reasonlabs.com Open in urlscan Pro
76.76.21.21 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Effective URL:
https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Submission: On August 09 via api (August 9th 2024, 6:34:18 am UTC) from DE — Scanned from DE

Summary HTTP 170 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 18 domains to perform 170 HTTP transactions. The main IP is 76.76.21.21, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is reasonlabs.com. The Cisco Umbrella rank of the primary domain is 302972.
TLS certificate: Issued by R10 on June 25th 2024. Valid for: 3 months.

This is the only time reasonlabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
74	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
23	2606:4700::68... 2606:4700::6812:f3e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.242.229 104.16.242.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
5	2600:9000:236... 2600:9000:236e:9200:16:b250:9b40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	18.66.102.9 18.66.102.9	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:1d7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
9	2606:4700:20:... 2606:4700:20::681a:d5f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
10	23.213.161.222 23.213.161.222	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
14	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
1	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
2	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
4	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	104.16.51.111 104.16.51.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
170	20

74 76.76.21.21 (Walnut, United States)

ASN16509 (AMAZON-02, US)

reasonlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2606:4700::6812:f3e (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.242.229 (None, )

ASN13335 (CLOUDFLARENET, US)

static-cf.cleverbridge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:236e:9200:16:b250:9b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.reasonlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.102.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-9.fra56.r.cloudfront.net

pac.rlproton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1d7f (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:20::681a:d5f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.equalweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.213.161.222 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-222.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)

reasonsecurity.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
79	reasonlabs.com reasonlabs.com — Cisco Umbrella Rank: 302972 cdn.reasonlabs.com — Cisco Umbrella Rank: 399412	1 MB
23	cookiepro.com cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 13568	167 KB
14	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 3854 ekr.zdassets.com — Cisco Umbrella Rank: 4356	522 KB
10	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 963	142 KB
9	equalweb.com cdn.equalweb.com — Cisco Umbrella Rank: 32686	22 KB
8	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	370 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	73 KB
3	rlproton.com pac.rlproton.com	482 B
2	zendesk.com reasonsecurity.zendesk.com	2 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	609 B
2	t.co t.co — Cisco Umbrella Rank: 979	652 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3773
2	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	442 B
2	cleverbridge.com static-cf.cleverbridge.com — Cisco Umbrella Rank: 427989	7 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6716	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	253 B
170	18

	Domain	Requested by
74	reasonlabs.com	reasonlabs.com
23	cookie-cdn.cookiepro.com	reasonlabs.com cookie-cdn.cookiepro.com
13	static.zdassets.com	reasonlabs.com static.zdassets.com
10	analytics.tiktok.com	reasonlabs.com analytics.tiktok.com
9	cdn.equalweb.com	reasonlabs.com cdn.equalweb.com
8	www.googletagmanager.com	reasonlabs.com www.googletagmanager.com
5	cdn.reasonlabs.com	reasonlabs.com
4	www.facebook.com	reasonlabs.com
4	connect.facebook.net	reasonlabs.com connect.facebook.net
3	pac.rlproton.com	reasonlabs.com
2	reasonsecurity.zendesk.com	static.zdassets.com
2	analytics.twitter.com	reasonlabs.com
2	t.co	reasonlabs.com
2	region1.analytics.google.com	www.googletagmanager.com
2	static.ads-twitter.com	www.googletagmanager.com
2	geolocation.onetrust.com	cookie-cdn.cookiepro.com
2	static-cf.cleverbridge.com	reasonlabs.com
1	ekr.zdassets.com	static.zdassets.com
1	www.google.de	reasonlabs.com
1	stats.g.doubleclick.net	www.googletagmanager.com
170	20

This site contains links to these domains. Also see Links.

Domain
chromewebstore.google.com
microsoftedge.microsoft.com
cyberpedia.reasonlabs.com
source.chromium.org
www.virustotal.com
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
familykeeper.reasonlabs.com
cookiepedia.co.uk
www.cookiepro.com

Subject Issuer	Validity	Valid
reasonlabs.com R10	`2024-06-25` - `2024-09-23`	3 months	crt.sh
cookiepro.com E6	`2024-07-17` - `2024-10-15`	3 months	crt.sh
*.cleverbridge.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-21` - `2024-12-21`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
rlproton.com Amazon RSA 2048 M02	`2023-11-14` - `2024-12-12`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
equalweb.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-18` - `2024-08-16`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
zdassets.com E6	`2024-06-29` - `2024-09-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.de WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
reasonsecurity.zendesk.com E6	`2024-06-15` - `2024-09-13`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Frame ID: 4D13328154A2B648922754CAA8F58253
Requests: 168 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 644E8765325A5BB9FADF63C07C383B2E
Requests: 47 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: FBD057E2627AD7481EEE9365DF5CE0E3
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Extension Trojan Malware Campaign | ReasonLabs

Page URL History Show full URLs

http://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign HTTP 307
https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign Page URL

Detected technologies

EqualWeb (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.equalweb\.com.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Page Statistics

170
Requests

100 %
HTTPS

47 %
IPv6

18
Domains

20
Subdomains

20
IPs

5
Countries

2519 kB
Transfer

10922 kB
Size

12
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://chromewebstore.google.com/
Title: Chrome Web Store

Search URL Search Domain Scan URL

URL: https://microsoftedge.microsoft.com/addons/Microsoft-Edge-Extensions-Home
Title: Microsoft Edge Add-ons

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/malware.html
Title: malware

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/trojan.html
Title: trojan

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/adware.html
Title: adware

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/powershell.html
Title: PowerShell

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/c2.html
Title: C2

Search URL Search Domain Scan URL

URL: https://source.chromium.org/chromium/chromium/src/+/HEAD:chrome/browser/upgrade_detector/upgrade_detector_impl.cc;l=204
Title: outdatedbuilddetector

Search URL Search Domain Scan URL

URL: https://source.chromium.org/chromium/chromium/src/+/main:extensions/docs/security_faq.md?q=extensions-on-chrome-url&ss=chromium%2Fchromium%2Fsrc
Title: removes protection

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/22e7d2d85820b49f1278ce152c5ed39fd88087c7a998dcf348b6164d5b33bb8d/details
Title: https://www.virustotal.com/gui/url/22e7d2d85820b49f1278ce152c5ed39fd88087c7a998dcf348b6164d5b33bb8d/details

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/collection/04480b9dc7eb0e7150ff89df24c8f30f11f40714b93a1cab00712bde7019fc55
Title: collection and graph with IOCs

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/5ce016d3133d960f68b0415d5bb825b143713ffaea751b098ffcf80353bc171b/content
Title: https://www.virustotal.com/gui/file/5ce016d3133d960f68b0415d5bb825b143713ffaea751b098ffcf80353bc171b/content

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReasonLabsCyberSec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/6428902

Search URL Search Domain Scan URL

URL: https://twitter.com/Reasonsecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Reasoncoresecurity

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/
Title: Cyberpedia

Search URL Search Domain Scan URL

URL: https://familykeeper.reasonlabs.com/
Title: FamilyKeeper

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.cookiepro.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign HTTP 307
https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

170 HTTP transactions
60 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request new-widespread-extension-trojan-malware-campaign Show response
reasonlabs.com/research/
Redirect Chain

http://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

171 KB
26 KB

91ms
30ms

Document
text/html

76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dca4cbb98102d13ad9acbaef3347e5237f2ebd2954ef40889877e772e6a96e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240891
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:34:12 GMT
etag: W/"4c36bb3ea1f535b00fe0a077c0555e8f"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /research/new-widespread-extension-trojan-malware-campaign
x-vercel-cache: HIT
x-vercel-id: fra1::6lhgm-1723185252239-03122eece371

Redirect headers

Location: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ 40 KB
10 KB 36ms
36ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::hsxd5-1723185252292-3ebe4a606749
age: 240994
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 0ec662aeefa47c32.css
reasonlabs.com/_next/static/css/ 6 KB
2 KB 37ms
36ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/0ec662aeefa47c32.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3ba8e9bca43cf0ec1c74472b11d9fdb32b1ae5a23e798a55e2ad4d2f48136f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::v7hhr-1723185252293-731e2cb68a0c
age: 239953
x-matched-path: /_next/static/css/0ec662aeefa47c32.css
etag: W/"04f463cae17c5216cf98aeb5eef54d84"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="0ec662aeefa47c32.css"

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 21 KB
7 KB 96ms
37ms Script
application/javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 40242
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b813487d1c3e-FRA
expires: Sat, 10 Aug 2024 06:34:12 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ 29 KB
7 KB 111ms
45ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:15 GMT
server: cloudflare
age: 45957
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b8135cc31da2-FRA
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:39:12 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ 28 KB
9 KB 31ms
28ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::hsxd5-1723185252309-33693a0487cd
age: 240994
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ 127 KB
43 KB 41ms
38ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252309-61ca90a943f9
age: 198546
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ 106 KB
33 KB 28ms
25ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::8s5ff-1723185252309-4b9b8b87683f
age: 240994
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ 140 KB
48 KB 51ms
49ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::vk46v-1723185252309-f3dd9cfaba71
age: 240993
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 1852-bf14fe5709c35c21.js Show response
reasonlabs.com/_next/static/chunks/ 22 KB
7 KB 30ms
27ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/1852-bf14fe5709c35c21.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e61a2227b4f8927a7bb04c00abf4470c65280bbd7be7c6d3c6645889818671be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::kggxj-1723185252309-c6b9059d0003
age: 240992
x-matched-path: /_next/static/chunks/1852-bf14fe5709c35c21.js
etag: W/"c8b074dcfa0d3e6b43b3bd000532a754"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1852-bf14fe5709c35c21.js"

GET
H2 200 1994-ba9996d7d0129c46.js Show response
reasonlabs.com/_next/static/chunks/ 89 KB
27 KB 49ms
47ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/1994-ba9996d7d0129c46.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8a5bcace9ac4612a8d5fe7e38adcb49bed25cc3f52c40fabb2031778e1febfef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::d8g84-1723185252309-a5aee6c8e276
age: 239953
x-matched-path: /_next/static/chunks/1994-ba9996d7d0129c46.js
etag: W/"4a12dc93f95e41b444abc36219623c5d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1994-ba9996d7d0129c46.js"

GET
H2 200 new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js Show response
reasonlabs.com/_next/static/chunks/pages/research/ 1 KB
891 B 28ms
26ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/research/new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5b1dfcadb7fc6e398a1c67b49c0b20bba912a7bd47abaf6517d4e04cff67e3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::llvww-1723185252309-0a3514c1df2a
age: 239953
x-matched-path: /_next/static/chunks/pages/research/new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js
etag: W/"27f1f4b9d213f6738db771082c1e2332"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ 14 KB
4 KB 39ms
38ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::8s5ff-1723185252313-38d443b26b11
age: 240994
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ 2 KB
727 B 39ms
37ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::kggxj-1723185252313-94601be4073c
age: 240994
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 267 KB
94 KB 93ms
41ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b993b1af2824acfd0d20bb3a8a191fee08cabec879eb4766a706769d35defa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96036
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 chat Show response
reasonlabs.com/ Frame 644E 3 KB
1 KB 34ms
33ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/chat

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 241088
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:34:12 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: fra1::llvww-1723185252313-d9731c9e5183

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87adcffe1607717e5111488c32d471f7278b0df8a7a0d09b3f62d079cedb07f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3698c70b88abb2a94a0ed5e90cadb42c262a07a0b972fc314a154e575ba3c6b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 734e12ea5d89fc6c8da84f0eac2ee9bc479ee728fa25d5f24d279a881429b3e2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c56494b7e0c445e01d2fee0de214450debb0bd77d23c214fb71b0f044f810d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 172ca2ee9eef5c6b46bb828d6ead12caa09400d76d58d8b11080de0e8a6cc202

