forums.malwarebytes.com Open in urlscan Pro
18.67.76.98  Public Scan

111 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2594100%26time%3D1699483098641%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.com%252Ftopic%252F296579-what-is-r20rs6net-and-how-can-i-stop-it%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAkDbY-znLJgAAAYuxFiBnebvsxGGeRiQDhaTM2lR1mymUjRJwOncojZr5-mzDq5YSOg

Request Chain 65

• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715207898&external_user_id=2c49bafa-793b-4640-a667-e52ec2998d35 HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715207898&external_user_id=2c49bafa-793b-4640-a667-e52ec2998d35&C=1

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/	219 KB 30 KB	210ms 65ms	Document text/html	18.67.76.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.67.76.98 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-67-76-98.iad89.r.cloudfront.net Software Apache / Resource Hash a0b440a9152307dff685570dfca5cb6ac12d92e859041be87324bf258c75a9cc Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language en-US,en;q=0.9 Response headers age 515 alt-svc h3=":443"; ma=86400 cache-control no-cache="Set-Cookie", max-age=900, public, s-maxage=900, stale-while-revalidate, stale-if-error content-encoding gzip content-length 29789 content-security-policy frame-ancestors 'self' content-type text/html;charset=UTF-8 date Wed, 08 Nov 2023 22:29:42 GMT expires Wed, 08 Nov 2023 22:44:42 GMT last-modified Wed, 08 Nov 2023 22:29:42 GMT referrer-policy strict-origin-when-cross-origin server Apache strict-transport-security max-age=31536000 vary Cookie,Accept-Encoding via 1.1 cfb94084ba0615910dd15548de7c4c5e.cloudfront.net (CloudFront) x-amz-cf-id ny85eZ2iWCZdEMhCwJ-Zqxqj--ESQ8KizbkbFcwMPMUyze9Abhs0tw== x-amz-cf-pop IAD89-P2 x-cache Hit from cloudfront x-content-security-policy frame-ancestors 'self' x-content-type-options nosniff x-frame-options sameorigin x-ips-loggedin 0 x-xss-protection 0
GET H2	200	fontawesome-webfont.woff2 forums.malwarebytes.com/applications/core/interface/font/	75 KB 76 KB	60ms 57ms	Font text/plain	18.67.76.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/applications/core/interface/font/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.67.76.98 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-67-76-98.iad89.r.cloudfront.net Software Apache / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Origin https://forums.malwarebytes.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 14:38:07 GMT via 1.1 cfb94084ba0615910dd15548de7c4c5e.cloudfront.net (CloudFront) x-content-type-options nosniff last-modified Wed, 01 Nov 2023 16:21:37 GMT server Apache x-amz-cf-pop IAD89-P2 age 28810 etag "12d68-60919aa582640" x-cache Hit from cloudfront accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 77160 x-amz-cf-id YC-U-dCXItw_ihrXMxCSz8fjOTScWz1fed8W2cP9O54Y1u0cGwV5bg==
GET H2	200	css2 fonts.googleapis.com/	11 KB 1 KB	260ms 95ms	Stylesheet text/css	2607:f8b0:4020:807::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a5a263756e794d5ad9a686025bb4174bd55dbbca9635748b247a8a527e89354c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Wed, 08 Nov 2023 22:38:17 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 08 Nov 2023 21:25:39 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 08 Nov 2023 22:38:17 GMT
GET H2	200	341e4a57816af3ba440d891ca87450ff_framework.css.gz content.invisioncic.com/Mmalware/css_built_28/	323 KB 60 KB	259ms 83ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/341e4a57816af3ba440d891ca87450ff_framework.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2bfdaeb15e93857db647a5a3af0a72148b4b9a22fb290700b9b83a222e15e8c2 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id LCAzIda3x5Ctv1Vppj7kCEN_9SMVxdoO x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 61281 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "1f275f8adb7c3d217c607fdea0f2c120" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id DMyZrJS3kIarcybDMzbULIzI-rUke2S0ORh5wF8CHBR62aJaX-0f5A==
GET H2	200	05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	35 KB 7 KB	336ms 160ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5008d5e9bd10eea3c48217fc3a797895a56aadb808b04dda8381dd35e6544f22 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id blHrcsutLIzrqmdON_6WKM_vZwgw8xD9 x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 6713 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "662c81ff9a5b04e3eec6773ca9dbad1d" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id SXzUVlkAv57yA7L_aBo06SZAzkOstzM3rSTNNhGqy2v11kQaDYL-Vg==
GET H2	200	90eb5adf50a8c640f633d47fd7eb1778_core.css.gz content.invisioncic.com/Mmalware/css_built_28/	23 KB 7 KB	341ms 165ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/90eb5adf50a8c640f633d47fd7eb1778_core.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3ae5ab098202acd01f279225307c0169371d46da3b73e41d3e0e431a97336447 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id CHLP_Yp0TjuGHpA54joFHbvb4KpB_aKk x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 6425 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "2e65e6540e6b090e2a588cccb9907c02" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id pU7HsaYMoYI6EFQJ4FKg603f9tekWTJd8mxOAPpWw-OIh55URZhuqg==
GET H2	200	5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	5 KB 2 KB	248ms 73ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ae9d33c675a45f0263ac186920780ef9593f2f0fc05ce203a1ed786be7afe5e2 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id .FPTHWN9HBaA1Zow19sorpiwnbLmOMGI x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1212 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "3d62088babca9778cf21f3c4cc40957a" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id s3uJFLfKsctqJcS1v8T0Rh6RqkYvTR7fGfIMs90ik000wj0K1RSOYg==
GET H2	200	62e269ced0fdab7e30e026f1d30ae516_forums.css.gz content.invisioncic.com/Mmalware/css_built_28/	15 KB 4 KB	243ms 68ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/62e269ced0fdab7e30e026f1d30ae516_forums.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f0c356b5f4faa7b2414c815d215d5b5b2078b4801a79bbd9f1d189b34cbb9c71 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id az.XWeP4GGhbUO7MHbc4kWMEVPupO.rk x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 3753 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "706fe1e41b54986ee75c962074e5f28a" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id o0eQoxUGvQCCNy6PBtJm6USgUr-yyrsv9WWhGFYtxCo9G0yq1aY0Xw==
