dfi.kaspersky.com Open in urlscan Pro
93.159.228.40  Public Scan

21 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

• https://cm.everesttech.net/cm/dd?d_uuid=38233754732638547623329176184043556425 HTTP 302
• https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zgy7FwAAAFPR3AOV

Request Chain 44

• https://12346775.fls.doubleclick.net/activityi;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kaspersky.com;u5=%2Fstealers;u6=;u7=42755324058471574882335531711313403923-undefined;u9=_stealers;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4410v9181803792za200;gcd=13l3lPl2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers HTTP 302
• https://12346775.fls.doubleclick.net/activityi;dc_pre=CKqfro78pIUDFUciBgAd8V8JZA;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kaspersky.com;u5=%2Fstealers;u6=;u7=42755324058471574882335531711313403923-undefined;u9=_stealers;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4410v9181803792za200;gcd=13l3lPl2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers

Request Chain 57

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1712110359737%26li_adsId%3D7e7d5c98-08bc-40a7-97bf-897af93bb76b%26url%3Dhttps%253A%252F%252Fdfi.kaspersky.com%252Fstealers%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true&liSync=true&e_ipv6=AQIHtJzTr5TGJQAAAY6hutZFK3bW5ENey53FnnQBj-v-QOu0Hdj54LhtWxzKAX75OCovKojgGRn911bCdATrivLLtW1z0A

Request Chain 65

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=1602FB9E8AA343DA89FFDAF727F7FABA&RedC=c.clarity.ms&MXFR=3C7ADFC999E36DC0231ECB9F9DE363C6 HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1602FB9E8AA343DA89FFDAF727F7FABA&MUID=0553461871476D390AA3524E702C6CD3

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request stealers Show response dfi.kaspersky.com/	701 KB 218 KB	300ms 138ms	Document text/html	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash ca17c668848089f2dbc9317f7e29046c44af9814d28291e766e5fd5a1471e23f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes content-encoding gzip content-security-policy frame-ancestors 'self'; content-type text/html date Wed, 03 Apr 2024 02:12:38 GMT etag "8028be4ed084da1:0" last-modified Tue, 02 Apr 2024 07:35:17 GMT referrer-policy no-referrer-when-downgrade server nginx strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding x-content-type-options nosniff x-frame-options SAMEORIGIN x-powered-by ASP.NET x-proxy msk2 x-request-id ec85e18e14be0cc1afa3628def7dc355 x-server MSK11 x-xss-protection 1; mode=block
GET H3	200	swiper-bundle.min.css cdnjs.cloudflare.com/ajax/libs/Swiper/9.3.2/	17 KB 5 KB	26ms 15ms	Stylesheet text/css	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/Swiper/9.3.2/swiper-bundle.min.css Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 55564d0504733b999d0cd481c189881f733b1a5b2984a4629af62d8cc495d895 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer Origin https://dfi.kaspersky.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:38 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1762145 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 4138 last-modified Sun, 07 Jan 2024 21:38:16 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "659b0bb8-102a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XAVGxhtVcUpZp5Oe1BZ2HNj4HbtKPMtHt4A2sNePLo85MQEWQ6hzduOcsvvL%2BNKg%2FRX6WTNTwHHikzrISFbm3Yr9kDXvxp7Rh57kIg77o7T4IW%2FdZutZEobGtbUIQjBwCAD%2FPaS%2B48o%2BJqRv8QY9oyWs"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 86e588eafb9b6ae1-FRA expires Mon, 24 Mar 2025 02:12:38 GMT
GET H2	200	style.min.css dfi.kaspersky.com/styles/	133 KB 22 KB	201ms 200ms	Stylesheet text/css	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/styles/style.min.css Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash f3be999e8706587bbcb995d55ea8576299a1a35111c24568b88592fdb24b23ab Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 21603 x-xss-protection 1; mode=block x-request-id 87f6544707174fb0bacda731dcfc851c referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:17 GMT server nginx etag "8028be4ed084da1:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css x-server MSK11 accept-ranges bytes
GET H2	200	forms2.min.js Show response go.kaspersky.com/js/forms2/js/	199 KB 67 KB	314ms 193ms	Script application/x-javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.kaspersky.com/js/forms2/js/forms2.min.js Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8 Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63113904 last-modified Tue, 05 Mar 2024 19:24:48 GMT server cloudflare cf-cache-status REVALIDATED etag "2c1aff-31af8-612eecb9f6000" vary Accept-Encoding content-type application/x-javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 86e588ebaca73a79-FRA expires Wed, 03 Apr 2024 06:12:38 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	540 KB 136 KB	38ms 18ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3 Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash b34fa1170a058cff27afa440e985bf5060df0081ce299299d888a7245cb85c77 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 138962 x-xss-protection 0 last-modified Wed, 03 Apr 2024 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 03 Apr 2024 02:12:38 GMT
GET H2	200	youtube.jpg dfi.kaspersky.com/images/	824 KB 826 KB	73ms 72ms	Image image/jpeg	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://dfi.kaspersky.com/images/youtube.jpg Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash afc4c52815ba0c430aa3ab1ce1a62b2bb560960fddfbb718a052b17e316d2167 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 844209 x-xss-protection 1; mode=block x-request-id a4604d41a5b13c82b18ce67616b88515 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:17 GMT server nginx etag "8028be4ed084da1:0" x-frame-options SAMEORIGIN content-type image/jpeg x-server MSK11 accept-ranges bytes
