428

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 28761
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 408723
last-modified: Tue, 26 Oct 2021 18:36:23 GMT
server: cloudflare
etag: W/"63c93-17cbde39c69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FcS8rQKRq0j%2BQy9ePmNfxyYtluXx8Bn7KKRF%2B9LgqlJekhtaFXyfsHhc0J6yN1Nyxsv%2FV%2B6Xb7asNpR08NJ9Y6drL14LMlTfc6szGb5SvI%2FsJPt8%2B6AFrgLF6ug39%2FniNw6qrWaGotEOeju%2F9VVDQJIqDJaZWYk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140dde7051-FRA

GET
H2 200 malware-in-message.jpg
blogapp.bitdefender.work/labs/content/images/2021/10/ 85 KB
85 KB 74ms
37ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/10/malware-in-message.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 73bc71a064b4ad9877832d035e22ad628e0f7b65bbcc0c4a03362d8fc5dd9d1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36183
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 86546
last-modified: Wed, 20 Oct 2021 12:57:57 GMT
server: cloudflare
etag: W/"15212-17c9dc79c0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02lLUzrXb9kPxEU48iz8%2Bk%2BLEeQ%2BuSNWKtaGbub1MUE076AgiHPt1vjQ6uCmcG%2F3HVIXIu0akyzrrSyLJpmM3EDwv4bPNScN39fewegW7yG7qXoWqqDG83eklri0Vo4d%2FZMrrtRtAXrGF5oUIjrgTYTnbcTOAGE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140dd87051-FRA

GET
H2 200 antivirus-5930412_1920.jpg
blogapp.bitdefender.work/labs/content/images/2021/07/ 328 KB
328 KB 73ms
36ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/07/antivirus-5930412_1920.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2fe1e5d88f1984ee5480c7a96fb0f0e115395c0137fd1ae24a42a4846cb6d949

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8624269
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 335618
last-modified: Wed, 21 Jul 2021 17:15:38 GMT
server: cloudflare
etag: W/"51f02-17aca10d64d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BL9a7l10JRE9%2F8Q7zKttkZhSOFkV7q%2BhivHl5SFss4FGlpMeD4wYdEtHuA1g%2FmpoUuV5lauJw6%2Foc2KgchxaE4%2FYFsdBMF%2FRsvFPpsl3EKvjjJUnyXVfwAd8aN23jq4lmbamDYmg6qas8GNzhgRcfS4MSPkE7ZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140de57051-FRA

GET
H2 200 Group-of-Teenage-Hackers-Organize-Attack-on-Corporate-Data-Servers.-Their-Lair-is-Dark-and-Full-of-Operating-Displays.-817486038_5000x2813.jpeg
blogapp.bitdefender.work/labs/content/images/2021/07/ 215 KB
215 KB 72ms
37ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/07/Group-of-Teenage-Hackers-Organize-Attack-on-Corporate-Data-Servers.-Their-Lair-is-Dark-and-Full-of-Operating-Displays.-817486038_5000x2813.jpeg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 0454df4848bf3395281ef4be4989da60737b013769300ff3a46d067dd0093398

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3862987
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 220010
last-modified: Tue, 06 Jul 2021 08:50:49 GMT
server: cloudflare
etag: W/"35b6a-17a7b0344d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v65Ai6CK8IEwbo7HFmEani2al9HvgjeSqpsvEyEYgHqICy%2BgWRSB9ctPEE0f3Wr0sXMb3PrK3WQXgrAXzu16jAteHYO0zccfFGNsyrOAty7N9htANuABcCgUxtblmN2Bv6kO3WDiv0tNeigp4gmU8OG1%2FzhvAdo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140de27051-FRA

GET
H2 200 ransomware-2318381_1920.jpg
blogapp.bitdefender.work/labs/content/images/2021/06/ 89 KB
89 KB 53ms
18ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/2021/06/ransomware-2318381_1920.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 0ba42fd044d01934a04dab350190eabdc79798d67a8c0237f6c3207edff78159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9413259
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 90790
last-modified: Wed, 02 Jun 2021 07:58:14 GMT
server: cloudflare
etag: W/"162a6-179cbbae983"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Es2sAgRfgO7WQ2K6Dsc%2Be70jGfJpwDSTcp2kxBGGMQCQOO5WVj09qV739R983iFVr2uecAv2hh0iPLZP0Mk3rR%2BXOdLqWz7A3qATDDC3OXrY6PNYEo%2Bcf1iPcsyIGV7HCK61JHpSFdlqZSFiNe9xPq%2B93%2FikuKM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140dd57051-FRA