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ff34f763ac8d45e73740b469ed434ee600d3263211dfba79b6f2b1c73e8bde7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e53cacecb4f6b51948407a352f63bd4b8f4a437393f5a304af76441a2fe47713

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0f3b1e96730ac8e5dfeed671562469a45d96beddae9f4e629beb9d43fc6ea04

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: faa902d968312dcd1a8df12afc85dec2f10d3dac22898ac750a9889691702970

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b5249e69847e7c1b146876ceb34463fd6f82a4a747ff26da2bdf9784b3e5b24

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ecddf8410494cea5379e00170ab1328db3a246482336104c9d7572b852b485d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16525b2c2e97533f3b8567d3238b2fe2accbc75bf0f3262fce0b1cd07b676120

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f4e7b1971244d3bbd0587403e399829cdbb2ab499269b85cbc47efc3a6141a4

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ced7b72b89b45eb74f0b4ec551ad42a70b9343dca7597d140932c02fb6aff732

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4aa9a902b83ce9975b9cb1817997dec501aad56141f41f437d02ecca4e24b08

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e6daa2794363d6ab8c7adb8a182a9b18c5b025147af53feb7af58b11da5b7be

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f19aafb8794e426a2f46e55f0a0ccb386ad75cb1b3369c6330a03e7694187a96

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed4487e444877efefe1093519d07f9cea62519c93f40562e54a0c26b93346399

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 052e6be56abff0379a8cb7e92e759b19e1e43d1ddd22458fc71600ae7a18077b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fce7079cc8c55b7482809b9cae560338a38beb1c8fa165ededf78def0e65c88

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab98e00318002d085dbc4e9bbed830237b9f91b8cb10ee4776f864086d4f9522

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17c6bdb8c5eb4f42c8a3ba5ec378bee05df5e0777f26fd826931f2173a99eeb8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34c6c382cc128c236adbb602584b773cb511b4347f0179779d781b4a8b291dfd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b62cefcd86e6b76fadb64fbc35571884c70ae41fcd5eb824c9b99979fc4d392

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a13a3549c2d1a7d616fa512ad14beb5c27a1040a752c1bb3972853f1529407b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a360bd9dde2c64d5f43feae453b7d563ef0743af0a55e44e05ffcddaa933e958

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a3170e91ef6263fa67eaaf04dd38d9d54df98e9339f122b587392732d7661bc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b37ca6c575afd9835dad0665bdecd6af5d5ec0d79a6ae8f526ee6a76dd9420ef

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4e409aa158a0a803ce2da327e85ab26193bdf08d4fa778bb95ab349251c2242

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2e9e3242b4c5c071d18fc9c901e0332a95a3eb0e7c95bf59dbff6484eb3e30a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e029c4f4d1e048ed38d6a56c7c857034ee2fee1c5fc27a2cd6d5cb80df68cb5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1de48f15a736cfc90e852297faa51c00861f71082e590de34b5414a4f189b8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e1d5bfbec317e501c989b9215d8153e6c71894003742a2cb94be3ed9701339e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 287d58587a729034072a58fc0738bb876bdea908dc0d6fc86c7f83e6c6e008ba

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f92b0855ca604ce5286ede5299696e3bfc2cc676f5a9f481fa650d9069018a51

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3c00a8330d85db4a636380a3a8f372fe033a6b2eb607c1d67d98fc171e49e5a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453f8d94af003ea1b202d17babe41fa00d9b1c14825dc735c5e9c7038d5017a0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7e5fd43939dc33c5e445b73aef73f85bfc52de6ce84e303dad90ebbc514937

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf053499e338013d7e8929675faff0aff58ea8ef1e4d7895dec469346902d0de

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 301c0686904a489da3626d6592dc4cb3a4e157bd0638fcfbcd66da78b8c9445e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36809553a0e6234f000c7e617c3528e23f0d1500599c37ee176e078b7026515b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: afabe80d0da822ecb48dab7940c89b31f8c0b1cebfeb27d1654bcb4e3fea4a02

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15928a00dd5079d986641664c08efcf8a9dac72ca4f905e38b1a0c30976ab973

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fec6b37efbcb6c56c57f75d454bb3d31df2c8a8ff51d4a866d91329fd315c5b9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09de44220d2f31175ac2e93526479d1f346c3f61a64a18d971129aba27746832

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 754e7795ae6899ee54bbc4d7ddf9b515f4c07d7dd4f3c15f7319ba3cb1a62b0b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37e1e0aef2082b7d2537bd3de9cbcc6432c84345a3a60f8280e3fb9c7cecf48d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f923dfdeaae8120e92c0a48fbdcdf033cb927f57a053d1c8feefcb3dde7a35

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a109878c0662bba5d28433d4f0b92077fbabcabb0cfcb4b14bda19987174e55e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15a1f0bb005ee2d4d9c84410aad1bcd9ff6e36686573fe3e0a4959d7df79eed3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3ddd6dfeee98cca3295e79b96700162959cd13d1014d43db1ba865335d68fbf

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83f9442b0ae777927d2d88bb8eb41e76d4379ac404084e716528a46ecbf6433b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 435e173afb0a80e150da0e651c05398b07280fc8790e02129e925afdbe0ba6ad

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2eb499ec1df28add1ce48be0f9ec2cba7d6b7ab4c9316474a9ef1f0566d4351a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 644E 40 KB
0 36ms
36ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::hsxd5-1723185252292-3ebe4a606749
age: 240994
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 644E 264 B
448 B 25ms
24ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::8s5ff-1723185252378-94851ecbf0da
age: 240993
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 644E 21 KB
0 24ms
24ms Script
application/javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 40242
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b813487d1c3e-FRA
expires: Sat, 10 Aug 2024 06:34:12 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 644E 29 KB
39 B 43ms
43ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:15 GMT
server: cloudflare
age: 45957
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b813dd511da2-FRA
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:39:12 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 644E 28 KB
0 2ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::hsxd5-1723185252309-33693a0487cd
age: 240994
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 644E 127 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252309-61ca90a943f9
age: 198546
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 644E 106 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::8s5ff-1723185252309-4b9b8b87683f
age: 240994
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 644E 140 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::vk46v-1723185252309-f3dd9cfaba71
age: 240993
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 644E 4 KB
2 KB 29ms
24ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::bl46v-1723185252524-6df972cfdcdb
age: 240993
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 644E 14 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::8s5ff-1723185252313-38d443b26b11
age: 240994
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 644E 2 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::kggxj-1723185252313-94601be4073c
age: 240994
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 arrow-menu.fab38cce.svg
reasonlabs.com/_next/static/media/ 586 B
772 B 24ms
24ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/arrow-menu.fab38cce.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b499f9cc78d42c5fb07c17e9138efd2a802d1a79f3db0ab41a5a7cf49ccc590a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::v7hhr-1723185252380-949d5c12e239
age: 240994
x-matched-path: /_next/static/media/arrow-menu.fab38cce.svg
etag: "62a6b7c588b06e2c179e21ebcdc844fb"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="arrow-menu.fab38cce.svg"
accept-ranges: bytes
content-length: 586

GET
H2 200 facebook.c9139725.svg
reasonlabs.com/_next/static/media/ 805 B
970 B 31ms
29ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/facebook.c9139725.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

08883e0f0fd0db967a7c9875e12aef7e951ca023456e90be517405c28c029e2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::bl46v-1723185252386-34acc030ca3d
age: 240994
x-matched-path: /_next/static/media/facebook.c9139725.svg
etag: "51edd89129d5d27144d876c542689bd3"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="facebook.c9139725.svg"
accept-ranges: bytes
content-length: 805

GET
H2 200 linkedin.3950c8b8.svg
reasonlabs.com/_next/static/media/ 1 KB
770 B 30ms
28ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/linkedin.3950c8b8.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eed7f235ef695c1cf88567e5688b332740677653c9728786d40b22fdee04099c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::fmrmn-1723185252386-0855e989b830
age: 240994
x-matched-path: /_next/static/media/linkedin.3950c8b8.svg
etag: W/"ed3fcfc3bf6da0c4a8dc51342136883c"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="linkedin.3950c8b8.svg"

GET
H2 200 twitter.d8c3fb02.svg
reasonlabs.com/_next/static/media/ 930 B
1 KB 29ms
28ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/twitter.d8c3fb02.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3187d2113abc1ec76fbc938ef426e2635f5f961dd48292062ac2e5506380f85e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::v7hhr-1723185252386-573da8ea8142
age: 240994
x-matched-path: /_next/static/media/twitter.d8c3fb02.svg
etag: "fd51f1fe67f862f4b727cca9a09f9cec"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="twitter.d8c3fb02.svg"
accept-ranges: bytes
content-length: 930

GET
H2 200 youtube.ea5ff4f6.svg
reasonlabs.com/_next/static/media/ 1 KB
789 B 29ms
28ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/youtube.ea5ff4f6.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

ce5a0525d35ec2fbf605e9d8fd039ba6f62ee7897255d1f1b9d7107300acb8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::llvww-1723185252386-008a1621e02b
age: 240994
x-matched-path: /_next/static/media/youtube.ea5ff4f6.svg
etag: W/"0832d214ba4de693904d0aa232ae095c"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="youtube.ea5ff4f6.svg"

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ 45 KB
45 KB 168ms
76ms Font
binary/octet-stream 2600:9000:236e:9200:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 05:38:23 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 4028
x-amz-server-side-encryption: AES256
etag: "0db105f867c7eb2e491db586cc26b417"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: XYBmF5RcmTWdMsnPsewEwSdDlbHS763mDURLNuB_EAlFuEoERJIFSw==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ 45 KB
46 KB 115ms
24ms Font
binary/octet-stream 2600:9000:236e:9200:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:30:30 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 223
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46516
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: yoBsmp7HCBEaBDyS7E9lmh-yTG1fb_LHwYOjsTBqAp4QApIUUkKqYA==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ 47 KB
47 KB 160ms
69ms Font
binary/octet-stream 2600:9000:236e:9200:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 05:38:23 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 3901
x-amz-server-side-encryption: AES256
etag: "6d10397a151d83e4407fecd27f76cafb"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 47772
x-amz-cf-id: QhForXre6kCcx2fwFljI2745-XNTCSUYNi5XeWIlwwSNdtYnpKi6uA==

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ 45 KB
46 KB 151ms
60ms Font
binary/octet-stream 2600:9000:236e:9200:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 05:38:23 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 4028
x-amz-server-side-encryption: AES256
etag: "78e812f3fda430191facc31c64a4b927"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46444
x-amz-cf-id: Fqx-OEpfp_XX3E7NKhKpI1WkTJgkYyE6yHqEsuTjo3rCVihOYJ7-_Q==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ 46 KB
46 KB 137ms
46ms Font
binary/octet-stream 2600:9000:236e:9200:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 05:38:23 GMT
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 4028
x-amz-server-side-encryption: AES256
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: _RbcEWqhiNTnxJKLjprGy4Jw7h0FNZNfLcaGUKamikl8I3cpHoNoEg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 644E 267 KB
0 4ms
4ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b993b1af2824acfd0d20bb3a8a191fee08cabec879eb4766a706769d35defa2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96036
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ 5 KB
2 KB 108ms
60ms XHR
application/x-javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 48060
content-md5: gKmtabxTjnCJszgSfszYnQ==
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b814beb36939-FRA

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 644E 5 KB
0 108ms
107ms XHR
application/x-javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 48060
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b814beb36939-FRA

POST
H2 200 / Show response
pac.rlproton.com/ 0
241 B 122ms
114ms Fetch 18.66.102.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-9.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
via: 1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: JBLs7-rV1jVWWL_wJiJNdDgkbR4udUMrHkj-XhNp3AUw6E3KB3SKLA==