GET H2	200	76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	6 KB 2 KB	245ms 71ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1099b3d49cec3d8e97ac307dd1db309dc9af5aa69c134db3cfd7d90eafb8df9c Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id .QY8tom706yWsfGHb5f7F5HRPyoo97ns x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1408 last-modified Mon, 06 Nov 2023 21:19:45 GMT server AmazonS3 etag "f6b69720d18ae8c6c450207ae7812092" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id SGiCyb6BDT9OvfmPOr-Of7tMQXfh-0Hfciah3cPBpNly4OzPWkNueg==
GET H2	200	ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz content.invisioncic.com/Mmalware/css_built_28/	3 KB 1 KB	243ms 69ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9bde20f23db841b077e3392fb8fbaac4c6fe1392bfd7b8f0947e3ee32f41f6d0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:25:30 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id 9Nk44EudYi1Qy3OOBkBIR.sob8pvFi.b x-amz-cf-pop IAD61-P2 age 177168 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 927 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "179f44143d9f001cfe0953cddb82c253" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id IDH5FdRDEJ1uxeHA12Ewo8csSMDxqT6RmqLxXZzYjtGvHT0dPl09fA==
GET H2	200	258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz content.invisioncic.com/Mmalware/css_built_28/	887 B 934 B	240ms 66ms	Stylesheet text/css	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz?v=d815db93211699305582 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3001a3960df32de0715d410de98ec7a468c546e5c6ddf98b2bcaef28666e32af Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 21:23:46 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id feDfUlfFp8Tx6TPy5fUjbayPOstwJumD x-amz-cf-pop IAD61-P2 age 177272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 447 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "d4600f2fa1dbbd939fdb12b5e8a7b238" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id -pDkLJtQGYy-7jS0DF-ZKitIKpnWSaqYMi4XckYZDz9m5Ld-OoS27Q==
GET H2	200	465b3333c9d56ad091e82c4b2597c6d0_x.svg content.invisioncic.com/Mmalware/set_resources_28/	433 B 905 B	269ms 268ms	Image image/svg+xml	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/set_resources_28/465b3333c9d56ad091e82c4b2597c6d0_x.svg Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 10133d36ecdb84d3cd6f36c6727e826340e3621cd8408503c710c5fab62defde Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 23:02:53 GMT x-amz-version-id Zitf71DbZWbyB5ZsmXp1R4Ev_HCVToLg via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-cf-pop IAD61-P2 age 171325 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 433 last-modified Mon, 06 Nov 2023 21:19:31 GMT server AmazonS3 etag "cd8f8fc706ea872ac4043d1e9fb1cd06" content-type image/svg+xml cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id lxqUsF2U5OcFgGbGP3_FmsFjrkgI__dabiMYrD2qAD9P89OwJr-6Vg==
GET H2	200	CONS_PCmag_728x90(2).png.a0d9100fc3a050421e4995c35809d97e.png content.invisioncic.com/Mmalware/monthly_2023_06/	72 KB 73 KB	162ms 158ms	Image image/png	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2023_06/CONS_PCmag_728x90(2).png.a0d9100fc3a050421e4995c35809d97e.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9a93b047487342d9f08f0d604599e2d54aeb278755127ceff698ce0a5d1043ed Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:06:36 GMT x-amz-version-id 0AR2e8tuOB4V_gTISoYljYriDEgWqI_M via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-cf-pop IAD61-P2 age 246702 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 73834 last-modified Wed, 07 Jun 2023 21:27:44 GMT server AmazonS3 etag "a2c3598c4cd0ea3f73904ea12c8b0129" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id onj41BazihC_dyknMYsTE5vNYrQdgvF9cgJbzrDTgTqhvjYU3KgrVw==
GET H2	200	2023-04-04_16-40-48.jpg.4188833ad11f6ff58e189f0d12721da3.jpg content.invisioncic.com/Mmalware/monthly_2023_04/	10 KB 11 KB	139ms 135ms	Image image/jpeg	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2023_04/2023-04-04_16-40-48.jpg.4188833ad11f6ff58e189f0d12721da3.jpg Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 970d42fe59f9f3c38ee8f397683b0fbb0210ddc078c5d2f5e5a21f4d38cfadd4 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Tue, 07 Nov 2023 17:28:59 GMT x-amz-version-id B4AmrXX.kbdrxGssW2ShFYe8t2znCjvZ via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-cf-pop IAD61-P2 age 104958 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 10526 last-modified Tue, 04 Apr 2023 22:43:12 GMT server AmazonS3 etag "85c7049d7314662293ffe2c92eec53c0" content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id N04whLZb4eZvi1D_ysD5qpmdryaHZGQA3CzE-1el9ojjJoTXAz7E9Q==
GET H2	200	2023-04-04_16-47-10.jpg.176efc884900870e39db055f93234d59.jpg content.invisioncic.com/Mmalware/monthly_2023_04/	50 KB 51 KB	195ms 191ms	Image image/jpeg	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2023_04/2023-04-04_16-47-10.jpg.176efc884900870e39db055f93234d59.jpg Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 98be00e0063574519abfd78aa55e7d0deeb1820d32d17f4aa206b411f8101bea Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 19:03:42 GMT x-amz-version-id tw67dfGRTEGShAwDBjF4wSjqrAZ_2qpY via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-cf-pop IAD61-P2 age 185676 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 51194 last-modified Tue, 04 Apr 2023 22:49:01 GMT server AmazonS3 etag "9e4ffe913c13221265f2ff57e913be04" content-type image/jpeg cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id JsFzdkENOfjuwFDa-Pd1rWZMmjJeeTBrQpzL1JEw-ejvPLIyglDDMw==
GET H2	200	455389808_MWBStaffLogoShort.png.471513c6a13f05393350352f7bc42e55.png content.invisioncic.com/Mmalware/monthly_2020_11/	3 KB 3 KB	254ms 253ms	Image image/png	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_11/455389808_MWBStaffLogoShort.png.471513c6a13f05393350352f7bc42e55.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 24c13cdea638620ec96bc3b7ba1bdef0cbe3ad0847b2ddc6f041df1fa24cffa4 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sun, 05 Nov 2023 10:59:37 GMT x-amz-version-id g54XEf4skAMSD4MV29N7aPk8wAUfSLu7 via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-cf-pop IAD61-P2 age 301121 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 2919 last-modified Fri, 06 Nov 2020 22:28:19 GMT server AmazonS3 etag "840107c60632e151d3d4ed52457243db" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 6IoRGxbI7Rvl6bgAnmO6B5JY4ZMvGeRlhcA1pPSOWElY_HgmB1dxHA==