GET
H2 200 iStock-155216701.jpg
blogapp.bitdefender.work/labs/content/images/wordpress/2021/04/ 1 MB
1 MB 71ms
36ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/wordpress/2021/04/iStock-155216701.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: ad74673605555b2b5c1dd3bbe3ba80b9a1302722938cab9173fb8a29aae9b556

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9873928
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1068065
last-modified: Tue, 18 May 2021 19:55:30 GMT
server: cloudflare
etag: W/"104c21-179810c32b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wvAa%2F%2BByLNXqzywQ7gRDYd9OXjBZg4B4aIRq%2Fnbd36RkD1xVoni9jlYG6drK4lC5AGOlc8hl7X0xnmbTAU3NN2b9dWsaZPv877GBnoeTR6JgrpkD4n%2FAnFcy7YhI3D8q6r95TCQs%2BnFsdV%2FZJwn3KdQ3KrQzD1o%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94141ded7051-FRA

GET
H2 200 grandcrab-1.jpg
blogapp.bitdefender.work/labs/content/images/wordpress/2018/02/ 226 KB
227 KB 104ms
69ms Image
image/jpeg 2606:4700:3031::ac43:8d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.work/labs/content/images/wordpress/2018/02/grandcrab-1.jpg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d4c63296e9c874aa7d3c1e4fae89f4fbd0cf2c07e91cee2ee881d48656cbfbe0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5731145
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 231437
last-modified: Tue, 18 May 2021 19:55:20 GMT
server: cloudflare
etag: W/"3880d-179810c0aff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RYNCapb7o3OGrQPhWJ5I1ixUsLQ4ckMiE6fzco3mHSPivSBGoBlTid2iAPIygoOS4padxsP4gZ949fJY7yGCft2xA0ylaqJt3x6Q4vUJuw96MForuDO%2F6oSZAaLWWtbD0RsJgEW6RXzSJz1vmb3RFUxmGU8hZQ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6a5c94140ddf7051-FRA

GET
H2 200 /
www.google.com/pagead/1p-user-list/674268845/ 42 B
548 B 67ms
29ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/674268845/?random=1635512338295&cv=9&fst=1635508800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&tiba=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&async=1&fmt=3&is_vtc=1&random=2865281338&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/674268845/ 42 B
548 B 43ms
19ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/674268845/?random=1635512338295&cv=9&fst=1635508800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&tiba=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&async=1&fmt=3&is_vtc=1&random=2865281338&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s63105288547909 Show response
sstats.bitdefender.com/b/ss/bitdefenderproduction/10/JS-2.22.2-LBWB/ 987 B
1 KB 47ms
47ms Script
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sstats.bitdefender.com/b/ss/bitdefenderproduction/10/JS-2.22.2-LBWB/s63105288547909?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=29%2F9%2F2021%2012%3A58%3A58%205%200&d.&nsid=0&jsonv=1&coop_safe=1&.d&sdid=2FE0516F7362D847-6C2C4A140DE68B6C&mid=44901075848190829444544330479019521019&aamlh=6&ce=UTF-8&cdp=2&fpCookieDomainPeriods=2&pageName=blog%3Alabs%3Aantimalware-research%3Adigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&g=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&c.&inList=3.0&apl=4.0&getPercentPageViewed=5.0.1&handlePPVevents=n%2Fa&p_fo=3.0&.c&cc=EUR&ch=blog&server=www.bitdefender.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=labs&v1=blog%3Alabs%3Aantimalware-research%3Adigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&c2=antimalware-research&c3=digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&v3=D%3Dc8&c4=production&v4=D%3Dc9&c5=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&v5=Bot%20detected&v6=D%3Dc6&c7=en&v7=D%3Dc7&c8=29%2F10%2F2021&c9=12%3A58%7C12%3A00-12%3A59%7Cfriday%7Cgmt&c10=%7C&c12=undefined&c13=highestPercentViewed%3D%20%7C%20initialPercentViewed%3D%20%2B%20%7C%20foldsSeen%3D%20%7C%20foldsAvailable%3D&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