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81114370a44b3e7a14b193d85d39ac0573f3a2e742a658ae1063db31b8bf444f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 200 /
pac.rlproton.com/ Frame 0
0 99ms
22ms Preflight
application/json 18.66.102.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-9.fra56.r.cloudfront.net
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://reasonlabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 600
age: 63073
content-length: 0
content-type: application/json; charset=utf-8
date: Thu, 08 Aug 2024 13:02:59 GMT
server: awselb/2.0
vary: Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
x-amz-cf-id: 6tJKaRTgWW8EMLPJnaYyuM9ElBMWKOkyhwnY0RNzJkfBJERVgEN3OA==
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 97ms
42ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b815ccf65c80-FRA
access-control-allow-headers: Content-Type

GET
H2 200 logo-reason-labs.884f8136.svg
reasonlabs.com/_next/static/media/ 8 KB
3 KB 26ms
25ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/logo-reason-labs.884f8136.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

29ef19e05f73b9d30ac355e7ef49e6a81a6f31b8da31fc61c60c524f196b4904

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252720-5a485569f623
age: 240993
x-matched-path: /_next/static/media/logo-reason-labs.884f8136.svg
etag: W/"7e5a5a50068c3233c88b85d6c0c4ce79"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="logo-reason-labs.884f8136.svg"

GET
H2 200 banner.ee0b4b42.svg
reasonlabs.com/_next/static/media/ 66 KB
22 KB 27ms
26ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/banner.ee0b4b42.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c98642e3367866a5926b51ddaa9306bb49135d2b0550a3ea06ca3fc9b41b83c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::fmrmn-1723185252720-63c8d835f37c
age: 240392
x-matched-path: /_next/static/media/banner.ee0b4b42.svg
etag: W/"d064284f01adc50e0634645ad3848d8d"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="banner.ee0b4b42.svg"

GET
H2 200 badge.5cc43f89.svg
reasonlabs.com/_next/static/media/ 2 KB
1 KB 26ms
25ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/badge.5cc43f89.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

476245c8c89e381f57b178924bfa750abd88a47e8d9b7c939e7fd32e61a4c46f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::6lhgm-1723185252720-4fb7a490550b
age: 240993
x-matched-path: /_next/static/media/badge.5cc43f89.svg
etag: W/"5892cd79270b68dfaa4c5a76ae5dbe46"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="badge.5cc43f89.svg"

GET
H2 200 back-arrow-dark.dd4a6803.svg
reasonlabs.com/_next/static/media/ 805 B
982 B 28ms
27ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/back-arrow-dark.dd4a6803.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eff2c68552f68a310adf531ba016021cb7a6b3d40ef9cc10fe9f4baea839898c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::68ggc-1723185252720-73794de756e1
age: 240392
x-matched-path: /_next/static/media/back-arrow-dark.dd4a6803.svg
etag: "c09af1c787d4810791793ec917235f3a"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="back-arrow-dark.dd4a6803.svg"
accept-ranges: bytes
content-length: 805

GET
H2 200 9669-c1dd85627d14116a.js
reasonlabs.com/_next/static/chunks/ 0
6 KB 35ms
35ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9669-c1dd85627d14116a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::ptlbf-1723185252721-9a484a150296
age: 240994
x-matched-path: /_next/static/chunks/9669-c1dd85627d14116a.js
etag: W/"df94e0a9e336407fee547b88bb300177"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9669-c1dd85627d14116a.js"

GET
H2 200 7536-d078bab37095fd33.js
reasonlabs.com/_next/static/chunks/ 0
9 KB 28ms
28ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/7536-d078bab37095fd33.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::vk46v-1723185252721-107380b2172e
age: 240994
x-matched-path: /_next/static/chunks/7536-d078bab37095fd33.js
etag: W/"77108c566aca03f6efbddef060527122"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="7536-d078bab37095fd33.js"

GET
H2 200 4853-a702dd05d0560e1e.js
reasonlabs.com/_next/static/chunks/ 0
4 KB 30ms
29ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/4853-a702dd05d0560e1e.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::kggxj-1723185252723-2a1b4a9d4a50
age: 240994
x-matched-path: /_next/static/chunks/4853-a702dd05d0560e1e.js
etag: W/"1b730895d2887145510a56eac5c6c912"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4853-a702dd05d0560e1e.js"

GET
H2 200 9491-cb307f0820dea16a.js
reasonlabs.com/_next/static/chunks/ 0
19 KB 49ms
49ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9491-cb307f0820dea16a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::8s866-1723185252723-ece23c0d7f9f
age: 240994
x-matched-path: /_next/static/chunks/9491-cb307f0820dea16a.js
etag: W/"94f0bea99e6ca73dcad46858d27f410e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9491-cb307f0820dea16a.js"

GET
H2 200 9181-783f2b62bd015354.js
reasonlabs.com/_next/static/chunks/ 0
43 KB 48ms
47ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9181-783f2b62bd015354.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::r2snb-1723185252723-aa67fbc61fc3
age: 240627
x-matched-path: /_next/static/chunks/9181-783f2b62bd015354.js
etag: W/"9ca24510e1cdd5d5e7d5ddff68e98437"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9181-783f2b62bd015354.js"

GET
H2 200 5074-22f981bef7596111.js
reasonlabs.com/_next/static/chunks/ 0
3 KB 27ms
26ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/5074-22f981bef7596111.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252723-2748fce6e73d
age: 240994
x-matched-path: /_next/static/chunks/5074-22f981bef7596111.js
etag: W/"310e55de2050605a798b639f502ed60b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5074-22f981bef7596111.js"

GET
H2 200 contact-us-d3628e156bfb164b.js
reasonlabs.com/_next/static/chunks/pages/ 0
2 KB 30ms
28ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/contact-us-d3628e156bfb164b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252726-7a0887634946
age: 240994
x-matched-path: /_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
etag: W/"358d84a1371694326c440828f385f56c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="contact-us-d3628e156bfb164b.js"

GET
H2 200 blog.json Show response
reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/ 181 KB
55 KB 36ms
36ms Fetch
application/json 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/blog.json

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dc13a24b6ecd3b6e6412a108aa5ba5f7271a1ba3df048cc088b6dceedcd605cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:40 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::iad1::hglnq-1723185252721-4d7675438291
age: 31
x-matched-path: /_next/data/5eUuBX5htYtNuQSXgmh55/blog.json
etag: W/"fzkv4vjsje3y3i"
x-vercel-cache: HIT
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 2205-b8b042bddf4b1387.js
reasonlabs.com/_next/static/chunks/ 0
15 KB 32ms
30ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2205-b8b042bddf4b1387.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::68ggc-1723185252726-afd89bd1f559
age: 240993
x-matched-path: /_next/static/chunks/2205-b8b042bddf4b1387.js
etag: W/"ba817c6de20566a33d8d0ff4e3bcb244"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2205-b8b042bddf4b1387.js"

GET
H2 200 2491-9ec92f3cd3328555.js
reasonlabs.com/_next/static/chunks/ 0
4 KB 30ms
29ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2491-9ec92f3cd3328555.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::6lhgm-1723185252727-b94281657720
age: 240993
x-matched-path: /_next/static/chunks/2491-9ec92f3cd3328555.js
etag: W/"4fff78c55ddd1a3e147f39c093de99b7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2491-9ec92f3cd3328555.js"

GET
H2 200 blog-52fec28581808e54.js
reasonlabs.com/_next/static/chunks/pages/ 0
810 B 30ms
28ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/blog-52fec28581808e54.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::kggxj-1723185252726-95d61679c1de
age: 240993
x-matched-path: /_next/static/chunks/pages/blog-52fec28581808e54.js
etag: W/"918586f29b4068e56808459b8d9cde16"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="blog-52fec28581808e54.js"

GET
H2 200 index.json Show response
reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/ 48 B
241 B 29ms
29ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/index.json

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3aade53fdf55b8055fb9dc90732c4e7f470b9d695d8668d601a106c52274ce9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::6lhgm-1723185252722-a501a3c046f1
age: 241087
x-matched-path: /_next/data/5eUuBX5htYtNuQSXgmh55/index.json
etag: "aa1b2640b6e2044ab22eade428af1e37"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
accept-ranges: bytes
content-length: 48

GET
H2 200 ea88be26-58ed6ef11764b90d.js
reasonlabs.com/_next/static/chunks/ 0
79 KB 32ms
30ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/ea88be26-58ed6ef11764b90d.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::vk46v-1723185252726-7c96a77f0cfb
age: 240993
x-matched-path: /_next/static/chunks/ea88be26-58ed6ef11764b90d.js
etag: W/"06fd9f72883d76e633821a2a49c5e00a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ea88be26-58ed6ef11764b90d.js"

GET
H2 200 334-32080295da286e1b.js
reasonlabs.com/_next/static/chunks/ 0
12 KB 51ms
50ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/334-32080295da286e1b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::9n4wj-1723185252727-5ab14bc417f8
age: 240993
x-matched-path: /_next/static/chunks/334-32080295da286e1b.js
etag: W/"7df4cb4701054c6232f09e0f4bc68ae0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="334-32080295da286e1b.js"

GET
H2 200 2769-806d4971ab81cede.js
reasonlabs.com/_next/static/chunks/ 0
8 KB 52ms
51ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2769-806d4971ab81cede.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::66dgn-1723185252727-83fe03fa18fe
age: 240993
x-matched-path: /_next/static/chunks/2769-806d4971ab81cede.js
etag: W/"d7f581e10d3f964cd887d56d56ad2230"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2769-806d4971ab81cede.js"

GET
H2 200 6704-0f25a7eb013f0542.js
reasonlabs.com/_next/static/chunks/ 0
405 KB 35ms
34ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/6704-0f25a7eb013f0542.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::fmrmn-1723185252727-831d9f8322f6
age: 240993
x-matched-path: /_next/static/chunks/6704-0f25a7eb013f0542.js
etag: W/"3764708a2bcac5893337a72604873fa0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="6704-0f25a7eb013f0542.js"

GET
H2 200 index-be0f6d764aebb9c2.js
reasonlabs.com/_next/static/chunks/pages/ 0
13 KB 63ms
62ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/index-be0f6d764aebb9c2.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::66dgn-1723185252740-72910bc536c8
age: 240993
x-matched-path: /_next/static/chunks/pages/index-be0f6d764aebb9c2.js
etag: W/"85baf6f0d8b41f85b1956e1e36bbac7a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="index-be0f6d764aebb9c2.js"

GET
H2 200 b09dfccc-0d4362519e83f737.js
reasonlabs.com/_next/static/chunks/ 0
7 KB 46ms
40ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/b09dfccc-0d4362519e83f737.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::r2snb-1723185252740-2515e5daeb20
age: 240993
x-matched-path: /_next/static/chunks/b09dfccc-0d4362519e83f737.js
etag: W/"010c52841b45e58787fa5559057279b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b09dfccc-0d4362519e83f737.js"

GET
H2 200 5515-da6bcd073351bba9.js
reasonlabs.com/_next/static/chunks/ 0
10 KB 50ms
49ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/5515-da6bcd073351bba9.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::vk46v-1723185252740-beac70f04813
age: 240983
x-matched-path: /_next/static/chunks/5515-da6bcd073351bba9.js
etag: W/"97fc8a2d007e82a5ea121e9e913754a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5515-da6bcd073351bba9.js"

GET
H2 200 company-f58c4c93bb87ba63.js
reasonlabs.com/_next/static/chunks/pages/ 0
6 KB 42ms
41ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/company-f58c4c93bb87ba63.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::8s866-1723185252740-9ec721a3474b
age: 240993
x-matched-path: /_next/static/chunks/pages/company-f58c4c93bb87ba63.js
etag: W/"4d9d7a54137e67b9182d3aaa760a176e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="company-f58c4c93bb87ba63.js"