GET H2	200	gtm.js Show response www.googletagmanager.com/	397 KB 120 KB	270ms 101ms	Script application/javascript	2607:f8b0:4020:804::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash a3dff9acf002bdfa68e783230fa57047feb1665130429600245ab528b540aad3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:17 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 122547 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Wed, 08 Nov 2023 22:38:17 GMT
GET H2	200	CONS_PCmag_728x90.png.14a2528af4359a57b15c72130caf4590.png content.invisioncic.com/Mmalware/monthly_2023_06/	60 KB 60 KB	273ms 271ms	Image image/png	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2023_06/CONS_PCmag_728x90.png.14a2528af4359a57b15c72130caf4590.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f5d4c00cea7d26cd2f10e1885395216df960748bcae7026a030ffcd3c0fdb029 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sun, 05 Nov 2023 10:11:08 GMT x-amz-version-id 42Kp1rFTXg4J5aCSkHlQ_aWDCVNMPDk8 via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-cf-pop IAD61-P2 age 304030 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 61119 last-modified Wed, 07 Jun 2023 21:30:50 GMT server AmazonS3 etag "f462d14a7ea6d2ced8164f13df4c67db" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id GtbAiRlnqBXg-X8-SfOXmZC7SIdbmBi3jLOe8sTWQkCEHdhF0AEMQg==
GET H2	200	root_library.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	368 KB 121 KB	147ms 143ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1a8e04ea5908efdb644bba217bcb4bca38bbf78c8a3ce038a6afed25342c60b3 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id M977EeV5Vx8rTki_nZf4.d5p5qFI49Eb x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 123751 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "9cf0bd0ae73fa69c7547786739b2b87e" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id wIFw7cDukTstlXtk6c8Xd_IsFITx1wluoiYyI4M4m7MKWPWb2oExhQ==
GET H2	200	root_js_lang_1.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	103 KB 33 KB	131ms 127ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_js_lang_1.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f0d4c18cca855d9a79443a27f60f3df529af5add0084b41cd0a09b446fd3ddbc Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id OMcOAcvyaaqK62eA5Alk_chs9gOZW_uA x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 32827 last-modified Mon, 06 Nov 2023 21:19:45 GMT server AmazonS3 etag "612f1ee35a4648fe145bea6b6695a4d8" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id JVE0-SFf2op2JNVFbuE2xFvYX8RutdZ6SbHFFx0l5s_FYYz7jnzDrA==
GET H2	200	root_framework.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	436 KB 100 KB	212ms 208ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_framework.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b612f745e718ad4eb11f04049fdcc320fdc626965e4dc1db0211665d95889999 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id LqCJA11B0p4o_imz1vIQr6j_PK8aA2NQ x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 101679 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "5ffd55b81e5a6231e866c6891338bf9e" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id FSLsJ4kRWG9nr01lYRkYapuvMLiK3ViZ_tl_CPOxodsAq7E-TB8cCg==
GET H2	200	global_global_core.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	37 KB 9 KB	123ms 120ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/global_global_core.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6e150c24cfaf27170cd5943e9ce0d3c4f6cab99cb3af1e29697756b927beb1bc Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id wyQvEgdszNK6aYdh9KCa0Ber84Yxxgwq x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 8982 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "f16b7d8b4152a7128086da870de5b264" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id SZsdgOPMxnZ9bwClIJQQ8VaSNVxcq6FY1y2ciBSlpA4KeExV0zoG3A==
GET H2	200	root_front.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	103 KB 23 KB	216ms 212ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_front.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c306af4e97074a571c2e7a301c397e315eda1657bbd28bcc4715ae55881e4065 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id sl_8yV1jRQe4HVWbqBuSNizwHZrPE26e x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 23176 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "fd34a68369ae14b8033c2a6040aae58c" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id W8JsMFTRoZtbVDX-rgge1UQMnmr9rcuY9Mn9szk0NxJBk9-akM_xBQ==
GET H2	200	front_front_core.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	37 KB 9 KB	152ms 148ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/front_front_core.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7ae85fb920726bd3f639d6409b5f5555dce80a9ccfa840e24cc018a80b001041 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id rPUkeWXFf5sadFiQkGmyS_2s1.vXKtiY x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 8922 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "3f500e7acabeea498e2c2adb30036859" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 3KkFIC4Xq0LE14C8lWByVn241iip0XBxUwUaSI8rRhPy65auP6D8zQ==
GET H2	200	front_front_topic.js.gz Show response content.invisioncic.com/Mmalware/javascript_forums/	5 KB 2 KB	256ms 253ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_forums/front_front_topic.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 73f300c3e43fab5e7d74c3973d9134ac76b01e27a2288f711a851a9d8a8d3a0e Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id 1puGdO65p0u1ORr09eAQ6uS4DxKUQ7ee x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1277 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "702180aafa4f6cf57df069737a132abd" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id AMlM2l3OqvkBDmIfKhG3yifFHjVWr9h7eWFFukFrjOODnO4sYJ4VbQ==
GET H2	200	front_front_realtime.js.gz Show response content.invisioncic.com/Mmalware/javascript_cloud/	13 KB 4 KB	254ms 252ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_cloud/front_front_realtime.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2b99b45bf156d9402a42d4ceaa87ad266bce8cc2cbdb3a3bba8fa8b53da11460 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id zuqcOVot59ocn2jx8YfL6kta4_tItOJB x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 3405 last-modified Mon, 06 Nov 2023 21:19:46 GMT server AmazonS3 etag "d8f803354d80bc3489be9bf5c348b26f" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id oWNLlcjd-NImsFHhb6BPqtzpAJELe1mbFgEN1CJfDyiO6j94PdKWqQ==