39460201a2bbb23db936ae22b4cb5d3f2d1d502b6d4054881f1400c900bbd3cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-aam-tid: MWbcSUb3Rj4=
date: Fri, 29 Oct 2021 12:58:58 GMT
x-content-type-options: nosniff
x-c: main-1540.I13d07b.M0-522
p3p: CP="This is not a P3P policy"
vary: *
content-length: 987
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v019-026df6ecb.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Sat, 30 Oct 2021 12:58:58 GMT
server: jag
xserver: anedge-b4c7fdd79-mlkcl
etag: 3512236002806169600-4619693083215612018
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Thu, 28 Oct 2021 12:58:58 GMT

GET
H2 200 RC472316cf351947379963ff5bb35b079a-source.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/fc50dab9bd6e/ 529 B
607 B 14ms
13ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/fc50dab9bd6e/RC472316cf351947379963ff5bb35b079a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: da6315cea520fcb649981a935777e39cee2e73b93a4d013862753fffbbd6052c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 06:12:04 GMT
server: AkamaiNetStorage
etag: "86044a1e5d42778fd0b1375fc7acf9bc:1634623924.316144"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.bitdefender.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 338
expires: Fri, 29 Oct 2021 13:58:58 GMT

GET
H/1.1

200
OK

ibs:dpid=477&dpuuid=380dc8e0d037c0b476e34f9078d0319477e6af4393d651c7b9f875a4f5c735bbb0da87c991749652
dpm.demdex.net/ Frame 3EAD
Redirect Chain

https://idsync.rlcdn.com/365868.gif?partner_uid=44927482897234176074546902473237365052
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNDQ5Mjc0ODI4OTcyMzQxNzYwNzQ1NDY5MDI0NzMyMzczNjUwNTIQABoNCJLg74sGEgUI6AcQAEIASgA
https://dpm.demdex.net/ibs:dpid=477&dpuuid=380dc8e0d037c0b476e34f9078d0319477e6af4393d651c7b9f875a4f5c735bbb0da87c991749652

42 B
945 B

45ms
45ms

Image
image/gif

54.154.124.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=477&dpuuid=380dc8e0d037c0b476e34f9078d0319477e6af4393d651c7b9f875a4f5c735bbb0da87c991749652

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

HTTP/1.1

Server

54.154.124.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-124-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bitdefender.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-03035d387.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 38GzcCSRSmI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Fri, 29 Oct 2021 12:58:58 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dpm.demdex.net/ibs:dpid=477&dpuuid=380dc8e0d037c0b476e34f9078d0319477e6af4393d651c7b9f875a4f5c735bbb0da87c991749652
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 87ff988.js Show response
www.bitdefender.com/blog/_nuxt/ 17 KB
4 KB 41ms
41ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/87ff988.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/352bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c23c4c166a748b73e19826d7a8aed00e962a6d56c8633b37a44a06c15b12d9f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 10:10:56 GMT
server: cloudflare
age: 1217811
etag: W/"420f-17c836ee780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c941408f25a2b-MXP

GET
H2 200 box-d09a446edefba0dcce5d5143e1840e9a.html Show response
vars.hotjar.com/ Frame 971C 2 KB
1 KB 42ms
13ms Document
text/html 13.224.94.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-d09a446edefba0dcce5d5143e1840e9a.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-37798.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-108.zrh50.r.cloudfront.net
Software: /
Resource Hash: 69ae95b7f73e2899d0c398ed4fb9faba242bbec4d0a58b182e4dd0e7808f01ac

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/

Response headers

content-type: text/html
content-length: 1044
date: Wed, 20 Oct 2021 07:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "63e08f928469ab67d9dac30c065ed182"
last-modified: Wed, 20 Oct 2021 07:15:01 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0baaefd2451e4f0e2d5ea55eb90f4a1a.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: iJR_kbSdn-ntpnGCSsM3Pl7KPdjyVNMOOwwyntTbpk3Z61BpVtIWxw==
age: 798233

GET
H2 200 ee38c350.min.js Show response
tag.demandbase.com/ 58 KB
16 KB 72ms
26ms Script
application/javascript 13.224.94.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/ee38c350.min.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.115 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-115.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a274dd3d80e88c7b7ec742422f85305c89f63195842f6cb955b8da91335bd368