GET H2	200	polyfill.min.js Show response polyfill.io/v3/	104 B 418 B	78ms 30ms	Script text/javascript	2606:4700:3110::6812:3303 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://polyfill.io/v3/polyfill.min.js Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3110::6812:3303 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 06 Mar 2024 23:11:33 GMT server cloudflare age 2343665 vary User-Agent, Accept-Encoding access-control-allow-methods GET,HEAD,OPTIONS content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=604800 useragent_normaliser chrome/123.0.0 cf-ray 86e588ec8ecc5a9f-VIE expires Wed, 10 Apr 2024 02:12:38 GMT
GET H2	200	main.min.js Show response dfi.kaspersky.com/scripts/	15 KB 5 KB	132ms 131ms	Script application/javascript	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/scripts/main.min.js Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash 14beac4c110af88273721e805cfa776254c8d4e5ff7dbe525fe873d67a4eaa7a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 4219 x-xss-protection 1; mode=block x-request-id 863c7898ba47a47705efa9952c6b3d00 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:17 GMT server nginx etag "8028be4ed084da1:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript x-server MSK11 accept-ranges bytes
GET H2	200	css2 fonts.googleapis.com/	18 KB 1 KB	37ms 17ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Noto+Sans:wght@300;400;500;600;700;800&display=swap Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 8a38f4c032799f0cffb1c46442b455f99ca313bcd2fc7ba0bc46bcb925bf695a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 03 Apr 2024 02:12:38 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 03 Apr 2024 02:12:38 GMT
GET H2	200	css2 fonts.googleapis.com/	664 KB 183 KB	39ms 19ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Noto+Sans+SC:wght@300;400;500;600;700;800&display=swap Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash cdae38436b6fb2b82a0c5f0bcbd1303f076b9467bda97696409d2ccaf7bb48f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 03 Apr 2024 01:47:40 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 03 Apr 2024 02:12:38 GMT
GET H2	200	css2 fonts.googleapis.com/	676 KB 180 KB	48ms 28ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@300;400;500;600;700;800&display=swap Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 9280b2d4ff7e7b0a995ce0874ea46100ab07cd385fb1f6e6478bb72d36c048a9 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 03 Apr 2024 02:12:38 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 03 Apr 2024 02:12:38 GMT
GET H2	200	css2 fonts.googleapis.com/	26 KB 2 KB	38ms 18ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Noto+Kufi+Arabic:wght@300;400;500;600;700;800&display=swap Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b0aca4b6daebc7626d9bdc0b30404762ffecb13c294a78a9ec03a7709bdf5514 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 03 Apr 2024 02:12:38 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 03 Apr 2024 02:12:38 GMT
GET DATA	200 OK	truncated /	232 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3796008d21304f40387a4571ded7c4b7cbdab05bfa8de7cec82b352dab6b6d3d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	Kaspersky_Sans_Display_Regular.woff2 dfi.kaspersky.com/assets/fonts/	49 KB 49 KB	76ms 76ms	Font application/x-font-woff2	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/assets/fonts/Kaspersky_Sans_Display_Regular.woff2 Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash f453d7bb5a2e85607c6352d45c7a5be89c3baddd0e9a13ca99e42a27e046ae93 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css Origin https://dfi.kaspersky.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 49672 x-xss-protection 1; mode=block x-request-id 90608825cfe442d69a748e4ea5f1a827 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:13 GMT server nginx etag "80ce5b4cd084da1:0" x-frame-options SAMEORIGIN content-type application/x-font-woff2 x-server MSK11 accept-ranges bytes
GET H2	200	getForm Show response go.kaspersky.com/index.php/form/	38 KB 7 KB	723ms 723ms	Script application/javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.kaspersky.com/index.php/form/getForm?munchkinId=802-IJN-240&form=33508&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&callback=jQuery37107353795624527966_1712110358572&_=1712110358573 Requested by Host: go.kaspersky.com URL: https://go.kaspersky.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 97daefc645d58d00179a1929eb7bb739faed22138d1631cf71d0a2d2d15c0dc8 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare vary Accept-Encoding content-type application/javascript; charset=utf-8 x-form-service-request-id ca62#18ea1bad0ec x-marketo-source Form Service cf-ray 86e588ed5d8d3a79-FRA cached false
GET H2	200	notebook.jpg dfi.kaspersky.com/images/	146 KB 147 KB	71ms 71ms	Image image/jpeg	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://dfi.kaspersky.com/images/notebook.jpg Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash 9b574931018e051da6b9c9f8f26c832ec114df289fd98fa17b3eb3d1de40402b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 149491 x-xss-protection 1; mode=block x-request-id ce1d489e874661d95b4a5ad5bbaefc7f referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:15 GMT server nginx etag "80fb8c4dd084da1:0" x-frame-options SAMEORIGIN content-type image/jpeg x-server MSK11 accept-ranges bytes
GET H2	200	stealers.png dfi.kaspersky.com/images/	146 KB 146 KB	154ms 154ms	Image image/png	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://dfi.kaspersky.com/images/stealers.png Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash 8b1da80b707aff8c1f4436a53340bc3452343c1718698c28d73f7bb8274fba90 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 149135 x-xss-protection 1; mode=block x-request-id f730749a2dfa467334f642db951df1d7 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:16 GMT server nginx etag "092254ed084da1:0" x-frame-options SAMEORIGIN content-type image/png x-server MSK11 accept-ranges bytes
GET DATA	200 OK	truncated /	322 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95a89c70bd1763812c4c872ec59e5f6d0aa023ece9803367457b4cc5082d2981 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	stealers-violet.png dfi.kaspersky.com/images/	176 KB 177 KB	156ms 155ms	Image image/png	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://dfi.kaspersky.com/images/stealers-violet.png Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash e2e9f77aa87c36b0c39bfcd83f5c8e181d27fa31ac8df4bdead73a7ec48c526f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 180524 x-xss-protection 1; mode=block x-request-id b76591376b58557ae6d32071b82a9307 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:16 GMT server nginx etag "092254ed084da1:0" x-frame-options SAMEORIGIN content-type image/png x-server MSK11 accept-ranges bytes