GET H2	200	front_app.js.gz Show response content.invisioncic.com/Mmalware/javascript_cloud/	5 KB 2 KB	252ms 250ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_cloud/front_app.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f124fa95609f20c04ba5f434a7360e4813b14641fb33b099f67b149d0f7bb3c3 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id NfbJ25Tr52Vzn7fcuoGbM0fJCXJ_cet2 x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1753 last-modified Mon, 06 Nov 2023 21:19:47 GMT server AmazonS3 etag "65d74ba8a67c0fb400cd17966373d7bb" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id N4hz2nNIsTnw-feayeXXt5J7iEiV7I4t8KXt7ncOKf7Go7N8eVkPYA==
GET H2	200	root_map.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	2 KB 844 B	253ms 251ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_map.js.gz?v=d815db93211699465007 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3833945fdb099614a94445208933bf13e615ebfcc80d1db887fe223fa2f8e581 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:32 GMT content-encoding gzip via 1.1 359b6b96f5bc39c3c18c245a5430d31c.cloudfront.net (CloudFront) x-amz-version-id E69wy6qoY_jmRLqZUyl0U6tEncEFNTU8 x-amz-cf-pop IAD61-P2 age 17926 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 353 last-modified Wed, 08 Nov 2023 17:36:48 GMT server AmazonS3 etag "425b55b71904001db23f94df6d935240" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id URzn78lq79LJQW787WrCv6q4KkVVizGR4vFiHyPv_ly_I7KGJrXnww==
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v13/	46 KB 46 KB	234ms 72ms	Font font/woff2	2607:f8b0:4020:804::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://forums.malwarebytes.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Thu, 02 Nov 2023 16:54:27 GMT x-content-type-options nosniff age 539030 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 46704 x-xss-protection 0 last-modified Wed, 13 Sep 2023 23:49:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 01 Nov 2024 16:54:27 GMT
GET H3	200	2021-06-25_13h42_15.thumb.png.1335d6a99dcf0633d1032d96ce48bdfc.png content.invisioncic.com/Mmalware/monthly_2021_06/	42 KB 42 KB	67ms 67ms	Image image/png	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2021_06/2021-06-25_13h42_15.thumb.png.1335d6a99dcf0633d1032d96ce48bdfc.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0adac79eeb001dfe7a4f034ccec64d24aed78d14ef830e142c5a66033fb3c73d Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sun, 05 Nov 2023 10:12:53 GMT x-amz-version-id null via 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront) age 303925 x-amz-cf-pop IAD61-P2 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 42571 last-modified Fri, 25 Jun 2021 18:46:07 GMT server AmazonS3 etag "26a283f2670dc7cd88113c6595abc8ff" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 8BYT6_a3atZJ4uwqsjAn3NRECCrJg2q2z36dNLlxaeIE6uhssk1rHA==
GET H3	200	what_kirk.thumb.gif.70b2b23aa23a2941e8842dad5086b144.gif content.invisioncic.com/Mmalware/monthly_2020_11/	1 MB 1 MB	68ms 68ms	Image image/gif	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_11/what_kirk.thumb.gif.70b2b23aa23a2941e8842dad5086b144.gif Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H3 Security QUIC, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6e53518089ad9ea0906b7df8cbf6b0434f8d33e62e8be8cef079ce87d790977c Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sun, 05 Nov 2023 01:05:22 GMT x-amz-version-id null via 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront) age 336776 x-amz-cf-pop IAD61-P2 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1293557 last-modified Wed, 25 Nov 2020 03:58:09 GMT server AmazonS3 etag "e5dacb932304aa23c6430e1c1e695834" content-type image/gif cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id VSU0Nrwfzaf01ECFCYYGQQZMANW-f8br_CM2X5Afp5TJrlDH2gh_lw==
GET H2	200	js Show response www.googletagmanager.com/gtag/	298 KB 92 KB	102ms 99ms	Script application/javascript	2607:f8b0:4020:804::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 14adee61936a58e0d92a10e48a3bef6a6672dafb418ef3927c3b732925f2781a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 93957 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Wed, 08 Nov 2023 22:38:18 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	202 KB 54 KB	253ms 67ms	Script application/x-javascript	2a03:2880:f012:10c:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Wed, 08 Nov 2023 22:38:18 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 54273 x-xss-protection 0 reporting-endpoints pragma public x-fb-debug hXRe+viEX+e1clUYIKdonNtEWqUMC5FmwDl8ovx2DH0jtYsYduoZF4c1xnQx/0sTnXyYWu/iSBrFKRr24LH+WA== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	252ms 72ms	Script text/javascript	2607:f8b0:4020:807::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Wed, 08 Nov 2023 21:22:57 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 4521 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Wed, 08 Nov 2023 23:22:57 GMT
GET H2	200	malwarebytes.jsp Show response www.upsellit.com/active/	48 KB 14 KB	156ms 53ms	Script application/x-javascript	34.117.39.58 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://www.upsellit.com/active/malwarebytes.jsp Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.39.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 58.39.117.34.bc.googleusercontent.com Software nginx / Resource Hash 9a4302c69aa1d989f65d6f4d1c0011122efefa6cb555675735e5932f5e852168 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip via 1.1 google date Wed, 08 Nov 2023 17:57:05 GMT server nginx age 16873 vary Accept-Encoding content-type application/x-javascript;charset=ISO-8859-1 cache-control max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14145 expires Thu, 09 Nov 2023 17:57:05 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	268ms 75ms	Script application/x-javascript	23.205.10.252 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.205.10.252 Piscataway, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-10-252.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Date Wed, 08 Nov 2023 22:38:18 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	235ms 60ms	Script application/javascript	146.75.36.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 18:08:41 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip" vary Accept-Encoding,Host x-cache HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kcgs7200123-IAD