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 8pk_rQfLkgrMhc1cNNDijb5bToidT25O
content-encoding: gzip
last-modified: Fri, 18 Dec 2020 19:38:34 GMT
server: AmazonS3
age: 1893
etag: W/"1d276aec4bfe79f4e9516e872ebcfdf5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 0c476b4e93e7b13a5f68b185a8e9753c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Fri, 29 Oct 2021 12:28:28 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: sgVPqmyCggHzZqPL9V3FE_Yp6QTnzHHkkyEULMWwB5hQprbuwb7Rug==

GET
H2 200 6575976.js Show response
www.bitdefender.com/blog/_nuxt/ 8 KB
2 KB 38ms
38ms Script
application/javascript 2606:4700::6812:a8de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/blog/_nuxt/6575976.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/352bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a8de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

630704f204b4eb229b3099efbece0fdcc352461a582f879da98bf06b9900cec7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 10:43:21 GMT
server: cloudflare
age: 1303442
etag: W/"1ee9-17c7e663928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 6a5c941429575a2b-MXP

GET
H2 200 cc.js Show response
consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/ 233 KB
57 KB 120ms
118ms Script
application/x-javascript 2a02:26f0:7100::687e:25b1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/cc.js?renew=false&referer=www.bitdefender.com&culture=en_US&dnt=false&forceshow=false&cbid=4a55b566-7010-4633-9b03-7ba7735be0b6&brandid=CookieConsent&framework=
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:25b1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 56bfa8e48186b823f5e56196a61182458e0968bdce3b4ba9b00d3d1d33c7127e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
last-modified: Fri, 29 Oct 2021 12:58:58 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
access-control-allow-headers: cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 57445
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/37798/ 146 B
323 B 105ms
36ms XHR
application/json 63.34.251.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/37798/visit-data?sv=6
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/bae6d12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.251.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-251-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1f93261e6db2c54e59dd3384dbb44d59a47c0118c3526bec3a3e5f52925e5243

Request headers

Referer: https://www.bitdefender.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/674268845/ 3 KB
1 KB 74ms
72ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674268845/?random=1635512338634&cv=9&fst=1635512338634&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&tiba=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&hn=www.googleadservices.com&us_privacy=1YNY&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6c657dc58578e2e6dae931e5624201902296572803d41f5233edabcc322f22e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1118
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=22052&dpuuid=3622629340752642162
dpm.demdex.net/ Frame 3EAD
Redirect Chain

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3622629340752642162

42 B
945 B

31ms
31ms

Image
image/gif

54.154.124.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3622629340752642162

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

HTTP/1.1

Server

54.154.124.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-124-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bitdefender.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-06aa8172b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: oBR+f0wFQRQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Fri, 29 Oct 2021 12:58:58 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location: https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3622629340752642162
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 185
Expires: 0,Sat, 30 Oct 2021 08:58:58 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 434 B
942 B 80ms
80ms XHR
application/json 13.224.94.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&page_title=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&src=tag&key=4df37d5c7636f0687f8288c1a889681f
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/_nuxt/bae6d12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-118.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 73ab4134891bc03f73ec07bb004c94aea2614dc964987c79a056202fdb5d94ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 12:58:58 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
request-id: 0c63651a-560d-4163-8c01-a5b125b8b5e4
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.bitdefender.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2V4bfISZVL5Y22R-JW7UQFD_Ruwq4uAnf3td9yw3M_ZwtYnbfi3Ttw==
expires: Thu, 28 Oct 2021 12:58:58 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f29b4389a6e08bf3ffcdfb097597d5621b4abac31a74f89c3fa3537dc428e68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 964 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d47bcf54431b918d4b86953244677a675940b21844a2ac41bee9b690415eb0b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98ccd33e523985efa588344a13932892db38b1335243f989dd366450db8ea68d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 973 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43e8590e9574c075959f307b06c6089707927b5222f8855adbcb28aabc286867