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 644E 59 B
138 B 92ms
47ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b8161d255c80-FRA
access-control-allow-headers: Content-Type

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 316 KB
105 KB 54ms
52ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a7cc34040d655e367c12f5cab11d9bed52ea01c3ddf0a5f6076f696713be89e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107108
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 242 KB
86 KB 42ms
42ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

89692ab36acad0a3ed185617e8c41f7e560bc9cd4d7f7e389bb4c2b72296e5cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87549
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 89ms
23ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-eddf8230020-FRA

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 239 KB
85 KB 41ms
41ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dcfa11baea88390971433f60c67e7696de90bbef1c08dbf0d2f5bd3c196cff12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86985
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ 43 KB
15 KB 91ms
37ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 233217
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fbMQyV29tNdTkcGmUsxTlEyoJHearEi%2Bpc9NFiKtmjhFzyWHwaFhCrloH4bj6L0z9oKqsPOpyu4v0rQyr8Qe5VAVyADu9tdkg6YmSmKf0N8oxWlscavGDJaGhr2axM53biYhLdNYfqvAVi6XpFY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: DE
accept-ranges: bytes
cf-ray: 8b05b8167cb60410-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 82ms
24ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 06:34:12 GMT
document-policy: force-load-at-top
x-fb-server-load: 31
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1297, tbw=2775, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: Dc0Gm/Z7aAxhpOmWYiqKS/m3iUUJOB5YUPU8v2PPRa1GDP3S5dafgZcMgMvG9VZg83s3ocZ2PfZX1V4Dfzd/Bw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 263ms
189ms Script
application/javascript 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d5bdce520de5b55a8c213966b0a258e2c456ea333dc999e4699507e156bab99c

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 18792080.f586da6
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063412E271DCE9D286177B9DAD-7FADB9276467A947-00
x-cache: TCP_MISS from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 152,23.213.160.222
server-timing: cdn-cache; desc=MISS, edge; dur=141, origin; dur=11, inner; dur=3
content-length: 1643
pragma: no-cache
server: nginx
x-tt-logid: 20240809063412E271DCE9D286177B9DAD
x-cache-remote: TCP_MISS from a23-220-104-212.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 11,23.220.104.212
x-tt-trace-host: 01c98d95a4c89fa6573f148d054a5703b5c7226696b15482c75b86ee8b666410f54faac441d5295953188a300acd3060c796427e4f48e07a92a3e0bac155206a558d09fe6b554bf6b8f00c68791669c10b5eae659adb41c4327cf0125d67d3636cf64c3cf775cbab2149efddbed709088e
expires: Fri, 09 Aug 2024 06:34:13 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ 383 KB
92 KB 45ms
44ms Script
application/javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 40876
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b8164b8c1c3e-FRA
expires: Sat, 10 Aug 2024 06:34:12 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 644E 10 KB
5 KB 123ms
47ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 7
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A5VQ2%2FYcn8ii2Sa%2BtO%2BcpCaM%2FP%2BDfdysO2HNoXbcEiMlQrfWp%2FYFnZFwhrXS8EEiEeIY6%2B%2FWDuO0uwQ%2FmA%2BqG44TqYoOtWV9eSXf0wZsG4rLjVdwl0cqnBZGbuIXP%2B8Zwo94jlI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05b816bdd635ed-FRA
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 644E 0
241 B 117ms
113ms Fetch 18.66.102.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-9.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
via: 1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: YX4MQBlaG-Y7VKz7lELWBQTySd0zb8nvyz8cE8_CgBCCpU03YOi6Mg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 644E 316 KB
0 1ms
1ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a7cc34040d655e367c12f5cab11d9bed52ea01c3ddf0a5f6076f696713be89e3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107108
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 644E 242 KB
0 2ms
2ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

89692ab36acad0a3ed185617e8c41f7e560bc9cd4d7f7e389bb4c2b72296e5cb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87549
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 644E 56 KB
48 B 27ms
20ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-fra-eddf8230020-FRA

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 644E 239 KB
0 3ms
3ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dcfa11baea88390971433f60c67e7696de90bbef1c08dbf0d2f5bd3c196cff12

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86985
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:34:12 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 644E 43 KB
0 4ms
4ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 233217
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fbMQyV29tNdTkcGmUsxTlEyoJHearEi%2Bpc9NFiKtmjhFzyWHwaFhCrloH4bj6L0z9oKqsPOpyu4v0rQyr8Qe5VAVyADu9tdkg6YmSmKf0N8oxWlscavGDJaGhr2axM53biYhLdNYfqvAVi6XpFY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: DE
accept-ranges: bytes
cf-ray: 8b05b8167cb60410-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 644E 225 KB
0 4ms
4ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:34:12 GMT
document-policy: force-load-at-top
x-fb-server-load: 31
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1297, tbw=2775, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: Dc0Gm/Z7aAxhpOmWYiqKS/m3iUUJOB5YUPU8v2PPRa1GDP3S5dafgZcMgMvG9VZg83s3ocZ2PfZX1V4Dfzd/Bw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 644E 5 KB
2 KB 528ms
356ms Script
application/javascript 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 68c62137fc42681f2ab4384f139cdd424052ba718e1d11c75a58b2f078dc65f8

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 1879343e.f587072
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090634134A02319BA8D6F6E12476-64883D8A24D25B15-00
x-cache: TCP_MISS from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 305,23.213.160.222
server-timing: cdn-cache; desc=MISS, edge; dur=294, origin; dur=18, inner; dur=3
content-length: 1645
pragma: no-cache
server: nginx
x-tt-logid: 202408090634134A02319BA8D6F6E12476
x-cache-remote: TCP_MISS from a23-220-104-212.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 18,23.220.104.212
x-tt-trace-host: 01c98d95a4c89fa6573f148d054a5703b5c7226696b15482c75b86ee8b666410f54faac441d5295953188a300acd3060c7b1ef9acd5ee97c47ac9df49203445c02b27844fc398c385f299396e3e5ebb720c20d14a67c140cb8ae859e30f3e23252de6c422102b0b0ae39577d2e30eca95a
expires: Fri, 09 Aug 2024 06:34:13 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 644E 383 KB
0 3ms
3ms Script
application/javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 40876
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b8164b8c1c3e-FRA
expires: Sat, 10 Aug 2024 06:34:12 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 85ms
28ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185252291&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=932717731.1723185253&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723185253&sct=1&seg=0&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=862
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:34:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 91ms
29ms Ping
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-EWLR9P86R1&cid=932717731.1723185253&gtm=45je4880v888969020z8853740014za200zb853740014&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1&npa=1&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:34:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 109ms
66ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-EWLR9P86R1&cid=932717731.1723185253&gtm=45je4880v888969020z8853740014za200zb853740014&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=78487007

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:34:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
275 B 307ms
215ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=44f9af41-4b82-45e0-a07b-26916da88a7b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=0821bd0d-54dc-44a2-a875-6e09da0ba43f&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 179
date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: b711ce3241dea3a4
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 99163de8ee6415fd43d1ef4daf96d349cdb9fbb29749c8ecbf825bdd54aed585
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
393 B 180ms
125ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=44f9af41-4b82-45e0-a07b-26916da88a7b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=0821bd0d-54dc-44a2-a875-6e09da0ba43f&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 102
date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 1f60f7067588ebb6
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 084377ac007abd943c264cf41d5069a6c64f30f13880c750061ee55288642d71
content-length: 43

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/dc3a116c-fee8-44b2-8b84-ce2bd808578e/ 30 KB
8 KB 45ms
45ms Fetch
application/x-javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/dc3a116c-fee8-44b2-8b84-ce2bd808578e/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f72ee85947119892c87d055b5decb99a9836275a75ecb4b53c3f06a93f90b9a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 66723
content-md5: eExXYgpjP/+HAGzUKbeuZw==
content-length: 8406
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:22 GMT
server: cloudflare
etag: 0x8DC392CF479281B
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 27b92615-901e-001e-5ecc-7cc764000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81788ee6939-FRA

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ 20 KB
4 KB 31ms
30ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 233218
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQ7WXjxWncTiU29MLSn%2FHqSho73m9DNwP0LaJvU0jrh5VIiOaqP9vgOMcnT7A2luNs7U1VL7aNYPgRuTj%2FCcTa2gLWmprMftfTrc1Zxu0GIO9%2FgLdE%2F8953zsh89ewE4%2BzhiUo03Z9peRkxmTbg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: DE
accept-ranges: bytes
cf-ray: 8b05b817cdf40410-FRA

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ 105 B
533 B 34ms
34ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 233218
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CviMGBZiFlCtkhN18niIQbgFfhJGqXNshY897w6MYflzqIoEANyb%2FLTfvfOeFgrUjXqIElPPUARxemuBM%2Bn2U8FrFx0QTaC0sqFbWjpPXiU5co8NAhARs8ekn1sWpS9TgdZiE5ByAhDei0HADPw%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: DE
accept-ranges: bytes
cf-ray: 8b05b817cdf70410-FRA

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ 810 B
728 B 107ms
107ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0QeCaQC5faH2Kj%2BKd%2FPBltK%2B7NoZ%2FdnXNvL7jbbua%2FzsvBf0exKLVkaWEtihCeNYRUFF9dPSBXY86RTmQHNH3y%2FlKRm5iLSjFY5S4ivBWLLM1ZJezx98Luy4gXCZ60O4ifXqMmx3rbRMqzPDSis%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: DE
cf-ray: 8b05b817cdf90410-FRA

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 25ms
24ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/306027671784119?v=2.9.164&r=stable&domain=reasonlabs.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 06:34:13 GMT
document-policy: force-load-at-top
x-fb-server-load: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=64, mss=1297, tbw=64412, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma: public
x-fb-debug: /K1xN7Gq4l/6hM7psrakYJ9O1+XiVbnqPZBKz/sGBcPw3yZdqiD+Qm2Et07fSh2VIoDICr89qXyfuA6xIcz21Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ Frame 644E 43 B
377 B 168ms
135ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=10986379-f15b-49a1-b26e-c125fc41ddea&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c4daefd8-c58f-4e9f-9933-921969f983aa&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 103
date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 67ca4c7a87999e79
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: d533d42ff552d62117c9bc1a859efc7a34407d6e0658824d93e77c3770c0b228
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 644E 43 B
216 B 200ms
200ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=10986379-f15b-49a1-b26e-c125fc41ddea&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c4daefd8-c58f-4e9f-9933-921969f983aa&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 174
date: Fri, 09 Aug 2024 06:34:12 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: bd6ec7108e8502bb
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 084377ac007abd943c264cf41d5069a6c64f30f13880c750061ee55288642d71
content-length: 43

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/dc3a116c-fee8-44b2-8b84-ce2bd808578e/ Frame 644E 30 KB
0 0ms
0ms Fetch
application/x-javascript 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/dc3a116c-fee8-44b2-8b84-ce2bd808578e/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f72ee85947119892c87d055b5decb99a9836275a75ecb4b53c3f06a93f90b9a9

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: eExXYgpjP/+HAGzUKbeuZw==
age: 66723
content-length: 8406
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:22 GMT
server: cloudflare
etag: 0x8DC392CF479281B
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 27b92615-901e-001e-5ecc-7cc764000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81788ee6939-FRA