GET H2	200	web-vitals.umd.js Show response unpkg.com/web-vitals@3.0.0/dist/	7 KB 3 KB	171ms 95ms	Script application/javascript	2606:4700::6810:7daf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.umd.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b7be58558ac5f613c44cc4ca498d6bd64de88aaa3f78e6d618771758205e8b9b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT content-encoding br strict-transport-security max-age=31536000; includeSubDomains; preload age 11235026 last-modified Sat, 26 Oct 1985 08:15:00 GMT fly-request-id 01H49PTEMZBA1RK7RRQRDDPVH9-mia server cloudflare etag W/"1ae1-tMDPEHOSIsyc9nlymp5rO1O4NKA" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 82314e333ca95730-MIA
GET H2	200	js Show response www.googletagmanager.com/gtag/	236 KB 81 KB	105ms 104ms	Script application/javascript	2607:f8b0:4020:804::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-930356311 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 82507d3f98b5b02e7d85e9c99c6ef3f9d1650e4b224b87b5b7c2e99f60c3552e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 82826 x-xss-protection 0 last-modified Wed, 08 Nov 2023 21:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 08 Nov 2023 22:38:18 GMT
GET		tag.js www.estore.malwarebytes.com/proxydirectory/tags/445691266569/	0 0
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	12 KB 4 KB	265ms 67ms	Script application/javascript	2600:1400:9000::687e:74ca AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:9000::687e:74ca New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 08 Nov 2023 07:18:39 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=31207 accept-ranges bytes content-length 3840
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	168ms 56ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Wed, 08 Nov 2023 22:38:18 GMT last-modified Fri, 20 Oct 2023 01:13:24 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: FDB1D1D6DA1947A2801EEB91DD032A0D Ref B: MIAEDGE1319 Ref C: 2023-11-08T22:38:18Z etag "0125f9ff22da1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13079
GET H2	200	HWyTnY16.min.js Show response scripts.demandbase.com/	77 KB 22 KB	226ms 71ms	Script application/javascript	18.160.10.40 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://scripts.demandbase.com/HWyTnY16.min.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.160.10.40 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-10-40.iad12.r.cloudfront.net Software AmazonS3 / Resource Hash 6cdc629b82b64d4786f1a011762130e50e535f4c512cf31a43ffcbc28bea94b1 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-amz-version-id .JGpFtG1JES1WNLkS2TfBbPyx3_AyaiQ content-encoding gzip via 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront) date Wed, 08 Nov 2023 22:27:26 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 age 653 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront last-modified Tue, 07 Nov 2023 20:29:06 GMT server AmazonS3 etag W/"c7a2f65f08322190be61b097e246680a" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control public, max-age=3600 permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-id ieLTULWZQJFNxVPqGN9hO_QUTt8Zir8TMn03ftaKmkt7MMl1IhdbJQ==
GET H2	404	demandbase-forms.js www.malwarebytes.com/js/	0 0	191ms 60ms	Script text/html	192.0.66.233 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers
GET H3	200	index.php Show response forums.malwarebytes.com/	2 B 807 B	117ms 116ms	XHR application/json	18.67.76.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/index.php?app=core&module=system&controller=ajax&do=attachmentInfo&csrfKey=1ddfa25fc65e8ef58f2280572f4903fa&attachIDs%5B365647%5D=true&attachIDs%5B365648%5D=true Requested by Host: content.invisioncic.com URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211699465007 Protocol H3 Security QUIC, , AES_128_GCM Server 18.67.76.98 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-67-76-98.iad89.r.cloudfront.net Software Apache / Resource Hash 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ X-Requested-With XMLHttpRequest accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers expires 0 date Wed, 08 Nov 2023 22:38:18 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' via 1.1 122cd39a473c6e4835362753fc929a08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000 x-amz-cf-pop IAD89-P2 x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 content-length 22 x-xss-protection 0 x-ips-loggedin 0 referrer-policy strict-origin-when-cross-origin server Apache x-frame-options sameorigin vary Cookie,Accept-Encoding content-type application/json;charset=UTF-8 cache-control no-cache, no-store, must-revalidate, max-age=0, s-maxage=0 x-amz-cf-id VKNSGJPt691s2jgBG_4HnjmT_8NvMA8B-DLPXUaQmK0N5DnM9GET_A== x-content-security-policy frame-ancestors 'self'
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/	2 KB 2 KB	266ms 100ms	Script text/javascript	2607:f8b0:4020:806::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1699483098332&cv=11&fst=1699483098332&bg=ffffff&guid=ON&async=1&gtm=45be3b60v9137103858&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&hn=www.googleadservices.com&frm=0&tiba=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1220529162.1699483098&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 15e17dfd28a1797bae64b4b46c702e34084650e474ac43b848083534e3defbfa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1357 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/407675570/	2 KB 1 KB	248ms 104ms	Script text/javascript	2607:f8b0:4020:806::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/407675570/?random=1699483098365&cv=11&fst=1699483098365&bg=ffffff&guid=ON&async=1&gtm=45be3b60v9137103858&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&hn=www.googleadservices.com&frm=0&tiba=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1220529162.1699483098&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7b226c08300f32c5ad3a6660c5835950704fb7aeb4748eb18dd03a631c63547a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1360 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect analytics.google.com/g/	0 259 B	133ms 48ms	Ping text/plain	2001:4860:4802:32::181 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=45je3b60v872204243z86688972&_p=1699483097444&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=703659658.1699483098&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&sid=1699483098&sct=1&seg=0&dt=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Consumer&tfd=1259 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 250 B	190ms 67ms	Ping text/plain	2607:f8b0:4004:c08::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K8KCHE3KSC&cid=703659658.1699483098&gtm=45je3b60v872204243z86688972&aip=1&dma=0&gcd=11l1l1l1l1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c08::9c Ashburn, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	adsct t.co/i/	43 B 375 B	178ms 50ms	Image image/gif	104.244.42.5 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=b058975c-35b2-4c97-ae76-7ad7438398ce&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8f1e19f3-9dd8-4314-95f7-9714aefdb34a&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.5 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-response-time 6 date Wed, 08 Nov 2023 22:38:17 GMT strict-transport-security max-age=0 server tsa_b content-type image/gif;charset=utf-8 x-transaction-id ab6e60ef43919663 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 31ba23c6b0f2cc9111ca161a1e9095f6029681fa8e8f36f3dbd5c0bd5ce603e3 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 393 B	183ms 51ms	Image image/gif	104.244.42.131 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b058975c-35b2-4c97-ae76-7ad7438398ce&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8f1e19f3-9dd8-4314-95f7-9714aefdb34a&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.131 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-response-time 5 date Wed, 08 Nov 2023 22:38:18 GMT strict-transport-security max-age=631138519 server tsa_b content-type image/gif;charset=utf-8 x-transaction-id 6ecae651f970a50c cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 6995009649bd6270fb8e3723fe9eb65f262afaa1b69f4976dcd76be24b482d24 content-length 43
GET H2	200	1480959392203028 Show response connect.facebook.net/signals/config/	134 KB 36 KB	302ms 300ms	Script application/x-javascript	2a03:2880:f012:10c:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1480959392203028?v=2.9.138&r=stable&domain=forums.malwarebytes.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4a8f5bd134d3ba286ea3d77cd36326891380a05b3ee72181ed525ba14178dcb6 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Wed, 08 Nov 2023 22:38:18 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints pragma public x-fb-debug RUDUtTYolmfTT3wA3dSK93x/4vtDOMj/tDVEGBTrHFqh1cpGyqqFq00TnSm505v5Ox3MDc2JwA9t1OMIjlYfpw== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	204	4072696.js Show response bat.bing.com/p/action/	0 116 B	59ms 59ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/4072696.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Wed, 08 Nov 2023 22:38:18 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: DB6B94A286E54062A49068F9F822FA77 Ref B: MIAEDGE1319 Ref C: 2023-11-08T22:38:18Z x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 359 B	86ms 85ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=4072696&tm=gtm002&Ver=2&mid=6529a262-230f-43fe-9aa2-74c57f4458fd&sid=836a54007e8711eea64cd1ba4b5da4f5&vid=836a8b407e8711ee8b405be10de8bb10&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&p=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&r=&lt=865&evt=pageLoad&sv=1&rn=48687 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 08 Nov 2023 22:38:18 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 9CE3CBB624924091BB2B67B1E106A3DA Ref B: MIAEDGE1319 Ref C: 2023-11-08T22:38:18Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	74ms 73ms	Script application/x-javascript	23.205.10.252 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.205.10.252 Piscataway, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-10-252.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Date Wed, 08 Nov 2023 22:38:18 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Fri, 16 Feb 2024 22:38:18 GMT
GET H2	200	insight.beta.min.js Show response snap.licdn.com/li.lms-analytics/	41 KB 15 KB	67ms 67ms	Script application/javascript	2600:1400:9000::687e:74ca AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.beta.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:9000::687e:74ca New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 08 Nov 2023 07:18:40 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=31311 accept-ranges bytes content-length 15307
GET H2	200	linkid.js Show response www.google-analytics.com/plugins/ua/	2 KB 1 KB	76ms 75ms	Script text/javascript	2607:f8b0:4020:807::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/linkid.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:21:41 GMT content-encoding br x-content-type-options nosniff age 997 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 697 x-xss-protection 0 last-modified Fri, 30 Jun 2023 18:58:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Wed, 08 Nov 2023 23:21:41 GMT
GET H2	200	sync Show response s.company-target.com/s/ Frame 0B36	634 B 977 B	172ms 73ms	Document text/html	34.96.71.22 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://s.company-target.com/s/sync?exc=lr Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 22.71.96.34.bc.googleusercontent.com Software / Resource Hash c5ac72f72c4eff3ceb3708dd096913fc75baa6f2aac59d1c019c27e84166e726 Request headers Referer https://forums.malwarebytes.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-methods GET,OPTIONS alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 634 content-type text/html; charset=UTF-8 date Wed, 08 Nov 2023 22:38:18 GMT via 1.1 google
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	158ms 73ms	Image text/plain	35.190.60.146 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 146.60.190.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:18 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