GET H2	200	Kaspersky_Sans_Display_Medium.woff2 dfi.kaspersky.com/assets/fonts/	49 KB 49 KB	150ms 150ms	Font application/x-font-woff2	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/assets/fonts/Kaspersky_Sans_Display_Medium.woff2 Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash b1fc9738970b7946c95e587842c44cad8f82bc593006a87b9faa3378e91ca96e Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css Origin https://dfi.kaspersky.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 49824 x-xss-protection 1; mode=block x-request-id 82f97446c495a1236105b87a74727d09 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:13 GMT server nginx etag "80ce5b4cd084da1:0" x-frame-options SAMEORIGIN content-type application/x-font-woff2 x-server MSK11 accept-ranges bytes
GET H2	200	Kaspersky_Sans_Display_SemiBold.woff2 dfi.kaspersky.com/assets/fonts/	49 KB 49 KB	148ms 148ms	Font application/x-font-woff2	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/assets/fonts/Kaspersky_Sans_Display_SemiBold.woff2 Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash a3d602cb463bf851d1804c5b7fb88ea6884b7ddbe239c31789cc0c37fb81ccdb Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css Origin https://dfi.kaspersky.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 50056 x-xss-protection 1; mode=block x-request-id 15351bcf8ba03fcd5bc9d33c7ab65662 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:13 GMT server nginx etag "80ce5b4cd084da1:0" x-frame-options SAMEORIGIN content-type application/x-font-woff2 x-server MSK11 accept-ranges bytes
GET H2	200	Kaspersky_Sans_Display_Bold.woff2 dfi.kaspersky.com/assets/fonts/	49 KB 49 KB	149ms 149ms	Font application/x-font-woff2	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/assets/fonts/Kaspersky_Sans_Display_Bold.woff2 Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash 7ee5cd71bb444fcc52f4d9870470c9765f370af7d8d56112316d1da2c365096d Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css Origin https://dfi.kaspersky.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 50084 x-xss-protection 1; mode=block x-request-id 7953225be8168835588a36bf0db21af1 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:13 GMT server nginx etag "80ce5b4cd084da1:0" x-frame-options SAMEORIGIN content-type application/x-font-woff2 x-server MSK11 accept-ranges bytes
GET DATA	200 OK	truncated /	278 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a68e0f120bd8b0ca8bddac272bbc482266e44dcbda47138fab9560f65fd52b2f Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	phone-highlight.jpg dfi.kaspersky.com/images/	88 KB 89 KB	236ms 236ms	Image image/jpeg	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Show image Full URL https://dfi.kaspersky.com/images/phone-highlight.jpg Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/styles/style.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash 554f9ccf9fc10f2cc078bf6b41211a23e42a86c5d765fbf2efc4d2298601f426 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/styles/style.min.css accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy frame-ancestors 'self'; x-powered-by ASP.NET content-length 90280 x-xss-protection 1; mode=block x-request-id 078823fa927137048b93ab9c4c4ae4b3 referrer-policy no-referrer-when-downgrade last-modified Tue, 02 Apr 2024 07:35:15 GMT server nginx etag "80fb8c4dd084da1:0" x-frame-options SAMEORIGIN content-type image/jpeg x-server MSK11 accept-ranges bytes
GET H2	200	gtm.js Show response www.googletagmanager.com/	571 KB 149 KB	52ms 51ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash db3166400f226e0c1f1717176e7f970cf267e11076d83a5bcba81948504333af Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:38 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 151854 x-xss-protection 0 last-modified Wed, 03 Apr 2024 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 03 Apr 2024 02:12:38 GMT
GET H2	200	s_code_single_suite.js Show response media.kaspersky.com/tracking/omniture/	207 KB 52 KB	138ms 14ms	Script application/javascript	185.85.15.31 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 185.85.15.31 , Germany, ASN200107 (KL-EXT, CH), Reverse DNS Software / Kaspersky Labs, Kaspersky Labs Resource Hash b9ed169743c4b62c095af2dec6905add617b150a0028f71a7f0fffc0a61cebe5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff date Wed, 03 Apr 2024 02:12:38 GMT x-powered-by Kaspersky Labs, Kaspersky Labs alt-svc h3=":443"; ma=86400 content-length 52854 x-xss-protection 1; mode=block last-modified Mon, 18 Mar 2024 09:19:22 GMT server etag "049db5c1579da1:0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control max-age=3600 x-server fr2/FRA2 accept-ranges bytes
GET H3	200	destination Show response www.googletagmanager.com/gtag/	292 KB 98 KB	26ms 26ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=G-NSVBRC7S52&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 46d59b1cbe2f1dcf137b52c60ce03648b4680c754e0ecdd67d7d9de7909225ce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:38 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 100072 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Wed, 03 Apr 2024 02:12:38 GMT