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 /
www.google.com/pagead/1p-user-list/674268845/ 42 B
108 B 30ms
28ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/674268845/?random=1635512338634&cv=9&fst=1635508800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&tiba=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&async=1&fmt=3&is_vtc=1&random=3737166806&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/674268845/ 42 B
108 B 21ms
19ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/674268845/?random=1635512338634&cv=9&fst=1635508800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fwww.bitdefender.com%2Fblog%2Flabs%2Fdigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions&tiba=Digitally-Signed%20Rootkits%20are%20Back%20%E2%80%93%20A%20Look%20at%20FiveSys%20and%20Companions&async=1&fmt=3&is_vtc=1&random=3737166806&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=121998&dpuuid=53987511c9cd3098059181d409118cac
dpm.demdex.net/ Frame 3EAD
Redirect Chain

https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=44927482897234176074546902473237365052?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/tpid=44927482897234176074546902473237365052?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=53987511c9cd3098059181d409118cac

42 B
945 B

32ms
32ms

Image
image/gif

54.154.124.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=53987511c9cd3098059181d409118cac

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions

Protocol

HTTP/1.1

Server

54.154.124.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-124-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bitdefender.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0d891b5f4.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: dftmwjiITWQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 29 Oct 2021 12:58:58 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://dpm.demdex.net/ibs:dpid=121998&dpuuid=53987511c9cd3098059181d409118cac
cache-control: no-cache
x-server: 10.45.1.111
content-length: 0
expires: 0

GET
H2

200

restricted
mid.rkdms.com/ Frame 3EAD
Redirect Chain

https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=44927482897234176074546902473237365052&_ct=img
https://mid.rkdms.com/restricted

0
0

98ms
98ms

Image
text/html

34.226.109.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mid.rkdms.com/restricted
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and-companions
Protocol: H2
Server: 34.226.109.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-226-109-28.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bitdefender.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Redirect headers

location: /restricted
date: Fri, 29 Oct 2021 12:58:59 GMT
server: nginx
content-length: 0

POST /
sentry.nmbapp.net/api/226/store/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: geolocation-db.com
URL: https://geolocation-db.com/json/

Domain: sentry.nmbapp.net
URL: https://sentry.nmbapp.net/api/226/store/?sentry_version=7&sentry_client=raven-js%2F3.27.2&sentry_key=99d7163a20d04f5280109760e2e1ea86