POST H2	200	ip.json Show response api.company-target.com/api/v2/	458 B 968 B	266ms 123ms	XHR application/json	108.138.85.12 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&page_title=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.85.12 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-85-12.iad12.r.cloudfront.net Software nginx / Resource Hash 6d1a373274c58b499fd110f1e308b8169a247780d9f0ecdf4df1ea896f5e72da Request headers Referer https://forums.malwarebytes.com/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Wed, 08 Nov 2023 22:38:18 GMT identification-source CENTRAL content-encoding gzip via 1.1 8a5a55219dfdbca831a0a40e05aaa842.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P2 x-cache Miss from cloudfront request-id 52a8aab3-dd1f-4a6f-a42d-6e1192182868 pragma no-cache server nginx access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS content-type application/json;charset=utf-8 access-control-allow-origin https://forums.malwarebytes.com access-control-expose-headers x-amz-cf-id cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true vary Accept-Encoding, Origin api-version v2 access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id nYAevVFNvbqUMLQfSvP3EnmPf2PEY7VDI9HAGLqpxbfhcW_sZFz_tQ== expires Tue, 07 Nov 2023 22:38:18 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/930356311/	42 B 108 B	275ms 105ms	Image image/gif	2607:f8b0:4020:805::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/930356311/?random=1699483098332&cv=11&fst=1699480800000&bg=ffffff&guid=ON&async=1&gtm=45be3b60v9137103858&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&frm=0&tiba=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaN7dmTWPLBXi6uWHNrp4v89aqPQPPK9g&random=3975053216&rmt_tld=0&ipr=y Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2594100%26time%3D1699483098641%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.co... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true&... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true...	0 706 B	209ms 122ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAkDbY-znLJgAAAYuxFiBnebvsxGGeRiQDhaTM2lR1mymUjRJwOncojZr5-mzDq5YSOg Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:19 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: AD54B112445245BB94D6AAFB28AF2F1E Ref B: MIA301000107051 Ref C: 2023-11-08T22:38:19Z linkedin-action 1 report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} content-type application/javascript x-li-fabric prod-lor1 x-cache CONFIG_NOCACHE x-li-proto http/2 content-length 0 x-li-uuid AAYJq75xroABkrZAFPaVpg== Redirect headers date Wed, 08 Nov 2023 22:38:18 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 4C03F1A1F41447979FF75DC8B491BE73 Ref B: MIAEDGE2712 Ref C: 2023-11-08T22:38:19Z linkedin-action 1 report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699483098641&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAkDbY-znLJgAAAYuxFiBnebvsxGGeRiQDhaTM2lR1mymUjRJwOncojZr5-mzDq5YSOg x-cache CONFIG_NOCACHE x-li-proto http/2 content-length 0 x-li-uuid AAYJq75uVtXSIM72GvXvqQ==
GET H2	200	/ www.google.com/pagead/1p-user-list/407675570/	42 B 455 B	267ms 103ms	Image image/gif	2607:f8b0:4020:805::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/407675570/?random=1699483098365&cv=11&fst=1699480800000&bg=ffffff&guid=ON&async=1&gtm=45be3b60v9137103858&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&frm=0&tiba=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNQA8rGveeLrdHdWHjx5_xWHc56YlGKA&random=2972503221&rmt_tld=0&ipr=y Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	3 B 213 B	98ms 98ms	XHR text/plain	2607:f8b0:4020:807::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=652098089&t=pageview&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&ul=en-us&de=UTF-8&dt=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aDDAgEAjAAAAACAAIg~&cid=703659658.1699483098&uid=52D3FA07-B95E-400E-85B0-D9FEB85ED9E0&tid=UA-3347303-10&_gid=974793150.1699483099&_slc=1&gtm=45He3b60n71MKSKW3v6688972&gcd=11l1l1l1l1&dma=0&z=1180058809 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://forums.malwarebytes.com/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200 OK	visitWebPage 805-usg-300.mktoresp.com/webevents/	2 B 318 B	258ms 61ms	Ping text/plain	192.28.144.124 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://805-usg-300.mktoresp.com/webevents/visitWebPage?_mchNc=1699483098653&_mchCn=&_mchId=805-USG-300&_mchTk=_mch-malwarebytes.com-1699483098652-46335&_mchHo=forums.malwarebytes.com&_mchPo=&_mchRu=%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.144.124 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Date Wed, 08 Nov 2023 22:38:18 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id de9e15ae-bdc1-4446-b805-cee523fc8683
GET H3	200	front_front_widgets.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	16 KB 5 KB	68ms 68ms	Script text/javascript	2600:9000:244d:5e00:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/front_front_widgets.js.gz?v=d815db93211699465007&csrfKey=&antiCache=d815db93211699465007 Requested by Host: content.invisioncic.com URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211699465007 Protocol H3 Security QUIC, , AES_128_GCM Server 2600:9000:244d:5e00:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3e2a06ebf1e42871cb98243dc0120e51087ee2b0200414047751f07dc712e458 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 17:39:33 GMT content-encoding gzip via 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront) x-amz-version-id eycP4q5vLog0aE4f.Ut5GvZ0T6iNCXxA age 17926 x-amz-cf-pop IAD61-P2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 4246 last-modified Mon, 06 Nov 2023 21:54:21 GMT server AmazonS3 etag "7d07817c9aad54d0dc6a741a6aa8ff8f" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id -MLFTzv4hixeS6OAhCdNOBuGjrP2zJLe2HeUuH8KrsE8Yc7VF2lO1w==