GET H2	200	id Show response dpm.demdex.net/	368 B 917 B	91ms 32ms	XHR application/json	54.171.118.212 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1712110358868 Requested by Host: media.kaspersky.com URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.171.118.212 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-171-118-212.eu-west-1.compute.amazonaws.com Software / Resource Hash 9b7fd07921a339bf94ac9efafaf43120c24e87aa6c2ac3ea6930238ed1642ccb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers dcs dcs-prod-irl1-1-v059-08c4f078d.edge-irl1.demdex.com 2 ms pragma no-cache date Wed, 03 Apr 2024 02:12:38 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-tid IiJKzuRZQA8= vary Origin content-type application/json;charset=utf-8 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" access-control-allow-origin https://dfi.kaspersky.com cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private access-control-allow-credentials true content-length 311 expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	dest5.html kaspersky.demdex.net/ Frame D983	0 0	116ms 32ms	Document text/html	3.248.85.196 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://kaspersky.demdex.net/dest5.html?d_nsid=0 Requested by Host: media.kaspersky.com URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.248.85.196 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-248-85-196.eu-west-1.compute.amazonaws.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://dfi.kaspersky.com/stealers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private content-encoding gzip content-type text/html;charset=UTF-8 date Wed, 03 Apr 2024 02:12:39 GMT dcs dcs-prod-irl1-2-v059-04b8a9867.edge-irl1.demdex.com 0 ms expires Thu, 01 Jan 1970 00:00:00 UTC last-modified Tue, 2 Apr 2024 13:52:09 GMT p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" pragma no-cache strict-transport-security max-age=31536000; includeSubDomains vary accept-encoding x-tid ANZOxZI2RkI=
GET H2	200	id Show response otr.kaspersky.com/	48 B 461 B	78ms 19ms	XHR application/x-javascript	63.140.62.17 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://otr.kaspersky.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=42755324058471574882335531711313403923&ts=1712110358965 Requested by Host: media.kaspersky.com URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.62.17 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-62-17.data.adobedc.net Software jag / Resource Hash a83bbebe6c23beb47c11933d2f1a2aacf12454a4377f0178b2373e2c23da4f37 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Wed, 03 Apr 2024 02:12:39 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff server jag vary Origin content-type application/x-javascript;charset=utf-8 access-control-allow-origin https://dfi.kaspersky.com p3p CP="This is not a P3P policy" cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true content-length 48 x-xss-protection 1; mode=block
GET H2	200	ibs:dpid=411&dpuuid=Zgy7FwAAAFPR3AOV dpm.demdex.net/ Redirect Chain https://cm.everesttech.net/cm/dd?d_uuid=38233754732638547623329176184043556425 https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zgy7FwAAAFPR3AOV	42 B 717 B	32ms 31ms	Image image/gif	54.171.118.212 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zgy7FwAAAFPR3AOV Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Server 54.171.118.212 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-171-118-212.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://dfi.kaspersky.com/stealers User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers dcs dcs-prod-irl1-1-v059-072bcc2c6.edge-irl1.demdex.com 2 ms pragma no-cache date Wed, 03 Apr 2024 02:12:39 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-encoding gzip x-tid 82wakapSSIs= content-type image/gif p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private content-length 59 expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zgy7FwAAAFPR3AOV Date Wed, 03 Apr 2024 02:12:39 GMT Cache-Control no-cache Server AMO-cookiemap/1.1 Connection keep-alive Content-Length 0 P3P CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
GET H2	200	forms2.css go.kaspersky.com/js/forms2/css/	13 KB 3 KB	24ms 23ms	Stylesheet text/css	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.kaspersky.com/js/forms2/css/forms2.css Requested by Host: go.kaspersky.com URL: https://go.kaspersky.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Tue, 05 Mar 2024 19:24:48 GMT server cloudflare age 4891 etag "1e169e-3437-612eecb9f6000" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 86e588f1ef993a79-FRA content-length 2623 expires Wed, 03 Apr 2024 06:12:39 GMT
GET H2	200	forms2-theme-plain.css go.kaspersky.com/js/forms2/css/	828 B 374 B	20ms 20ms	Stylesheet text/css	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.kaspersky.com/js/forms2/css/forms2-theme-plain.css Requested by Host: go.kaspersky.com URL: https://go.kaspersky.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Tue, 05 Mar 2024 19:24:48 GMT server cloudflare age 4066 etag "1e16a1-33c-612eecb9f6000" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 86e588f1ef9a3a79-FRA content-length 246 expires Wed, 03 Apr 2024 06:12:39 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	48 KB 17 KB	331ms 103ms	Script application/javascript	2a02:26f0:3500:16::215:148d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 11 Mar 2024 16:03:53 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=15945 accept-ranges bytes content-length 17224
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	28 KB 9 KB	45ms 7ms	Script application/javascript	2a04:4e42:400::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Thu, 15 Feb 2024 20:38:48 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "9a680c8c475d8bba600d4d87b4fa7ee5" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 8702
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	46ms 31ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Wed, 03 Apr 2024 02:12:38 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 1AF10476070B413E864D703E820B9777 Ref B: FRAEDGE1521 Ref C: 2024-04-03T02:12:39Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H3	200	js Show response www.googletagmanager.com/gtag/	202 KB 73 KB	23ms 23ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=DC-12346775 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 1089164346553c54eede0904a4c3bbdee010237fa9f95ffefdbf93ab64c077e9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 74782 x-xss-protection 0 last-modified Wed, 03 Apr 2024 00:08:32 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 03 Apr 2024 02:12:39 GMT