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bitdefender.com/	1969-12-31 23:59:59	Name: tagit_session Value: 1
www.bitdefender.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1vgkgd1rl2atdii8uiprijclb5
.bitdefender.com/	1970-01-20 07:04:08	Name: bd112 Value: U1ICAA%3D%3D
.bitdefender.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 02:37:44	Name: demdex Value: 44927482897234176074546902473237365052
.bitdefender.com/	1969-12-31 23:59:59	Name: AMCVS_0E920C0F53DA9E9B0A490D45%40AdobeOrg Value: 1
.bitdefender.com/	1970-01-20 00:28:08	Name: _gcl_au Value: 1.1.1486039153.1635512338
.bitdefender.com/	1970-01-20 07:04:08	Name: _hjid Value: 24a9aef7-6db7-4e3a-a4e4-536c7c0a2533
.bitdefender.com/	1970-01-19 22:18:34	Name: _hjFirstSeen Value: 1
.bitdefender.com/	1970-01-20 15:49:44	Name: s_ecid Value: MCMID%7C44901075848190829444544330479019521019
www.bitdefender.com/	1969-12-31 23:59:59	Name: tagit_params Value: %7B%22obj%22%3A%5B%5D%7D
.everesttech.net/	1970-01-20 07:04:08	Name: everest_g_v2 Value: g_surferid~YXvwEgAAAEfk_gQD
.dpm.demdex.net/	1970-01-20 02:37:44	Name: dpm Value: 44927482897234176074546902473237365052
.bitdefender.com/	1970-01-20 15:52:37	Name: mbox Value: session#9bb0973dc51340128b3a2f256de3e60d#1635514199\|PC#9bb0973dc51340128b3a2f256de3e60d.37_0#1698757139
.bitdefender.com/	1970-01-19 22:18:34	Name: s_dfa Value: bitdefenderproduction
.doubleclick.net/	1970-01-20 07:40:08	Name: IDE Value: AHWqTUkuZCRGYSNYIbX5hEQptxqi-aPjthv8-3VhOyRXM7gDXd2VaH75OY2vDHls_II
.bitdefender.com/	1970-01-20 15:49:44	Name: AMCV_0E920C0F53DA9E9B0A490D45%40AdobeOrg Value: -1124106680%7CMCIDTS%7C18930%7CMCMID%7C44901075848190829444544330479019521019%7CMCAAMLH-1636117138%7C6%7CMCAAMB-1636117138%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1635519538s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18937%7CvVersion%7C5.2.0
.bitdefender.com/	1969-12-31 23:59:59	Name: s_ips Value: 1200
.bitdefender.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.rlcdn.com/	1970-01-20 07:04:08	Name: rlas3 Value: ZwQ+5toI+uu+I+hA8H6rSo7v+Yf1KMUIsmQ9Z9jNhWQ=
.bitdefender.com/	1970-01-20 00:42:32	Name: aam_uid Value: 44927482897234176074546902473237365052
.rlcdn.com/	1970-01-19 23:44:56	Name: pxrc Value: CJLg74sGEgUI6AcQABIGCPHrARAA
www.bitdefender.com/	1970-01-19 22:18:32	Name: _hjIncludedInPageviewSample Value: 1
.bitdefender.com/	1970-01-19 22:18:34	Name: _hjAbsoluteSessionInProgress Value: 0
www.bitdefender.com/	1970-01-19 22:18:32	Name: _hjIncludedInSessionSample Value: 1
.linkedin.com/	1970-01-19 23:01:44	Name: UserMatchHistory Value: AQKuCHCMqaky8wAAAXzMIch-KopBXNQ_lRnAAcqU8N5H7Ysn-XgwFA-SCli-O1RRVN69OjwmoE8ZcQ
.linkedin.com/	1970-01-19 23:01:44	Name: AnalyticsSyncHistory Value: AQJOldFYhpWLMgAAAXzMIch-avWlCOZiJWikT_Pp5zu08qHta2n3xlKGnb867eV48MNu9FxI3h2llcIpsflsEQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 15:50:26	Name: bcookie Value: "v=2&472776c4-dd4c-488c-8c00-827febe0420c"
.linkedin.com/	1970-01-19 22:19:58	Name: lidc Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2347:u=1:x=1:i=1635512338:t=1635598738:v=2:sig=AQHHYDXHKzpDWwOiVEDZ2jkrp_IPbfZn"
.demdex.net/	1970-01-20 02:37:44	Name: dextp Value: 60-1-1635512338555\|22052-1-1635512338693\|121998-1-1635512338797\|129099-1-1635512338898
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:50:26	Name: bscookie Value: "v=1&20211029125858ef1724d7-f793-44ae-8691-68b5ae445df8AQH3NJDozqtTTfOj05ROKP90A7YeJdIi"
.linkedin.com/	1970-01-20 15:40:11	Name: li_gc Value: MTswOzE2MzU1MTIzMzg7MjswMjH9OLojND3oWXQcLalobbFFtfrMwnLz36pwA15SJhHmVQ==
.crwdcntrl.net/	1970-01-20 04:47:17	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 04:47:17	Name: _cc_id Value: 53987511c9cd3098059181d409118cac
.crwdcntrl.net/	1970-01-20 04:47:20	Name: _cc_cc Value: "ACZ4XmNQMDW2tDA3NTRMtkxOMTawtDAwtTS0MEwxMbA0NLRITkxmAILE6g9CIBoKADFWCdc%3D"
.crwdcntrl.net/	1970-01-20 04:47:20	Name: _cc_aud Value: "ABR4XmNgYGBIrP4gBKSgAAAXpQHf"
.bitdefender.com/	1969-12-31 23:59:59	Name: s_tp Value: 3783
.bitdefender.com/	1969-12-31 23:59:59	Name: s_ppv Value: blog%253Alabs%253Aantimalware-research%253Adigitally-signed-rootkitsare-back-a-look-atfivesys-and-companions%2C32%2C32%2C1200%2C1%2C3