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 644E 64 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:34:13 GMT
document-policy: force-load-at-top
x-fb-server-load: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=64, mss=1297, tbw=64412, tp=-1, tpl=-1, uplat=2, ullat=-1
pragma: public
x-fb-debug: /K1xN7Gq4l/6hM7psrakYJ9O1+XiVbnqPZBKz/sGBcPw3yZdqiD+Qm2Et07fSh2VIoDICr89qXyfuA6xIcz21Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 644E 1 KB
1 KB 104ms
44ms Fetch
application/json 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 19
content-encoding: br
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuCtP%2FPjwoHWKPk6Zge92pHt1qyamFT8NAXOGyhGOM%2BJzaWZEGoSKFWUJllR7%2BsQZ4OXRxY5OTgtaP%2FgoIloXTFH0KuBQVnSOI3kX9lm25UgRaZlIYDTGBtPaHt3e54EiVc%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05b8189a55373f-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ Frame 644E 0
0 28ms
28ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185252505&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=932717731.1723185253&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723185253&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=page_view&tfd=857
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:34:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 13 KB
3 KB 52ms
50ms Fetch
application/json 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63182
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81869bc6939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ 61 KB
12 KB 51ms
49ms Fetch
application/json 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 73107
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81869bd6939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 5 KB
2 KB 40ms
38ms Fetch
application/json 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 73107
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81869be6939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 21 KB
4 KB 51ms
50ms Fetch
text/css 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 73107
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b81869c16939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 331 KB
94 KB 34ms
33ms Script
application/javascript 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: f5871bd
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240808134332A97881EE6F98DF508397
x-tt-trace-id: 00-240808134332A97881EE6F98DF508397-30FE1D4F115AE83F-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0187e630806759d826dab4465d785a21f0f62ed8a58f9f039b4c0dd67f01b98d73a0a6feba928470c7fcb56517fcd239edcd8c5b258d48d72d73b7a7418178771ee83695b82017175e736db51bc44faf4b7e81079201de1201b6215f73bb32985f
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 95896

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 644E 13 KB
0 52ms
52ms Fetch
application/json 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63182
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81869bc6939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 644E 61 KB
0 47ms
47ms Fetch
application/json 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 73107
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81869bd6939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 644E 5 KB
0 29ms
29ms Fetch
application/json 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 73107
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b81869be6939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 644E 21 KB
0 49ms
49ms Fetch
text/css 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 73107
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b81869c16939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 80ms
20ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&rl=&if=false&ts=1723185253199&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185253198.394293419354948843&ler=empty&cdl=API_unavailable&it=1723185253081&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1297, tbw=2852, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:34:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
859 B 275ms
216ms Image
image/png 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&rl=&if=false&ts=1723185253199&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185253198.394293419354948843&ler=empty&cdl=API_unavailable&it=1723185253081&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:34:13 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024307048101288", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=14, mss=1297, tbw=6052, tp=-1, tpl=-1, uplat=198, ullat=0
pragma: no-cache
x-fb-debug: Te5UoUVmEtnPpwGM4bLRxTQoHkA1zOV0lFAAVsqto4d565izfI5zsK+6HnJlcpH6iBwg76ROco1W6/+UDQzGeA==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024307048101288"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 644E 0
103 B 75ms
19ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723185253205&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185253198.394293419354948843&ler=empty&cdl=API_unavailable&it=1723185253120&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1297, tbw=2852, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:34:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 644E 67 B
3 KB 224ms
168ms Image
image/png 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723185253205&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185253198.394293419354948843&ler=empty&cdl=API_unavailable&it=1723185253120&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:34:13 GMT
document-policy: force-load-at-top
x-fb-server-load: 17
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024308415677357", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=14, mss=1297, tbw=3273, tp=-1, tpl=-1, uplat=148, ullat=0
pragma: no-cache
x-fb-debug: Fas5EfPKuIz4sEa+r3e8dGuaryuQIqU64I49BNhDBN8VYsO0+a31TKiqd0ZlVi7LnSZK+x86/q1CnvimWhgmWg==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024308415677357"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 7.svg Show response
cdn.equalweb.com/assets/images/ 2 KB
1 KB 39ms
39ms Fetch
image/svg+xml 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/images/7.svg

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 233218
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Aug 2019 12:51:25 GMT
server: cloudflare
etag: W/"7c8f42d46748d51:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=smq9DnB%2FYLX63B8wvSdH6cZMWeboEG8bz6ECK1iguriW5otOmkB5Z8OMAQ5HEH2a%2F5do2WeILA7QkXa%2FnfcUYUcl9QPBwmLvayrzstUi%2Fp%2FxUEfzb1uCPDRFhLUKW%2BNme86MaVPHucxzL9hAhMM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
vary: Accept-Encoding
x-client-country: DE
cf-ray: 8b05b818aedb0410-FRA

GET
H2 200 2205-b8b042bddf4b1387.js Show response
reasonlabs.com/_next/static/chunks/ 39 KB
0 3ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2205-b8b042bddf4b1387.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 3032151e0f9e05a54e0e95ee99700003682894d02070c76727c239d4732efc8d

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::68ggc-1723185252726-afd89bd1f559
age: 240993
x-matched-path: /_next/static/chunks/2205-b8b042bddf4b1387.js
etag: W/"ba817c6de20566a33d8d0ff4e3bcb244"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2205-b8b042bddf4b1387.js"

GET
H2 200 2491-9ec92f3cd3328555.js Show response
reasonlabs.com/_next/static/chunks/ 9 KB
0 4ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2491-9ec92f3cd3328555.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 3c95513f8712f777277c207389532617e95a7f2db6f64d32e2c2a283b512d196

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::6lhgm-1723185252727-b94281657720
age: 240993
x-matched-path: /_next/static/chunks/2491-9ec92f3cd3328555.js
etag: W/"4fff78c55ddd1a3e147f39c093de99b7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2491-9ec92f3cd3328555.js"

GET
H2 200 blog-52fec28581808e54.js Show response
reasonlabs.com/_next/static/chunks/pages/ 1 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/blog-52fec28581808e54.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5d388757c2dfd2793a4047c2f3031d6cbb707408adbd9eae443d7902bd1a72c2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::kggxj-1723185252726-95d61679c1de
age: 240993
x-matched-path: /_next/static/chunks/pages/blog-52fec28581808e54.js
etag: W/"918586f29b4068e56808459b8d9cde16"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="blog-52fec28581808e54.js"

GET
H2 200 1554755ca48628de.css Show response
reasonlabs.com/_next/static/css/ 11 KB
3 KB 32ms
20ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/1554755ca48628de.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4058f6bce930def884b0fa7d3f0b2a8893767aea046838c23716c1f9021a5986

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::llvww-1723185253230-5b3c2afe14ba
age: 240992
x-matched-path: /_next/static/css/1554755ca48628de.css
etag: W/"9bea815c333dcf2e3dc5d257190c36c3"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1554755ca48628de.css"

GET
H2 200 9669-c1dd85627d14116a.js Show response
reasonlabs.com/_next/static/chunks/ 17 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9669-c1dd85627d14116a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 20eaa1a63aedbf0019f8562605496a18af58ff9c9850f502f1c40946b16f753c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::ptlbf-1723185252721-9a484a150296
age: 240994
x-matched-path: /_next/static/chunks/9669-c1dd85627d14116a.js
etag: W/"df94e0a9e336407fee547b88bb300177"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9669-c1dd85627d14116a.js"

GET
H2 200 7536-d078bab37095fd33.js Show response
reasonlabs.com/_next/static/chunks/ 22 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/7536-d078bab37095fd33.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 36c93b58f03ecca968f0a0369e2396c5c29a06efc3ecd99fae1d13b0a973ada2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::vk46v-1723185252721-107380b2172e
age: 240994
x-matched-path: /_next/static/chunks/7536-d078bab37095fd33.js
etag: W/"77108c566aca03f6efbddef060527122"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="7536-d078bab37095fd33.js"

GET
H2 200 4853-a702dd05d0560e1e.js Show response
reasonlabs.com/_next/static/chunks/ 10 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/4853-a702dd05d0560e1e.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 04dfafbc5fe883fde964a85d80ca6fa19d06db854e82aa0549b0d66547d8397c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::kggxj-1723185252723-2a1b4a9d4a50
age: 240994
x-matched-path: /_next/static/chunks/4853-a702dd05d0560e1e.js
etag: W/"1b730895d2887145510a56eac5c6c912"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4853-a702dd05d0560e1e.js"

GET
H2 200 9491-cb307f0820dea16a.js Show response
reasonlabs.com/_next/static/chunks/ 55 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9491-cb307f0820dea16a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7421ded58b0b66795aac889dd51d394477f7bd2252448af4c3219bf2ce6863a2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::8s866-1723185252723-ece23c0d7f9f
age: 240994
x-matched-path: /_next/static/chunks/9491-cb307f0820dea16a.js
etag: W/"94f0bea99e6ca73dcad46858d27f410e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9491-cb307f0820dea16a.js"

GET
H2 200 9181-783f2b62bd015354.js Show response
reasonlabs.com/_next/static/chunks/ 126 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9181-783f2b62bd015354.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: f8b61e4330e6492cd191460e3218856657651c3d64a5c6b39d02cb9d5547bd90

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::r2snb-1723185252723-aa67fbc61fc3
age: 240627
x-matched-path: /_next/static/chunks/9181-783f2b62bd015354.js
etag: W/"9ca24510e1cdd5d5e7d5ddff68e98437"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9181-783f2b62bd015354.js"

GET
H2 200 5074-22f981bef7596111.js Show response
reasonlabs.com/_next/static/chunks/ 8 KB
0 10ms
10ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/5074-22f981bef7596111.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 786dd0b17ecf4df37a3f900e719bd36c61ae73e13e2d7187980b8852ccab0278

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252723-2748fce6e73d
age: 240994
x-matched-path: /_next/static/chunks/5074-22f981bef7596111.js
etag: W/"310e55de2050605a798b639f502ed60b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5074-22f981bef7596111.js"

GET
H2 200 contact-us-d3628e156bfb164b.js Show response
reasonlabs.com/_next/static/chunks/pages/ 4 KB
0 11ms
10ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: e4e40b3944928b3b43a2847d5823b893d34c3861eb285ed5275d9601bb043ef8

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::wzv2r-1723185252726-7a0887634946
age: 240994
x-matched-path: /_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
etag: W/"358d84a1371694326c440828f385f56c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="contact-us-d3628e156bfb164b.js"

GET
H2 200 1be5a77cd6b0c1b8.css Show response
reasonlabs.com/_next/static/css/ 2 KB
1 KB 28ms
18ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/1be5a77cd6b0c1b8.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8e4fbd3919e6cd699518666936aae750b3df6fe994b459da03fdd1d18ae3f88d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::9n4wj-1723185253230-35bec639a03a
age: 240995
x-matched-path: /_next/static/css/1be5a77cd6b0c1b8.css
etag: W/"0468ae9cfc7822bf2e099439d24a9f83"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1be5a77cd6b0c1b8.css"

GET
H2 200 b09dfccc-0d4362519e83f737.js Show response
reasonlabs.com/_next/static/chunks/ 135 KB
0 11ms
10ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/b09dfccc-0d4362519e83f737.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: b8939b22a328efa2a65b21503b1d86365b8c52cc80e3d4378938b99a7c3016c3

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::r2snb-1723185252740-2515e5daeb20
age: 240993
x-matched-path: /_next/static/chunks/b09dfccc-0d4362519e83f737.js
etag: W/"010c52841b45e58787fa5559057279b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b09dfccc-0d4362519e83f737.js"

GET
H2 200 5515-da6bcd073351bba9.js Show response
reasonlabs.com/_next/static/chunks/ 29 KB
0 11ms
11ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/5515-da6bcd073351bba9.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: a3d351faa84b163e61747d86ad604d61d9f9caf84904585e629db1b4ce31c8d3

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::vk46v-1723185252740-beac70f04813
age: 240983
x-matched-path: /_next/static/chunks/5515-da6bcd073351bba9.js
etag: W/"97fc8a2d007e82a5ea121e9e913754a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5515-da6bcd073351bba9.js"