GET H2	200	ktag.js Show response resources.xg4ken.com/js/v2/	9 KB 4 KB	140ms 30ms	Script application/javascript	52.31.52.189 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://resources.xg4ken.com/js/v2/ktag.js?tid=KT-N3AA7-3EE Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.31.52.189 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-52-189.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash 1b76ba575405d509e0623aad3080e3f8d793ab95767a01fc69b6a9744c0283b3 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip last-modified Tue, 30 Jan 2024 14:02:32 GMT server nginx etag "65b90178-dd8" content-type application/javascript cache-control max-age=86400, public content-length 3544 x-xss-protection 1; mode=block expires Thu, 04 Apr 2024 02:12:39 GMT
GET H2	200	tune.js Show response js.go2sdk.com/v2/	4 KB 4 KB	40ms 7ms	Script application/javascript	18.66.102.122 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.go2sdk.com/v2/tune.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.122 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-122.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 688ea52c7291b980af811cab2dfc8af5ebb15a01555ddc0f3f312db77b059b74 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id null date Tue, 02 Apr 2024 07:04:28 GMT via 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront) last-modified Mon, 04 Mar 2024 18:55:58 GMT server AmazonS3 x-amz-cf-pop FRA56-P2 age 68892 x-amz-server-side-encryption AES256 etag "3301ce2b9ef7fa3f72c5ae2b296d4ceb" x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 4142 x-amz-cf-id rEDS-crkIW9Xf6VDPSpL5w3hfuEnOmCRUWKFM89FZZJVPGoYVh6xFg==
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	218 KB 59 KB	23ms 9ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/stealers Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Wed, 03 Apr 2024 02:12:39 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58040 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1326, tbw=2796, tp=-1, tpl=-1, uplat=2, ullat=-1 pragma public x-fb-debug YCLmfIjkbktStotjqtRwP2Ig3haWdOHFPcAQCMP3nke1YI3pr2VOLapLEOIkqxKgVNTxy+MJODbVC2XWtwky+A== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ track.omguk.com/e/qi/	823 B 1 KB	114ms 38ms	Image image/gif	18.200.123.210 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://track.omguk.com/e/qi/?action=Content&MID=2325304&PID=53195&ref=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers& Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.200.123.210 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-200-123-210.eu-west-1.compute.amazonaws.com Software / Resource Hash 0e9946930825f59fa538bd840a51c3fb376bc566cf6b50c070805f30ccff7e71 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT strict-transport-security max-age=31536000; includeSubDomains last-modified Wed, 20 Mar 2024 12:18:36 GMT accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version etag W/"337-18e5bcc8d60" vary accept-encoding content-type image/gif access-control-allow-origin * p3p CP="ALL CURa ADMa DEVa TAIa PSAa PSDa OUR BUS IND UNI COM NAV INT" cache-control no-store, no-cache accept-ranges bytes content-length 823 x-xss-protection 1; mode=block
GET DATA	200 OK	truncated /	251 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f452a175c8e7d747564666c01dbfe70167c9d7086d2e91cae1eaf6855d4ee62a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	404	favicon-32x32.png dfi.kaspersky.com/favicon/	1 KB 997 B	71ms 70ms	Other text/html	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/favicon/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:39 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip server nginx x-powered-by ASP.NET vary Accept-Encoding content-type text/html x-server MSK11 x-request-id 4388cc9fa0cc0239a8e5970d56bb2ab2
GET H2	200	XDFrame Show response go.kaspersky.com/index.php/form/ Frame 799B	2 KB 744 B	183ms 183ms	Document text/html	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.kaspersky.com/index.php/form/XDFrame Requested by Host: go.kaspersky.com URL: https://go.kaspersky.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9b900a586951dae4aa4a15e85dba41962a6ca65c54010c1a7353fea60f8e0411 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://dfi.kaspersky.com/stealers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control max-age=3600 cf-cache-status DYNAMIC cf-ray 86e588f28ffa3a79-FRA content-encoding gzip content-type text/html; charset=utf-8 date Wed, 03 Apr 2024 02:12:39 GMT server cloudflare vary Accept-Encoding x-content-type-options nosniff
GET H3	200	api.js Show response www.google.com/recaptcha/	1 KB 873 B	69ms 53ms	Script text/javascript	2a00:1450:4001:810::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?onload=onloadCallback Requested by Host: dfi.kaspersky.com URL: https://dfi.kaspersky.com/scripts/main.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 9322f9617f3b930401cf51da5a1ac29bb6c17e647d9ec4c7ef44b465722594c6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Wed, 03 Apr 2024 02:12:39 GMT
GET H2	200	activityi;dc_pre=CKqfro78pIUDFUciBgAd8V8JZA;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kaspersky.com;u5=%2Fstealers;u6=;u7=4275... 12346775.fls.doubleclick.net/ Frame 7C81 Redirect Chain https://12346775.fls.doubleclick.net/activityi;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kaspersky.com;u5=%2Fstealers;u6=;u7=4... https://12346775.fls.doubleclick.net/activityi;dc_pre=CKqfro78pIUDFUciBgAd8V8JZA;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kas...	0 0	19ms 19ms	Document text/html	142.250.184.198 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://12346775.fls.doubleclick.net/activityi;dc_pre=CKqfro78pIUDFUciBgAd8V8JZA;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kaspersky.com;u5=%2Fstealers;u6=;u7=42755324058471574882335531711313403923-undefined;u9=_stealers;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4410v9181803792za200;gcd=13l3lPl2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=DC-12346775 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.198 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f6.1e100.net Software cafe / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://dfi.kaspersky.com/stealers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-encoding br content-length 691 