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://geolocation-db.com/json/ Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://sentry.nmbapp.net/api/226/store/?sentry_version=7&sentry_client=raven-js%2F3.27.2&sentry_key=99d7163a20d04f5280109760e2e1ea86 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
assets.adobedtm.com
bitdefender.demdex.net
blogapp.bitdefender.work
cm.everesttech.net
consent.cookiebot.com
consentcdn.cookiebot.com
dpm.demdex.net
edge.fullstory.com
fls.doubleclick.net
fonts.googleapis.com
fonts.gstatic.com
geolocation-db.com
googleads.g.doubleclick.net
idsync.rlcdn.com
in.hotjar.com
mid.rkdms.com
ml314.com
px.ads.linkedin.com
px4.ads.linkedin.com
rs.fullstory.com
script.hotjar.com
sentry.nmbapp.net
snap.licdn.com
sstats.bitdefender.com
starget.bitdefender.com
static.hotjar.com
sync.crwdcntrl.net
tag.demandbase.com
vars.hotjar.com
www.bitdefender.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
geolocation-db.com
sentry.nmbapp.net
108.128.120.92
108.174.10.14
13.224.94.108
13.224.94.115
13.224.94.118
13.224.94.124
13.224.94.39
13.36.218.177
142.250.185.130
142.250.186.102
2606:4700:3031::ac43:8d7f
2606:4700::6812:a8de
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:800::2008
2a00:1450:4001:802::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:812::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::2004
2a02:26f0:1700:781::f09
2a02:26f0:6c00:2a6::1e80
2a02:26f0:6c00::210:ba13
2a02:26f0:7100::687e:25b1
34.226.109.28
35.186.194.58
35.201.112.186
35.244.174.68
52.211.195.119
54.154.124.189
54.154.165.122
54.194.226.253
63.32.151.178
63.34.251.77
0297ba54fff0a052c5761457790e80dc093b93b152edee473485af46c022ad75
02e1c4508320ee6bc6b884c4de9a0d73e541b6735fa139cbd957a27f42c72140
0454df4848bf3395281ef4be4989da60737b013769300ff3a46d067dd0093398
08f286f95f075fed860429914ab750799becda340013640b56df16e1140e9260
0ba42fd044d01934a04dab350190eabdc79798d67a8c0237f6c3207edff78159
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
121d7327471295d2aa1878ef94c8ab756375856d08ae24d3df11fa549e241633
12f3a300c0e1986c56f2f186dfc63605f495e882996e2ea671050862e73c3c9c
1776651e4a3c9aeb0124d70ef86c2832dc6900251e7771124b482283256d710d
1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b
1ee5f7b094d98b34cd4ceca892f1ddbc501f44830edb892fb03ffaf18e6bc3bb
1f93261e6db2c54e59dd3384dbb44d59a47c0118c3526bec3a3e5f52925e5243
2202c4d20285e4859ee85d4e0cb1ef2816bedfb127e6505cf97f790ebf388db0
2c51837297bbcbd5bf37d277d31bce1884df71842600ed8ed36719d07a26df05
2fe1e5d88f1984ee5480c7a96fb0f0e115395c0137fd1ae24a42a4846cb6d949
3269900957596b797ed22998c3ecebc6d76fc59144716c4c196f33307627b776
336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c
33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61
345918ac49e929b4473abc5662491e2583de13ba9b4967fdc2c3fb10bad42e57
39460201a2bbb23db936ae22b4cb5d3f2d1d502b6d4054881f1400c900bbd3cc
40dbc3181f817a9cb12062ad8bc7fa1a7acdaf340a6b192b9a633e903b120bd9
43e8590e9574c075959f307b06c6089707927b5222f8855adbcb28aabc286867
4b0ca769395c7807c623e64dc4338fb5875522f4856c99293d16b19c8bf99dbd
4c65142bbf6d5f9d3ba699d382942003313c384f348b87098aa067d557256228
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
4f29b4389a6e08bf3ffcdfb097597d5621b4abac31a74f89c3fa3537dc428e68
4f64a69cb9ca7e38fd8f931dab77248f97e55d26bd48032523f661ccabf9ed45
50da0a45caa286f3feaca26be0d29e6984161f2d16364d34fab40a3245ddc604