GET
H2 200 company-f58c4c93bb87ba63.js Show response
reasonlabs.com/_next/static/chunks/pages/ 14 KB
0 11ms
11ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/company-f58c4c93bb87ba63.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5de60fd3608d8385ce6427aec3d9846bc6462a742bcecec06780be71f4b05b08

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::8s866-1723185252740-9ec721a3474b
age: 240993
x-matched-path: /_next/static/chunks/pages/company-f58c4c93bb87ba63.js
etag: W/"4d9d7a54137e67b9182d3aaa760a176e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="company-f58c4c93bb87ba63.js"

GET
H2 200 700415d0cd3af781.css Show response
reasonlabs.com/_next/static/css/ 8 KB
3 KB 47ms
28ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/700415d0cd3af781.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4c97159d90c9f849ea78e5c4c3294b3198580a6a2c3354fe07f2e3aa5ce34430

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::s9hnw-1723185253244-d38e1fed2e14
age: 240992
x-matched-path: /_next/static/css/700415d0cd3af781.css
etag: W/"a492d26bdd9f13391d56990d16102b67"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="700415d0cd3af781.css"

GET
H2 200 ea88be26-58ed6ef11764b90d.js Show response
reasonlabs.com/_next/static/chunks/ 299 KB
0 12ms
12ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/ea88be26-58ed6ef11764b90d.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 016c702b4f5fe217c58e726cb7b5c4781e2783a1f9b05ce60c86e46358f17143

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::vk46v-1723185252726-7c96a77f0cfb
age: 240993
x-matched-path: /_next/static/chunks/ea88be26-58ed6ef11764b90d.js
etag: W/"06fd9f72883d76e633821a2a49c5e00a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ea88be26-58ed6ef11764b90d.js"

GET
H2 200 334-32080295da286e1b.js Show response
reasonlabs.com/_next/static/chunks/ 37 KB
0 14ms
14ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/334-32080295da286e1b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5fe7a29f514066ef89528054eea95dc720cfb6debed549d0ede49ba3d041a762

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::9n4wj-1723185252727-5ab14bc417f8
age: 240993
x-matched-path: /_next/static/chunks/334-32080295da286e1b.js
etag: W/"7df4cb4701054c6232f09e0f4bc68ae0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="334-32080295da286e1b.js"

GET
H2 200 2769-806d4971ab81cede.js Show response
reasonlabs.com/_next/static/chunks/ 25 KB
0 14ms
14ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2769-806d4971ab81cede.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: bd5351c91b19c65b0641ff46e0fb0b46ea1706fce6c550ded58bfbffc5959f58

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::66dgn-1723185252727-83fe03fa18fe
age: 240993
x-matched-path: /_next/static/chunks/2769-806d4971ab81cede.js
etag: W/"d7f581e10d3f964cd887d56d56ad2230"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2769-806d4971ab81cede.js"

GET
H2 200 6704-0f25a7eb013f0542.js Show response
reasonlabs.com/_next/static/chunks/ 1 MB
0 14ms
14ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/6704-0f25a7eb013f0542.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5a69f125453d44dd18e9557ec61b7769dd6f45f323b8833f3a99ef6bfcc4a88e

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::fmrmn-1723185252727-831d9f8322f6
age: 240993
x-matched-path: /_next/static/chunks/6704-0f25a7eb013f0542.js
etag: W/"3764708a2bcac5893337a72604873fa0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="6704-0f25a7eb013f0542.js"

GET
H2 200 index-be0f6d764aebb9c2.js Show response
reasonlabs.com/_next/static/chunks/pages/ 38 KB
0 15ms
15ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/index-be0f6d764aebb9c2.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: eb524ab62c0fc128cbf46763b9aa0d94bda920950646a4e9c60fe1bb76c31eeb

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:12 GMT
content-encoding: br
server: Vercel
x-vercel-id: fra1::66dgn-1723185252740-72910bc536c8
age: 240993
x-matched-path: /_next/static/chunks/pages/index-be0f6d764aebb9c2.js
etag: W/"85baf6f0d8b41f85b1956e1e36bbac7a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="index-be0f6d764aebb9c2.js"

GET
H2 200 4b517cf790f3d021.css Show response
reasonlabs.com/_next/static/css/ 25 KB
6 KB 38ms
22ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/4b517cf790f3d021.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1d3e2d2ae2c0142f78244ea6312afb6956c451970a90cb233f70f5b7e33de7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::8s5ff-1723185253240-ac839ffb559d
age: 240992
x-matched-path: /_next/static/css/4b517cf790f3d021.css
etag: W/"4d8caf2a4e52c5dff358427a5604ddab"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4b517cf790f3d021.css"

GET
H2 200 ot_close.svg
cookie-cdn.cookiepro.com/logos/static/ 651 B
626 B 37ms
36ms Image
image/svg+xml 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 53918
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2a99f935-f01e-0018-245d-e4f4db000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b8192f161c3e-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 ot_guard_logo.svg Show response
cookie-cdn.cookiepro.com/logos/static/ 497 B
474 B 37ms
37ms Fetch
image/svg+xml 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/logos/static/ot_guard_logo.svg

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 70079
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2d9eb98a-401e-0050-3928-e4e9ec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b8194a806939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ 33 KB
33 KB 43ms
42ms Image
image/png 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 13298
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b8196f4e1c3e-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ 5 KB
2 KB 43ms
43ms Image
image/svg+xml 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53928
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b8196f521c3e-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 644E 33 KB
0 30ms
30ms Image
image/png 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 13298
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b8196f4e1c3e-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 644E 5 KB
0 31ms
31ms Image
image/svg+xml 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53928
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b8196f521c3e-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 ot_guard_logo.svg Show response
cookie-cdn.cookiepro.com/logos/static/ Frame 644E 497 B
0 0ms
0ms Fetch
image/svg+xml 2606:4700::6812:f3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/logos/static/ot_guard_logo.svg
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 70079
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2d9eb98a-401e-0050-3928-e4e9ec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b8194a806939-FRA
expires: Sat, 10 Aug 2024 06:34:13 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 972 KB
278 KB 43ms
43ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: EKH3SYBFDADZ3R56
age: 131
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8GxgKNjzPO6KAy8x7mAOvs98zRORaJziuis5zhvCBRn4Al55SpOr2mrHGPQkdy2ic%2B73YdGER%2FAfPfJLF3oDBe4gRp4FIJLNL6gUm3WALLHNnTuUrudnOYPpDx5UxdDmoy8vbcE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b819f93635ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 34ms
34ms Script
application/javascript 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: f5875d2
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024072912414041BEF713A10515498A8A
x-tt-trace-id: 00-24072912414041BEF713A10515498A8A-76321873C839D803-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 010f3c36e76c23e163926355f9465f739e1ffd158a2d6d6eca9ddf51aff38e2f7cad14437ea9fea3d1028d5dbb4cb8dd10b788590c290ab3a53dc8ffce7e33d9681c902f5b541e3b33a1eb049375c764243a419d982af9e7109e43d176e75c2b52
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=14
content-length: 39442

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
877 B 157ms
155ms Ping
text/plain 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 427593b7.f5875f7
date: Fri, 09 Aug 2024 06:34:13 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063413013720CCE6D5DBA44761-02E8391521138876-00
x-cache: TCP_MISS from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 116,23.213.160.222
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=27, inner; dur=23
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063413013720CCE6D5DBA44761
x-cache-remote: TCP_MISS from a23-48-200-211.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 27,23.48.200.211
x-tt-trace-host: 01c98d95a4c89fa6573f148d054a5703b5c7226696b15482c75b86ee8b666410f53034c8f475c6d3bd98b051ba42d76f38f2336fb641a8520caba230661fadb7b9e1b2e38717680fcf4b77daa943434e23b06e332c761f6d30e4917d88ef5aea262a8be38c8088af9491145440810294be
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:34:13 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 644E 331 KB
0 34ms
33ms Script
application/javascript 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: f5871bd
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240808134332A97881EE6F98DF508397
x-tt-trace-id: 00-240808134332A97881EE6F98DF508397-30FE1D4F115AE83F-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0187e630806759d826dab4465d785a21f0f62ed8a58f9f039b4c0dd67f01b98d73a0a6feba928470c7fcb56517fcd239edcd8c5b258d48d72d73b7a7418178771ee83695b82017175e736db51bc44faf4b7e81079201de1201b6215f73bb32985f
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 95896

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 644E 146 KB
0 34ms
34ms Script
application/javascript 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: f5875d2
date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024072912414041BEF713A10515498A8A
x-tt-trace-id: 00-24072912414041BEF713A10515498A8A-76321873C839D803-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 010f3c36e76c23e163926355f9465f739e1ffd158a2d6d6eca9ddf51aff38e2f7cad14437ea9fea3d1028d5dbb4cb8dd10b788590c290ab3a53dc8ffce7e33d9681c902f5b541e3b33a1eb049375c764243a419d982af9e7109e43d176e75c2b52
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=14
content-length: 39442

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 644E 0
879 B 160ms
158ms Ping
text/plain 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 18793b58.f587703
date: Fri, 09 Aug 2024 06:34:13 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090634138E1D921252711A9FA0B8-7AEB2E46062D99B0-00
x-cache: TCP_MISS from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 118,23.213.160.222
server-timing: cdn-cache; desc=MISS, edge; dur=100, origin; dur=26, inner; dur=19
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090634138E1D921252711A9FA0B8
x-cache-remote: TCP_MISS from a23-220-104-212.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 26,23.220.104.212
x-tt-trace-host: 01c98d95a4c89fa6573f148d054a5703b5c7226696b15482c75b86ee8b666410f54faac441d5295953188a300acd3060c774cc365485612ceff92f03a97a9d93fd3de24cb35735a1c9096bdd806cb8b9cb2b13d8a677c8d483faf7556d033ef7235df9cffa803defeacf908cb89d582453
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:34:13 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame FBD0 25 KB
6 KB 39ms
39ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MHGCDDAN38T054XK
age: 69397
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aSeQvS3vHx18q9I7xNBMVVbUE94ZTKwtXUhWdGoVxfVzMLVI%2BAmfFcGWzN0Lqib3UD3dvtyxpZg%2BtRvIk9YEIqAkpYM1nHzlea5U%2F8VPm3oSNz9FL9oWuT2oWeSrNbP%2Bh%2BGfEBM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b81b5aad35ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame FBD0 688 B
1 KB 106ms
46ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3
x-zendesk-origin-server: embeddable-app-server-855d4bc785-rw2td
x-cached: MISS
x-request-id: 8b05b8033f2cbfd2-FRA
x-runtime: 0.002766
last-modified: Fri, 09 Aug 2024 06:34:10 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tLdQ84KaHk44Ly1rW3QXd%2FpywNbL7PjGtmnh7ibo17jJNlNUZ1xFWd7n80cyuXeN1RQ3FgO0OXn2XzV2oRNhO%2BBLLRzgrId%2FTzreovEA05PihmM%2BzlLSaptCL2gbTIU0flWOordv8XgbmsX"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05b81bbe919bbe-FRA

GET
H2 200 favicon-32x32.png
reasonlabs.com/ 2 KB
2 KB 27ms
26ms Other
image/png 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d8d7ae40315aaf92f9393c1a514e56dbba1b2b4410d648cf8e51b3d3fbeff0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::w2q5c-1723185253668-f6441e3578e0
age: 240991
x-matched-path: /favicon-32x32.png
etag: "4712c2a7f8b8111661cfd429c6cdb62a"
x-vercel-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="favicon-32x32.png"
accept-ranges: bytes
content-length: 1983