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Wed, 03 Apr 2024 02:12:39 GMT expires Wed, 03 Apr 2024 02:12:39 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe strict-transport-security max-age=21600 timing-allow-origin * x-content-type-options nosniff x-xss-protection 0 Redirect headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Wed, 03 Apr 2024 02:12:39 GMT expires Fri, 01 Jan 1990 00:00:00 GMT follow-only-when-prerender-shown 1 location https://12346775.fls.doubleclick.net/activityi;dc_pre=CKqfro78pIUDFUciBgAd8V8JZA;src=12346775;type=globalc;cat=globa0;ord=6202339351310;npa=1;auiddc=1425264878.1712110359;u1=B2C;u2=en_IE;u4=dfi.kaspersky.com;u5=%2Fstealers;u6=;u7=42755324058471574882335531711313403923-undefined;u9=_stealers;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4410v9181803792za200;gcd=13l3lPl2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers? p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" pragma no-cache server cafe strict-transport-security max-age=21600 timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H2	200	t2_snpe1bff_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	26ms 13ms	XHR application/json	2a04:4e42:400::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_snpe1bff_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 98
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	30ms 7ms	Image image/gif	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1712110359473&id=t2_snpe1bff&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e075765e-f0e6-4140-86cb-0b173fdeb009&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	5039146.js Show response bat.bing.com/p/action/	4 KB 2 KB	32ms 32ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/5039146.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e6d00d30f59b20ec5d1c2682803a7851d720dac150d0ac956e28d8523403ec22 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Wed, 03 Apr 2024 02:12:38 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 02E91797E75B4F71B592FAC6050D8EE9 Ref B: FRAEDGE1521 Ref C: 2024-04-03T02:12:39Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=60
GET H2	204	0 bat.bing.com/action/	0 284 B	29ms 29ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=5039146&Ver=2&mid=4daee92f-815b-4347-894e-15c046ec418c&sid=a56f0f90f15f11ee83c1c321aabada42&vid=a56f1e20f15f11eead112575da73ce48&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=800&sh=600&sc=24&tl=Kaspersky%20Digital%20Footprint%20Intelligence&p=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&r=&lt=1448&evt=pageLoad&sv=1&rn=54460 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 03 Apr 2024 02:12:38 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 4D27355285EF4A579715801A52D1E8E8 Ref B: FRAEDGE1521 Ref C: 2024-04-03T02:12:39Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	839281392784015 Show response connect.facebook.net/signals/config/	66 KB 14 KB	109ms 108ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/839281392784015?v=2.9.151&r=stable&domain=dfi.kaspersky.com&hme=8ce74e881727851b4427183947937854816d72704925561b9de6420cd43214ee&ex_m=66%2C111%2C98%2C102%2C57%2C3%2C92%2C65%2C15%2C90%2C83%2C48%2C50%2C157%2C160%2C171%2C167%2C168%2C170%2C28%2C93%2C49%2C72%2C169%2C152%2C155%2C164%2C165%2C172%2C120%2C14%2C47%2C176%2C175%2C122%2C17%2C32%2C36%2C1%2C40%2C61%2C62%2C63%2C67%2C87%2C16%2C13%2C89%2C86%2C85%2C99%2C101%2C35%2C100%2C29%2C25%2C153%2C156%2C129%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C53%2C58%2C60%2C70%2C94%2C26%2C71%2C8%2C7%2C75%2C45%2C20%2C96%2C95%2C9%2C19%2C18%2C77%2C82%2C44%2C43%2C81%2C37%2C39%2C80%2C52%2C78%2C31%2C41%2C34%2C69%2C0%2C88%2C4%2C84%2C76%2C79%2C2%2C33%2C59%2C38%2C97%2C42%2C74%2C64%2C103%2C56%2C55%2C30%2C91%2C54%2C51%2C46%2C73%2C68%2C23%2C104 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash c2f92fae72f0e1b88b85248e1e727dfa4d0ae482355eab99b90227b5be8a731d Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Wed, 03 Apr 2024 02:12:39 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=10, rtx=0, c=64, mss=1326, tbw=63167, tp=-1, tpl=-1, uplat=102, ullat=0 pragma public x-fb-debug Ba3pCZV+2NTZMdzhDnT1DHNKAvbydEasehRaiBABC8kTL98YcI/jmaYAuShRo242So4Pjb6mXP9lbGxbI+YJsw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	404	favicon-16x16.png dfi.kaspersky.com/favicon/	1 KB 996 B	74ms 73ms	Other text/html	93.159.228.40 KL-EXT
General Check archive.org Show headers Download Go to Full URL https://dfi.kaspersky.com/favicon/favicon-16x16.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.159.228.40 , Russian Federation, ASN200107 (KL-EXT, CH), Reverse DNS Software nginx / ASP.NET Resource Hash dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-proxy msk2 date Wed, 03 Apr 2024 02:12:39 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip server nginx x-powered-by ASP.NET vary Accept-Encoding content-type text/html x-server MSK11 x-request-id 1526ed781c2ab903060164950272f016
GET H2	200	5039146 Show response www.clarity.ms/tag/uet/	839 B 1 KB	684ms 205ms	Script application/x-javascript	13.107.246.45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/uet/5039146?insights=1 Requested by Host: bat.bing.com URL: https://bat.bing.com/p/action/5039146.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash f29f43aa1c1d8a73bf5522e8a78ecb5b6899b77131c67e0825f5c63726443c53 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Wed, 03 Apr 2024 02:12:40 GMT x-azure-ref 20240403T021240Z-n3rc6db1bx09z2dfgtw27y2ysn0000000atg00000000cmks x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 839 request-context appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/	502 KB 201 KB	32ms 7ms	Script text/javascript	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers Origin https://dfi.kaspersky.com accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Apr 2024 14:10:04 GMT content-encoding gzip x-content-type-options nosniff age 43355 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 204859 x-xss-protection 0 last-modified Mon, 25 Mar 2024 04:00:24 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 02 Apr 2025 14:10:04 GMT