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 0B36 Redirect Chain https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715207898&external_user_id=2c49bafa-793b-4640-a667-e52ec2998d35 https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715207898&external_user_id=2c49bafa-793b-4640-a667-e52ec2998d35&C=1	43 B 538 B	164ms 163ms	Image image/gif	172.64.151.101 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1715207898&external_user_id=2c49bafa-793b-4640-a667-e52ec2998d35&C=1 Requested by Host: s.company-target.com URL: https://s.company-target.com/s/sync?exc=lr Protocol H2 Server 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:19 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xy3Ljc1i047y5M1YkmcF9NvQTd6jYoKXnfQ5fEK%2BstSVTBSbCbNfmsdf%2FenknVSThUtNSJvVjUgFuqQSsbIZWCmIafNtYpAmODbiSlgZUgULCPRvHyw8X%2BLJ8SWZq9Jfp%2BOu6axvK9za3g%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 82314e390c4c5c64-MIA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Wed, 08 Nov 2023 22:38:19 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ke3qYmX0VxUxPHb948ZTWpoSoQucA8Nz2kux2jNY0M9x8JI%2FVBDK%2FulDkYPdoftxaOiUcYmhfEsFfWHA50ZZ6cKb0biTJuMIexWbUlyVwUObXyXAaWiJ8ix9mlpgzVo7%2F2YvVdlvaH1iOQ%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" location /rum?cm_dsp_id=18&expiry=1715207898&external_user_id=2c49bafa-793b-4640-a667-e52ec2998d35&C=1 cache-control no-cache cf-ray 82314e37d97c5c64-MIA alt-svc h3=":443"; ma=86400 content-length 0 expires 0
GET H2	200	sync partners.tremorhub.com/ Frame 0B36	43 B 393 B	199ms 60ms	Image image/gif	2600:1f18:612b:4200:a603:352b:567c:fe77 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://partners.tremorhub.com/sync?UIDM=2c49bafa-793b-4640-a667-e52ec2998d35 Requested by Host: s.company-target.com URL: https://s.company-target.com/s/sync?exc=lr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:1f18:612b:4200:a603:352b:567c:fe77 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software nginx / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers p3p CP='This is not a P3P policy. See https://telaria.com/privacy-policy/' date Wed, 08 Nov 2023 22:38:18 GMT server nginx content-type image/gif
GET H/1.1	200 OK	tap.php pixel.rubiconproject.com/ Frame 0B36	42 B 764 B	301ms 65ms	Image image/gif	8.43.72.98 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?nid=5578&put=2c49bafa-793b-4640-a667-e52ec2998d35&v=1181926 Requested by Host: s.company-target.com URL: https://s.company-target.com/s/sync?exc=lr Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Content-Type image/gif Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate content-length 42 X-RPHost 368ba1c92c09ff88b641150fbbf94341 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
POST H2	204	collect analytics.google.com/g/	0 45 B	50ms 49ms	Ping text/plain	2001:4860:4802:32::181 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=45je3b60v872204243&_p=1699483097444&gcd=11l1l1l1l1&dma=0&cid=703659658.1699483098&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&sid=1699483098&sct=1&seg=0&dt=What%20is%20r20.rs6.net%20and%20how%20can%20I%20stop%20it%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&en=Demandbase_Event&_ee=1&ep.2=(Non-Company%20Visitor)&ep.3=Bot&ep.4=(Non-Company%20Visitor)&ep.5=(Non-Company%20Visitor)&ep.6=(Non-Company%20Visitor)&ep.7=(Non-Company%20Visitor)&ep.8=(Non-Company%20Visitor)&ep.9=(Non-Company%20Visitor)&ep.10=(Non-Company%20Visitor)&ep.11=Miami&ep.12=FL&ep.13=(Non-Company%20Visitor)&ep.14=(Non-Company%20Visitor)&ep.15=(Non-Company%20Visitor)&ep.16=(Non-Company%20Visitor)&ep.17=US&ep.18=(Non-Company%20Visitor)&ep.24=(Non-Company%20Visitor)&ep.content_group=Consumer&_et=393&tfd=1695 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Wed, 08 Nov 2023 22:38:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bg9s Show response tag-logger.demandbase.com/	0 419 B	266ms 81ms	XHR text/html	2600:9000:2305:4000:1d:8d6d:3b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=nYAevVFNvbqUMLQfSvP3EnmPf2PEY7VDI9HAGLqpxbfhcW_sZFz_tQ==&api-version=v2 Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2305:4000:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-amz-version-id 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH date Wed, 08 Nov 2023 19:26:37 GMT via 1.1 6ef654a6fd950af1eb6fc4790b972c72.cloudfront.net (CloudFront) x-amz-cf-pop IAD89-P2 age 11502 x-amz-server-side-encryption AES256 x-cache Error from cloudfront content-length 0 last-modified Tue, 07 Mar 2023 20:47:02 GMT server AmazonS3 etag "d41d8cd98f00b204e9800998ecf8427e" vary Accept-Encoding content-type text/html access-control-allow-origin * accept-ranges bytes x-amz-cf-id BzHrWKurMU3Czj86ze9VKV8Gpz-Blan3yZTuxn1OKdy2RU6H0aP2ug==
GET H2	200	/ www.facebook.com/tr/	0 185 B	223ms 67ms	Image text/plain	2a03:2880:f112:182:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1480959392203028&ev=PageView&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F296579-what-is-r20rs6net-and-how-can-i-stop-it%2F&rl=&if=false&ts=1699483098916&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1699483098915.2098102110&ler=empty&it=1699483098540&coo=false&tm=1&rqm=GET Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/296579-what-is-r20rs6net-and-how-can-i-stop-it/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Wed, 08 Nov 2023 22:38:19 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 202 B	133ms 133ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept * Referer https://forums.malwarebytes.com/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Wed, 08 Nov 2023 22:38:19 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 503C56AC43574E818E3DEF6ED6FABEC2 Ref B: MIAEDGE2712 Ref C: 2023-11-08T22:38:19Z linkedin-action 1 vary Origin report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} x-li-fabric prod-lor1 access-control-allow-origin https://forums.malwarebytes.com x-cache CONFIG_NOCACHE x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYJq75znEIbz8iUzr2oxQ==
GET H2	200	customer_ip.jsp Show response www.upsellit.com/utility/	118 B 195 B	110ms 110ms	Script application/x-javascript	34.117.39.58 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://www.upsellit.com/utility/customer_ip.jsp?companyID=11657&si=a6873b_1699483100 Requested by Host: www.upsellit.com URL: https://www.upsellit.com/active/malwarebytes.jsp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.39.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 58.39.117.34.bc.googleusercontent.com Software nginx / Resource Hash 91a21f6676ffbdcc18292a03ef7d95d195af3cdcf35d52831059a8906dbe315c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-US,en;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 08 Nov 2023 22:38:19 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 google server nginx content-type application/x-javascript;charset=ISO-8859-1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 118 expires Thu, 09 Nov 2023 22:38:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.estore.malwarebytes.com

URL

https://www.estore.malwarebytes.com/proxydirectory/tags/445691266569/tag.js