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
880 B 180ms
178ms Ping
text/plain 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 42759d02.f5878ba
date: Fri, 09 Aug 2024 06:34:13 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906341331398B4871AD29A37EBE-4943AD2BE9EF9C3F-00
x-cache: TCP_MISS from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 131,23.213.160.222
server-timing: cdn-cache; desc=MISS, edge; dur=126, origin; dur=18, inner; dur=15
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906341331398B4871AD29A37EBE
x-cache-remote: TCP_MISS from a23-48-200-211.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 18,23.48.200.211
x-tt-trace-host: 01c98d95a4c89fa6573f148d054a5703b5c7226696b15482c75b86ee8b666410f53034c8f475c6d3bd98b051ba42d76f38167cc65507788e21f3701d22ab4efe52bd364fb7d7b6f516e6250d8305aa6267a6d7b895ac07814596bcb7bb39572b826a90ea89e58805fb23e93953645ca39a
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:34:13 GMT

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 216 KB
53 KB 43ms
43ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 69397
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8UEW7qkNCrYFRsOzgVyV%2BVPIC5S%2BH%2FJIrSsDKt5cX8v5c5uJ5rzm8iyO0Z5LEvWDV5fle%2FE3f9%2B%2FYeeH0P9YOr8AvnsD4%2BPPArEqTBtc%2Bupf8i1V9MB%2BKabawHvhVKpbfsUbbZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b81bab0735ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 644E 0
882 B 154ms
152ms Ping
text/plain 23.213.161.222
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.222 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-222.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 12611224.f587b66
date: Fri, 09 Aug 2024 06:34:14 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063413FA6C11A3106FF8A6ECED-37DFC9390ECEEBED-00
x-cache: TCP_MISS from a23-213-160-222.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 113,23.213.160.222
server-timing: cdn-cache; desc=MISS, edge; dur=100, origin; dur=21, inner; dur=17
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063413FA6C11A3106FF8A6ECED
x-cache-remote: TCP_MISS from a23-220-104-213.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 21,23.220.104.213
x-tt-trace-host: 01c98d95a4c89fa6573f148d054a5703b5c7226696b15482c75b86ee8b666410f5e3e8c21e39c043f82de363b75561f65c69e9152f8458ead0469b5565d1c2b949f5df528bccb7015d2b34464bd3d1a80affec1c71654999dff7fb2e42dd19b29a8eefd5c9dd7c485648a33c84ee228c5e
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:34:14 GMT

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 644E 20 KB
0 1ms
1ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 233218
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQ7WXjxWncTiU29MLSn%2FHqSho73m9DNwP0LaJvU0jrh5VIiOaqP9vgOMcnT7A2luNs7U1VL7aNYPgRuTj%2FCcTa2gLWmprMftfTrc1Zxu0GIO9%2FgLdE%2F8953zsh89ewE4%2BzhiUo03Z9peRkxmTbg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: DE
accept-ranges: bytes
cf-ray: 8b05b817cdf40410-FRA

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 644E 105 B
0 1ms
1ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 233218
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CviMGBZiFlCtkhN18niIQbgFfhJGqXNshY897w6MYflzqIoEANyb%2FLTfvfOeFgrUjXqIElPPUARxemuBM%2Bn2U8FrFx0QTaC0sqFbWjpPXiU5co8NAhARs8ekn1sWpS9TgdZiE5ByAhDei0HADPw%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: DE
accept-ranges: bytes
cf-ray: 8b05b817cdf70410-FRA

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 644E 810 B
0 0ms
0ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:13 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0QeCaQC5faH2Kj%2BKd%2FPBltK%2B7NoZ%2FdnXNvL7jbbua%2FzsvBf0exKLVkaWEtihCeNYRUFF9dPSBXY86RTmQHNH3y%2FlKRm5iLSjFY5S4ivBWLLM1ZJezx98Luy4gXCZ60O4ifXqMmx3rbRMqzPDSis%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: DE
cf-ray: 8b05b817cdf90410-FRA

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 53 KB
15 KB 46ms
45ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY06MZMS25XS7D7S
age: 69386
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4Af8N%2BWaM7B479ifXd%2BBMmqjCJWWVjq7iT3fym9e8tRPccnKDBykoDGId2yyMVNI1mefOKJxL57xls%2BvC0pxvkR3K0m2hN2%2Bg7eWTof80j89he4EJ%2FxKnK6typQnWmWpN8e1%2BA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b82078f635ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame FBD0 66 KB
19 KB 47ms
46ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04J1HCS93337TJ
age: 69386
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYxs7PQd31wMBmpmucAVe9Sdncap8X2hiplATliGs1SkOhrjstXI0s3V3xaj67dHlqv0d%2FyxTF0068ZiM4Oc8dCfdGHwiSweZoBGEETB1JaIWHOBvW48tpilkB7IF4hVS0oQH0c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b82078f835ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 236 B
586 B 39ms
39ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: XWRA5GPT825749X7
age: 69397
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SoUsu19o93vrRiBTKqx03%2B%2F%2FAtlDbsCjbIvTcU0DZGFgZ2Ncjf2Coz44Z8eaNCeOTj%2FtsSxSBn7HFeehAgDpfhaVh66J9PMy1Ph%2FAOFtzpA%2B6WtW73HpZs0gu8cRhawA9NiMAz0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b820891635ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 173 KB
62 KB 54ms
53ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 69386
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hPbHA5hHmr8RasuI0GThtBSlpFggIqWAe6grmBBYHogAiofkkzZ1ybO%2F2tTyGmNhQdhKEcR5JFdzOkcrEDepw0Y7osv7%2F8BNfr9KJLw%2F4VkVx%2FbH9GQguPwIlWBdnmhsKltZ2oE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b820f98d35ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 125 KB
37 KB 46ms
46ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 69386
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMto8YdRVBbWap5z2IUpr1DwPL7cyeGpCN541%2F3ZcI1tKIl79NkdAdtuBpUPpWBNs25%2FV%2BJJuLHGhXM3kV9RdR%2FfrfGknC9WpFGUrqD1SOkb4udMTR0ktXtpo97v22uFOum4DPM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b821098f35ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 35 KB
11 KB 50ms
50ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 69386
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22K322%2FtPKq4Nc9JEsrtpcKwq5dVLioW%2B%2BNzhwEAVLlLh5zPuG5XxBvctN5XDwWGGiTw8cuann3z4CJu7sXjoHKALD62ps0jDkUpFqkf88hExYdj13XvdEPJq9UBADrrvzxTAVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b821099135ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 37 KB
11 KB 41ms
41ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 69386
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TfUNNapUe7nn1fP952x4vBdEMLttK2AEZTvHuTV%2Bhw5B8JVotsqnoY3amtLd%2Bhn8Ggym7w%2FIzQEoXhC9bnEwtkAf14IJXW%2ByPF2AibcVY2NOoP8inr%2FtrT1Qd9UjiCLW2Rpt67c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b821099435ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame FBD0 12 KB
5 KB 42ms
42ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 69293
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bkSNVWznT%2B05%2Fjboj4PT1piZ2mE1BHfx%2BCCMjNfJ4044e5ee%2Bhis%2FrZZI5ohGYvsDH6B58GnOgEpC4ZLi5xuj%2FaZbacBuOasuIFYaK7MilV1dye1YV8czeuWH3vCwTbD%2BlOgcic%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b821099535ed-FRA
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame FBD0 19 KB
20 KB 54ms
53ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 12832454
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tl42BZ83t2eTy0KvI4RKataHgjfGNaSsjuKMGoBpEcIB1nXRSdJSsy0qfL3pB1YTCOUO491SsopZ07gZ%2B0IJzrmZLeaiv82P8BTNn9sShmvILzMZQLm9R1HXFDJLPnLK6Jck0Qc%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b82119c335ed-FRA
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame FBD0 131 B
665 B 38ms
38ms XHR
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:34:14 GMT
strict-transport-security: max-age=31536000;
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 314
x-zendesk-origin-server: embeddable-app-server-855d4bc785-c8tht
x-cached: HIT
x-request-id: 8aeb41cef8f11c9b-FRA
x-runtime: 0.129436
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zEPv6lwWOrEqaclQ3xYla0hGFePBFKjjnLM6oY%2Bau4H4ZmziLzka0D%2FNejN3obpyjv5ENYOFzW%2B6q2TrrbNV%2FtbCd0ZmT%2BwqbC0sj6MV32xpYC3E87xDIMxElOIEKNddXxTE2bK%2FfQ8Rmy%2Fp"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05b821acf69bbe-FRA