GET H3	200	anchor www.google.com/recaptcha/api2/ Frame CF54	0 0	75ms 63ms	Document text/html	2a00:1450:4001:810::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf2eUQUAAAAAC-GQSZ6R2pjePmmD6oA6F_3AV7j&co=aHR0cHM6Ly9kZmkua2FzcGVyc2t5LmNvbTo0NDM.&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=b4w6p5aflnve Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-UoqvkbFaImJ7UnpJNorGlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://dfi.kaspersky.com/stealers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-UoqvkbFaImJ7UnpJNorGlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Wed, 03 Apr 2024 02:12:39 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	/ www.facebook.com/tr/	0 273 B	22ms 7ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=839281392784015&ev=PageView&dl=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&rl=&if=false&ts=1712110359605&sw=800&sh=600&v=2.9.151&r=stable&ec=0&o=4126&fbp=fb.1.1712110359603.295267323&cs_est=true&ler=empty&cdl=API_unavailable&it=1712110359485&coo=false&eid=1712110358240.1&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1326, tbw=2768, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Wed, 03 Apr 2024 02:12:39 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	forms2.min.js Show response go.kaspersky.com/js/forms2/js/ Frame 799B	199 KB 66 KB	21ms 21ms	Script application/x-javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.kaspersky.com/js/forms2/js/forms2.min.js Requested by Host: go.kaspersky.com URL: https://go.kaspersky.com/index.php/form/XDFrame Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8 Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://go.kaspersky.com/index.php/form/XDFrame accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63113904 last-modified Tue, 05 Mar 2024 19:24:48 GMT server cloudflare cf-cache-status HIT age 1 etag "2c1aff-31af8-612eecb9f6000" vary Accept-Encoding content-type application/x-javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 86e588f3b8883a79-FRA expires Wed, 03 Apr 2024 06:12:39 GMT
GET H2	200	collect Show response sgtm.kaspersky.com/g/	1023 B 1 KB	92ms 56ms	XHR text/plain	2001:4860:4802:38::15 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://sgtm.kaspersky.com/g/collect?v=2&tid=G-NSVBRC7S52&gtm=45je4410v879891882z871206015za200&_p=1712110358240&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=677981544.1712110360&ecid=95512711&ul=en-us&sr=800x600&_fplc=0&ur=DE-HE&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&sst.uc=DE&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13l3lPl2l1&sst.tft=1712110358240&sst.ude=0&_s=1&sid=1712110359&sct=1&seg=0&dl=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&dt=Kaspersky%20Digital%20Footprint%20Intelligence&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&ep.pageType=default&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=en-global&ep.pageName=websites%20%3E%20stealers&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=42755324058471574882335531711313403923&ep.dateStringISO=2024-04-03T02%3A12%3A39.672Z&ep.event_id=1712110358240.1&tfd=1765&richsstsse Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=G-NSVBRC7S52&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash 6373c55ba8abee2785144fc475f2af33ef000da9e76fbbf4ce4e5409b85a34a2 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT content-encoding gzip x-content-type-options nosniff via 1.1 google vary Accept-Encoding content-type text/plain access-control-allow-origin https://dfi.kaspersky.com cache-control no-cache access-control-allow-credentials true
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1712110359737%26li_adsId%3D7e7d5c98-08bc-40a7-97bf-897af93bb76b%26... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true&liSync=tru...	0 265 B	135ms 108ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true&liSync=true&e_ipv6=AQIHtJzTr5TGJQAAAY6hutZFK3bW5ENey53FnnQBj-v-QOu0Hdj54LhtWxzKAX75OCovKojgGRn911bCdATrivLLtW1z0A Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://dfi.kaspersky.com/stealers User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers date Wed, 03 Apr 2024 02:12:39 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 483710B9BB444F2FAA3E16C2A8CE3405 Ref B: FRAEDGE1407 Ref C: 2024-04-03T02:12:40Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAYVJ8HW8nNUFmlruPSJbQ== Redirect headers date Wed, 03 Apr 2024 02:12:39 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 4BE3D80CDF114440B3D703793BA9C76F Ref B: FRAEDGE1513 Ref C: 2024-04-03T02:12:40Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1712110359737&li_adsId=7e7d5c98-08bc-40a7-97bf-897af93bb76b&url=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cookiesTest=true&liSync=true&e_ipv6=AQIHtJzTr5TGJQAAAY6hutZFK3bW5ENey53FnnQBj-v-QOu0Hdj54LhtWxzKAX75OCovKojgGRn911bCdATrivLLtW1z0A x-li-proto http/2 content-length 0 x-li-uuid AAYVJ8HU4bin/VzU+/tgpQ==
GET H2	200	s83046879156993 otr.kaspersky.com/b/ss/kaspersky-single-suite/1/JS-2.22.3/	43 B 308 B	19ms 19ms	Image image/gif	63.140.62.17 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://otr.kaspersky.com/b/ss/kaspersky-single-suite/1/JS-2.22.3/s83046879156993?AQB=1&ndh=1&pf=1&t=3%2F3%2F2024%204%3A12%3A39%203%20-120&mid=42755324058471574882335531711313403923&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20stealers&g=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&cc=USD&ch=websites&server=dfi.kaspersky.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=default&l2=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&c3=b2c&v3=websites%20%3E%20stealers&v9=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&c20=%5BNULL%5D&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20240312%3A315%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fdfi.kaspersky.com%2Fstealers&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=en-global&v57=D%3Dc57&c58=Kaspersky%20Digital%20Footprint%20Intelligence&v71=v1%3APage%20View%3A%5BNULL%5D&v113=42755324058471574882335531711313403923&v116=%5BNULL%5D&s=800x600&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1113&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.62.17 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-62-17.data.adobedc.net Software jag / Resource Hash a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 03 Apr 2024 02:12:39 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Thu, 04 Apr 2024 02:12:39 GMT server jag etag 3676729000301101056-4618034330674935665 vary * p3p CP="This is not a P3P policy" access-control-allow-origin * content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0, no-transform, private content-length 43 x-xss-protection 1; mode=block expires Tue, 02 Apr 2024 02:12:39 GMT