526468e2761ea62dfe18b048c9f47ebfb026f1826fa87ff6151a0507c51ecb58
56bfa8e48186b823f5e56196a61182458e0968bdce3b4ba9b00d3d1d33c7127e
630704f204b4eb229b3099efbece0fdcc352461a582f879da98bf06b9900cec7
69ae95b7f73e2899d0c398ed4fb9faba242bbec4d0a58b182e4dd0e7808f01ac
6a326033cd4dc339c5df35a721871396f9ba3d2f003ff9ba27ff129cd933aed8
6bcc1fb91b5a336d809a81aa0eeb8000f6d94e2aa6b7e4972b40fdae250c4ed8
6c5553217c782b518e313cb40a8de37438437a417df3f61e0cf020eadfd64f15
6ca592fbf9a1c5c07371a818a71e847658b9a00d9797fade1bab265d353f938f
6e32f63dd434ba2ad979baf3505dd9799fdba147d42c741499570b0f89772485
71334b511b80d76d66fba3f0c142d758c0f0a0c45f329f7bd987d8536e8c7fd6
73ab4134891bc03f73ec07bb004c94aea2614dc964987c79a056202fdb5d94ec
73bc71a064b4ad9877832d035e22ad628e0f7b65bbcc0c4a03362d8fc5dd9d1a
74972ad3cb122fcad6d803479d4577adc67f1ffe63e7800398c074cbbd517428
78cc0c0aac90c165f26d09a518917dad0954f7e6d5a647a3bfc9a7ae6aea8bfd
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
81f29c0ca60c52cdb53cc8a1e6e938f8a3ccaef68968b0c8ed7b1ee5466ee60e
83a4f7d376db994e499b627611104adbe197dc7a8e5d4d1069abad0840d5d368
83c552e01c80588493e5c4fcdefce7f00cfbe8ef6f462f38425b218e69a9def9
8a6dd07e18b423b791404cd18e1ee9d6558c87616efa6550e06171747504c79c
95d238ddebd5c0c7b63f3d3c235cff439860f7406e98b997ec170c1072507b28
98ccd33e523985efa588344a13932892db38b1335243f989dd366450db8ea68d
a176b44662d7eb55562527b7df840e6eb620d9f326989674a16f0765dc94f360
a274dd3d80e88c7b7ec742422f85305c89f63195842f6cb955b8da91335bd368
ad74673605555b2b5c1dd3bbe3ba80b9a1302722938cab9173fb8a29aae9b556
ade4dafe1d99e85eeab3b6a1820928858d28749b4acf3d0bd2e7b88034353778
afc9ea91964f1089ed3afcc20604ffa0107862a6d992ddc37ae0d21afa441b70
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c23c4c166a748b73e19826d7a8aed00e962a6d56c8633b37a44a06c15b12d9f0
c3843320907494f7d2006acb67749810a3a7d13358e4e3cbad413c2071b9ae4c
c660fbb2eafabfce77b9c08b7203202a6f81dba21555196c56d1cbd433e75c4d
c72d06f598a03fc5ea94f19031891b97f4b4abb3a42fc94974cbe7ccd26dd6fd
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d47bcf54431b918d4b86953244677a675940b21844a2ac41bee9b690415eb0b1
d4c63296e9c874aa7d3c1e4fae89f4fbd0cf2c07e91cee2ee881d48656cbfbe0
d6c657dc58578e2e6dae931e5624201902296572803d41f5233edabcc322f22e
d9a46e66b96e693c44274b063fff34c7734f72d981bf9f53d44cda8a16b4db3c
da6315cea520fcb649981a935777e39cee2e73b93a4d013862753fffbbd6052c
dd8bce41d0be6d4e5449bef910b493bcf872a4189a361451102996bfe0082f3a
e1f98ccf79d380deb41bb2c3a281390b81ccee0e182e47827847a15a4f8e9411
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae
fe6ca05308b5bac925635c3cfa3eb50b8c1bd01ece66e45d40d1ab959fba457e
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3
feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9

www.bitdefender.com Open in urlscan Pro 2606:4700::6812:a8de Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

79 Requests

89 %HTTPS

41 %IPv6

25 Domains

36 Subdomains

29 IPs

4 Countries

3677 kBTransfer

5960 kBSize

40 Cookies

35 Outgoing links

Redirected requests

79 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bitdefender.com Open in urlscan Pro
2606:4700::6812:a8de Public Scan

Screenshot
Live screenshot

Full Image

79
Requests

89 %
HTTPS

41 %
IPv6

25
Domains

36
Subdomains

29
IPs

4
Countries

3677 kB
Transfer

5960 kB
Size

40
Cookies

79 HTTP transactions
5 data transactions