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reasonlabs.com/	1970-01-21 07:25:21	Name: ruserid Value: e7f57333-8ca1-4292-9b08-8913d83b5d84
.reasonlabs.com/	1970-01-21 08:15:45	Name: _ga Value: GA1.1.932717731.1723185253
.reasonlabs.com/	1970-01-21 08:15:45	Name: _ga_EWLR9P86R1 Value: GS1.1.1723185253.1.1.1723185253.60.0.0
.reasonlabs.com/	1970-01-21 00:49:21	Name: _fbp Value: fb.1.1723185253198.394293419354948843
.twitter.com/	1970-01-21 08:15:45	Name: personalization_id Value: "v1_hUoBipn0BIP5EmrOOAyz1w=="
.reasonlabs.com/	1970-01-21 07:25:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Aug+09+2024+08%3A34%3A13+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202211.1.0&isIABGlobal=false&hosts=&landingPath=NotLandingPage&AwaitingReconsent=false&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.t.co/	1970-01-21 08:15:45	Name: muc_ads Value: 952d5c5b-360e-4dce-83a8-55a845d2c552
.tiktok.com/	1970-01-21 08:01:21	Name: _ttp Value: 2kPVZTUqoKMLhEIIF6o3FEH6Deo
.reasonlabs.com/	1970-01-21 08:01:21	Name: _tt_enable_cookie Value: 1
.reasonlabs.com/	1970-01-21 08:01:21	Name: _ttp Value: LseygZvRl1--dxWjZ-wbChiik0o
widget-mediator.zopim.com/	1970-01-20 22:49:50	Name: AWSALBCORS Value: 9/HtCogCZ1el48e9pBdJ7mQOIoPXkZNKKaYIjGobzlCbLTLR4vThXMRYaVkd4K1R7gZeI4SmhqxkDgRYVb6V7OOLfQs+bVbH9y/fOmMKyJlNFeRX28QwSQK7agc+
.reasonlabs.com/	1970-01-21 07:25:21	Name: __zlcmid Value: 1NAmvlNreU6Yf4e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
analytics.twitter.com
cdn.equalweb.com
cdn.reasonlabs.com
connect.facebook.net
cookie-cdn.cookiepro.com
ekr.zdassets.com
geolocation.onetrust.com
pac.rlproton.com
reasonlabs.com
reasonsecurity.zendesk.com
region1.analytics.google.com
static-cf.cleverbridge.com
static.ads-twitter.com
static.zdassets.com
stats.g.doubleclick.net
t.co
www.facebook.com
www.google.de
www.googletagmanager.com
104.16.242.229
104.16.51.111
104.18.72.113
104.244.42.3
146.75.116.157
172.217.16.195
18.66.102.9
2001:4860:4802:34::36
23.213.161.222
2600:9000:236e:9200:16:b250:9b40:93a1
2606:4700:20::681a:d5f
2606:4700::6812:1d7f
2606:4700::6812:f3e
2a00:1450:4001:80f::2008
2a00:1450:400c:c06::9c
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
76.76.21.21
93.184.221.165
016c702b4f5fe217c58e726cb7b5c4781e2783a1f9b05ce60c86e46358f17143
04dfafbc5fe883fde964a85d80ca6fa19d06db854e82aa0549b0d66547d8397c
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
052e6be56abff0379a8cb7e92e759b19e1e43d1ddd22458fc71600ae7a18077b
0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e
08883e0f0fd0db967a7c9875e12aef7e951ca023456e90be517405c28c029e2e
09de44220d2f31175ac2e93526479d1f346c3f61a64a18d971129aba27746832
0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14
0e029c4f4d1e048ed38d6a56c7c857034ee2fee1c5fc27a2cd6d5cb80df68cb5
0f4e7b1971244d3bbd0587403e399829cdbb2ab499269b85cbc47efc3a6141a4
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
15928a00dd5079d986641664c08efcf8a9dac72ca4f905e38b1a0c30976ab973
15a1f0bb005ee2d4d9c84410aad1bcd9ff6e36686573fe3e0a4959d7df79eed3
16525b2c2e97533f3b8567d3238b2fe2accbc75bf0f3262fce0b1cd07b676120
1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7
172ca2ee9eef5c6b46bb828d6ead12caa09400d76d58d8b11080de0e8a6cc202
17c6bdb8c5eb4f42c8a3ba5ec378bee05df5e0777f26fd826931f2173a99eeb8
1d3e2d2ae2c0142f78244ea6312afb6956c451970a90cb233f70f5b7e33de7f1
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4
20eaa1a63aedbf0019f8562605496a18af58ff9c9850f502f1c40946b16f753c
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660
287d58587a729034072a58fc0738bb876bdea908dc0d6fc86c7f83e6c6e008ba
29ef19e05f73b9d30ac355e7ef49e6a81a6f31b8da31fc61c60c524f196b4904
2e1d5bfbec317e501c989b9215d8153e6c71894003742a2cb94be3ed9701339e
2eb499ec1df28add1ce48be0f9ec2cba7d6b7ab4c9316474a9ef1f0566d4351a
2ff34f763ac8d45e73740b469ed434ee600d3263211dfba79b6f2b1c73e8bde7
301c0686904a489da3626d6592dc4cb3a4e157bd0638fcfbcd66da78b8c9445e
3032151e0f9e05a54e0e95ee99700003682894d02070c76727c239d4732efc8d
3187d2113abc1ec76fbc938ef426e2635f5f961dd48292062ac2e5506380f85e
335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d
34c6c382cc128c236adbb602584b773cb511b4347f0179779d781b4a8b291dfd
35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e
36809553a0e6234f000c7e617c3528e23f0d1500599c37ee176e078b7026515b
36c93b58f03ecca968f0a0369e2396c5c29a06efc3ecd99fae1d13b0a973ada2
37e1e0aef2082b7d2537bd3de9cbcc6432c84345a3a60f8280e3fb9c7cecf48d
3a3170e91ef6263fa67eaaf04dd38d9d54df98e9339f122b587392732d7661bc
3aade53fdf55b8055fb9dc90732c4e7f470b9d695d8668d601a106c52274ce9f
3ba8e9bca43cf0ec1c74472b11d9fdb32b1ae5a23e798a55e2ad4d2f48136f7d
3c95513f8712f777277c207389532617e95a7f2db6f64d32e2c2a283b512d196
3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073
3e6daa2794363d6ab8c7adb8a182a9b18c5b025147af53feb7af58b11da5b7be
3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb
4058f6bce930def884b0fa7d3f0b2a8893767aea046838c23716c1f9021a5986
407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
41f923dfdeaae8120e92c0a48fbdcdf033cb927f57a053d1c8feefcb3dde7a35
420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f
435e173afb0a80e150da0e651c05398b07280fc8790e02129e925afdbe0ba6ad
453f8d94af003ea1b202d17babe41fa00d9b1c14825dc735c5e9c7038d5017a0
46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de
46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66
476245c8c89e381f57b178924bfa750abd88a47e8d9b7c939e7fd32e61a4c46f
4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4
4c97159d90c9f849ea78e5c4c3294b3198580a6a2c3354fe07f2e3aa5ce34430
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
4ecddf8410494cea5379e00170ab1328db3a246482336104c9d7572b852b485d
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c
55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130
5a13a3549c2d1a7d616fa512ad14beb5c27a1040a752c1bb3972853f1529407b
5a69f125453d44dd18e9557ec61b7769dd6f45f323b8833f3a99ef6bfcc4a88e
5b1de48f15a736cfc90e852297faa51c00861f71082e590de34b5414a4f189b8
5b1dfcadb7fc6e398a1c67b49c0b20bba912a7bd47abaf6517d4e04cff67e3e0
5b5249e69847e7c1b146876ceb34463fd6f82a4a747ff26da2bdf9784b3e5b24
5d388757c2dfd2793a4047c2f3031d6cbb707408adbd9eae443d7902bd1a72c2
5de60fd3608d8385ce6427aec3d9846bc6462a742bcecec06780be71f4b05b08
5fe7a29f514066ef89528054eea95dc720cfb6debed549d0ede49ba3d041a762
60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7
65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0
65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c
68c62137fc42681f2ab4384f139cdd424052ba718e1d11c75a58b2f078dc65f8
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3
6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b
734e12ea5d89fc6c8da84f0eac2ee9bc479ee728fa25d5f24d279a881429b3e2
7421ded58b0b66795aac889dd51d394477f7bd2252448af4c3219bf2ce6863a2
754e7795ae6899ee54bbc4d7ddf9b515f4c07d7dd4f3c15f7319ba3cb1a62b0b
786dd0b17ecf4df37a3f900e719bd36c61ae73e13e2d7187980b8852ccab0278
7b993b1af2824acfd0d20bb3a8a191fee08cabec879eb4766a706769d35defa2
7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc
7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f
7fce7079cc8c55b7482809b9cae560338a38beb1c8fa165ededf78def0e65c88
81114370a44b3e7a14b193d85d39ac0573f3a2e742a658ae1063db31b8bf444f
816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b
836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a
83f9442b0ae777927d2d88bb8eb41e76d4379ac404084e716528a46ecbf6433b
84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8
8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa
89692ab36acad0a3ed185617e8c41f7e560bc9cd4d7f7e389bb4c2b72296e5cb
8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4
8a5bcace9ac4612a8d5fe7e38adcb49bed25cc3f52c40fabb2031778e1febfef
8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162
8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447
8e4fbd3919e6cd699518666936aae750b3df6fe994b459da03fdd1d18ae3f88d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811
9b62cefcd86e6b76fadb64fbc35571884c70ae41fcd5eb824c9b99979fc4d392
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a109878c0662bba5d28433d4f0b92077fbabcabb0cfcb4b14bda19987174e55e
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
a360bd9dde2c64d5f43feae453b7d563ef0743af0a55e44e05ffcddaa933e958
a3d351faa84b163e61747d86ad604d61d9f9caf84904585e629db1b4ce31c8d3
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c
a7cc34040d655e367c12f5cab11d9bed52ea01c3ddf0a5f6076f696713be89e3
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab98e00318002d085dbc4e9bbed830237b9f91b8cb10ee4776f864086d4f9522
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afabe80d0da822ecb48dab7940c89b31f8c0b1cebfeb27d1654bcb4e3fea4a02
b0f3b1e96730ac8e5dfeed671562469a45d96beddae9f4e629beb9d43fc6ea04
b2e9e3242b4c5c071d18fc9c901e0332a95a3eb0e7c95bf59dbff6484eb3e30a
b37ca6c575afd9835dad0665bdecd6af5d5ec0d79a6ae8f526ee6a76dd9420ef
b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d
b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8
b499f9cc78d42c5fb07c17e9138efd2a802d1a79f3db0ab41a5a7cf49ccc590a
b8939b22a328efa2a65b21503b1d86365b8c52cc80e3d4378938b99a7c3016c3
bd5351c91b19c65b0641ff46e0fb0b46ea1706fce6c550ded58bfbffc5959f58
c4e409aa158a0a803ce2da327e85ab26193bdf08d4fa778bb95ab349251c2242
c56494b7e0c445e01d2fee0de214450debb0bd77d23c214fb71b0f044f810d1d
c98642e3367866a5926b51ddaa9306bb49135d2b0550a3ea06ca3fc9b41b83c8
cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233
ce5a0525d35ec2fbf605e9d8fd039ba6f62ee7897255d1f1b9d7107300acb8e2
ced7b72b89b45eb74f0b4ec551ad42a70b9343dca7597d140932c02fb6aff732
cf053499e338013d7e8929675faff0aff58ea8ef1e4d7895dec469346902d0de
d3698c70b88abb2a94a0ed5e90cadb42c262a07a0b972fc314a154e575ba3c6b
d5bdce520de5b55a8c213966b0a258e2c456ea333dc999e4699507e156bab99c
d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857
d8d7ae40315aaf92f9393c1a514e56dbba1b2b4410d648cf8e51b3d3fbeff0e1
dc13a24b6ecd3b6e6412a108aa5ba5f7271a1ba3df048cc088b6dceedcd605cc
dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232
dca4cbb98102d13ad9acbaef3347e5237f2ebd2954ef40889877e772e6a96e7c
dcfa11baea88390971433f60c67e7696de90bbef1c08dbf0d2f5bd3c196cff12
e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ddd6dfeee98cca3295e79b96700162959cd13d1014d43db1ba865335d68fbf
e4aa9a902b83ce9975b9cb1817997dec501aad56141f41f437d02ecca4e24b08
e4e40b3944928b3b43a2847d5823b893d34c3861eb285ed5275d9601bb043ef8
e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28
e53cacecb4f6b51948407a352f63bd4b8f4a437393f5a304af76441a2fe47713
e61a2227b4f8927a7bb04c00abf4470c65280bbd7be7c6d3c6645889818671be
e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665
eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7
eb524ab62c0fc128cbf46763b9aa0d94bda920950646a4e9c60fe1bb76c31eeb
ed4487e444877efefe1093519d07f9cea62519c93f40562e54a0c26b93346399
eed7f235ef695c1cf88567e5688b332740677653c9728786d40b22fdee04099c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff2c68552f68a310adf531ba016021cb7a6b3d40ef9cc10fe9f4baea839898c
f19aafb8794e426a2f46e55f0a0ccb386ad75cb1b3369c6330a03e7694187a96
f3c00a8330d85db4a636380a3a8f372fe033a6b2eb607c1d67d98fc171e49e5a
f72ee85947119892c87d055b5decb99a9836275a75ecb4b53c3f06a93f90b9a9
f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09
f87adcffe1607717e5111488c32d471f7278b0df8a7a0d09b3f62d079cedb07f
f8b61e4330e6492cd191460e3218856657651c3d64a5c6b39d02cb9d5547bd90
f92b0855ca604ce5286ede5299696e3bfc2cc676f5a9f481fa650d9069018a51
fa7e5fd43939dc33c5e445b73aef73f85bfc52de6ce84e303dad90ebbc514937
faa902d968312dcd1a8df12afc85dec2f10d3dac22898ac750a9889691702970
fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c
fec6b37efbcb6c56c57f75d454bb3d31df2c8a8ff51d4a866d91329fd315c5b9
ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

reasonlabs.com Open in urlscan Pro 76.76.21.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

170 Requests

100 %HTTPS

47 %IPv6

18 Domains

20 Subdomains

20 IPs

5 Countries

2519 kBTransfer

10922 kBSize

12 Cookies

20 Outgoing links

Page URL History

Redirected requests

170 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 60 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

reasonlabs.com Open in urlscan Pro
76.76.21.21 Public Scan

Screenshot
Live screenshot

Full Image

170
Requests

100 %
HTTPS

47 %
IPv6

18
Domains

20
Subdomains

20
IPs

5
Countries

2519 kB
Transfer

10922 kB
Size

12
Cookies

170 HTTP transactions
60 data transactions