GET H2	204	collect region1.analytics.google.com/g/s/	0 210 B	77ms 51ms	Image text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://region1.analytics.google.com/g/s/collect?dma=1&dma_cps=sypham&gtm=45j91e4410h2v879891882z871206015z9857145737za200&_gsid=NSVBRC7S52A6B-yOgkSJ_a83EALdYoAw Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 03 Apr 2024 02:12:39 GMT server Golfe2 content-type text/plain access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	32ms 18ms	Image image/gif	2a00:1450:4001:81d::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-NSVBRC7S52&cid=677981544.1712110360&gtm=45j91e4410h2v879891882z871206015z9857145737za200&aip=1&z=630696973 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 03 Apr 2024 02:12:39 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	204	collect stats.g.doubleclick.net/g/	0 210 B	63ms 21ms	Image text/plain	2a00:1450:400c:c00::9b GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://stats.g.doubleclick.net/g/collect?v=2&dma=1&dma_cps=sypham&tid=G-NSVBRC7S52&cid=677981544.1712110360&gtm=45j91e4410h2v879891882z871206015z9857145737za200&aip=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 03 Apr 2024 02:12:39 GMT server Golfe2 content-type text/plain access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	_set_cookie sgtm.kaspersky.com/	48 B 48 B	24ms 23ms	Image image/gif	2001:4860:4802:38::15 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://sgtm.kaspersky.com/_set_cookie?val=0eTYxIGDQHtDZx6pUtWB%2Fv7%2BY2b%2F8frFp1%2BjUR0GAyD1pizknbJ8RATA4%2FIZzxWwtW4aQUEkb%2FSpoK66hOZe91B6A%2FmzYyZKRnivw60jQjaqmjkCIduGm50nc%2BtsQoZN2707WQHHstmr40DuaEkNvQGjvygnH%2BgaE5TGmqeQc8wsA5LGBg%2F8U0YN3y6d6G1UDb7%2BpWX2IeuP3Q%3D%3D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT via 1.1 google content-type image/gif
GET H3	200	bframe www.google.com/recaptcha/api2/ Frame AA9D	0 0	59ms 59ms	Document text/html	2a00:1450:4001:810::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6Lf2eUQUAAAAAC-GQSZ6R2pjePmmD6oA6F_3AV7j Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-POrYPtkg27AKTkVjQoj39g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://dfi.kaspersky.com/stealers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language de-DE,de;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-POrYPtkg27AKTkVjQoj39g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Wed, 03 Apr 2024 02:12:39 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.26/	60 KB 25 KB	73ms 72ms	Script application/javascript	13.107.246.45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.26/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/uet/5039146?insights=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:40 GMT content-encoding br last-modified Mon, 01 Apr 2024 13:40:06 GMT etag W/"0x8DC52513DD96806" vary Accept-Encoding x-azure-ref 20240403T021240Z-n3rc6db1bx09z2dfgtw27y2ysn0000000atg00000000cmkx content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id c19ef472-e01e-003c-4b4e-84071c000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=1602FB9E8AA343DA89FFDAF727F7FABA&RedC=c.clarity.ms&MXFR=3C7ADFC999E36DC0231ECB9F9DE363C6 https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1602FB9E8AA343DA89FFDAF727F7FABA&MUID=0553461871476D390AA3524E702C6CD3	42 B 440 B	76ms 76ms	Image image/gif	68.219.88.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1602FB9E8AA343DA89FFDAF727F7FABA&MUID=0553461871476D390AA3524E702C6CD3 Protocol H2 Server 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers accept-language de-DE,de;q=0.9 Referer https://dfi.kaspersky.com/stealers User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers pragma no-cache date Wed, 03 Apr 2024 02:12:40 GMT last-modified Fri, 01 Mar 2024 22:54:48 GMT server Microsoft-IIS/10.0 etag "3e26b762b6cda1:0" x-powered-by ASP.NET content-type image/gif p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" cache-control private, no-cache, proxy-revalidate, no-store accept-ranges bytes content-length 42 Redirect headers pragma no-cache date Wed, 03 Apr 2024 02:12:39 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 06FBC2E392E041DFB7FD40BFF4837388 Ref B: FRAEDGE1521 Ref C: 2024-04-03T02:12:40Z x-powered-by ASP.NET x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1602FB9E8AA343DA89FFDAF727F7FABA&MUID=0553461871476D390AA3524E702C6CD3 cache-control private, no-cache, proxy-revalidate, no-store content-length 0
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 196 B	109ms 109ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://dfi.kaspersky.com/stealers sec-ch-ua-platform "Win32" Response headers date Wed, 03 Apr 2024 02:12:39 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 9FDE794509DE48D283A1E1A780CA58E9 Ref B: FRAEDGE1513 Ref C: 2024-04-03T02:12:40Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 access-control-allow-origin https://dfi.kaspersky.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYVJ8HYwNMYx/IzDlywgQ==
POST H/1.1	204 No Content	collect Show response h.clarity.ms/	0 297 B	839ms 351ms	XHR text/plain	52.224.31.34 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://h.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.26/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.224.31.34 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Accept application/x-clarity-gzip Referer https://dfi.kaspersky.com/stealers accept-language de-DE,de;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://dfi.kaspersky.com Date Wed, 03 Apr 2024 02:12:41 GMT Access-Control-Allow-Credentials true Server nginx/1.18.0 (Ubuntu) Connection keep-alive Vary Origin Request-Context appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8