reasonlabs.com Open in urlscan Pro
76.76.21.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Submission: On August 09 via api (August 9th 2024, 6:33:51 am UTC) from DE — Scanned from CA

Summary HTTP 413 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 23 IPs in 2 countries across 18 domains to perform 413 HTTP transactions. The main IP is 76.76.21.21, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is reasonlabs.com. The Cisco Umbrella rank of the primary domain is 302972.
TLS certificate: Issued by R10 on June 25th 2024. Valid for: 3 months.

This is the only time reasonlabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
118	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
52	104.18.15.62 104.18.15.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.243.229 104.16.243.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	173.194.175.97 173.194.175.97	15169 (GOOGLE) (GOOGLE)
15	3.162.103.75 3.162.103.75	16509 (AMAZON-02) (AMAZON-02)
6	13.32.151.63 13.32.151.63	16509 (AMAZON-02) (AMAZON-02)
5	104.18.29.127 104.18.29.127	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	146.75.40.157 146.75.40.157	54113 (FASTLY) (FASTLY)
21	172.67.71.113 172.67.71.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	157.240.229.1 157.240.229.1	32934 (FACEBOOK) (FACEBOOK)
30	23.212.249.89 23.212.249.89	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
52	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	209.85.144.157 209.85.144.157	15169 (GOOGLE) (GOOGLE)
9	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
1	173.194.207.157 173.194.207.157	15169 (GOOGLE) (GOOGLE)
11	172.253.63.94 172.253.63.94	15169 (GOOGLE) (GOOGLE)
4	104.18.70.113 104.18.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	72.21.81.130 72.21.81.130	15133 (EDGECAST) (EDGECAST)
5	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
10	172.217.197.104 172.217.197.104	15169 (GOOGLE) (GOOGLE)
10	31.13.66.35 31.13.66.35	32934 (FACEBOOK) (FACEBOOK)
8	104.16.51.111 104.16.51.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
413	23

118 76.76.21.21 (Walnut, United States)

ASN16509 (AMAZON-02, US)

reasonlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 104.18.15.62 (None, )

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.243.229 (None, )

ASN13335 (CLOUDFLARENET, US)

static-cf.cleverbridge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 173.194.175.97 (United States)

ASN15169 (GOOGLE, US)
PTR: qs-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 3.162.103.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-75.iad61.r.cloudfront.net

cdn.reasonlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.32.151.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-151-63.iad66.r.cloudfront.net

pac.rlproton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.29.127 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 146.75.40.157 (Seattle, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 172.67.71.113 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.equalweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 23.212.249.89 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-249-89.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 209.85.144.157 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: qv-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.207.157 (United States)

ASN15169 (GOOGLE, US)
PTR: qk-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.253.63.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)

ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.21.81.130 (United States)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.197.104 (United States)

ASN15169 (GOOGLE, US)
PTR: qa-in-f104.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)

reasonsecurity.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
133	reasonlabs.com reasonlabs.com — Cisco Umbrella Rank: 302972 cdn.reasonlabs.com — Cisco Umbrella Rank: 399412	1 MB
56	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 3854 ekr.zdassets.com — Cisco Umbrella Rank: 4356	521 KB
52	cookiepro.com cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 13568	167 KB
30	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 963	158 KB
21	equalweb.com cdn.equalweb.com — Cisco Umbrella Rank: 32686	21 KB
21	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	370 KB
19	google.com analytics.google.com — Cisco Umbrella Rank: 238 www.google.com — Cisco Umbrella Rank: 10	640 B
11	google.ca www.google.ca — Cisco Umbrella Rank: 9677	703 B
11	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 stats.g.doubleclick.net — Cisco Umbrella Rank: 252	14 KB
10	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	6 KB
10	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	73 KB
8	zendesk.com reasonsecurity.zendesk.com	2 KB
6	rlproton.com pac.rlproton.com	1 KB
5	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	954 B
5	t.co t.co — Cisco Umbrella Rank: 979	1 KB
5	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	16 KB
5	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	921 B
5	cleverbridge.com static-cf.cleverbridge.com — Cisco Umbrella Rank: 427989	8 KB
413	18

	Domain	Requested by
118	reasonlabs.com	reasonlabs.com analytics.tiktok.com cookie-cdn.cookiepro.com
52	static.zdassets.com	reasonlabs.com static.zdassets.com
52	cookie-cdn.cookiepro.com	reasonlabs.com cookie-cdn.cookiepro.com analytics.tiktok.com
30	analytics.tiktok.com	reasonlabs.com analytics.tiktok.com
21	cdn.equalweb.com	reasonlabs.com cdn.equalweb.com
21	www.googletagmanager.com	reasonlabs.com www.googletagmanager.com
15	cdn.reasonlabs.com	reasonlabs.com
11	www.google.ca	reasonlabs.com
10	www.facebook.com	reasonlabs.com
10	www.google.com	reasonlabs.com
10	googleads.g.doubleclick.net	www.googletagmanager.com
10	connect.facebook.net	reasonlabs.com connect.facebook.net
9	analytics.google.com	www.googletagmanager.com analytics.tiktok.com
8	reasonsecurity.zendesk.com	static.zdassets.com
6	pac.rlproton.com	reasonlabs.com
5	analytics.twitter.com	reasonlabs.com
5	t.co	reasonlabs.com
5	static.ads-twitter.com	www.googletagmanager.com
5	geolocation.onetrust.com	cookie-cdn.cookiepro.com
5	static-cf.cleverbridge.com	reasonlabs.com
4	ekr.zdassets.com	static.zdassets.com
1	stats.g.doubleclick.net	www.googletagmanager.com
413	22

This site contains links to these domains. Also see Links.

Domain
chromewebstore.google.com
microsoftedge.microsoft.com
cyberpedia.reasonlabs.com
source.chromium.org
www.virustotal.com
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
familykeeper.reasonlabs.com
cookiepedia.co.uk
www.cookiepro.com

Subject Issuer	Validity	Valid
reasonlabs.com R10	`2024-06-25` - `2024-09-23`	3 months	crt.sh
cookiepro.com E6	`2024-07-17` - `2024-10-15`	3 months	crt.sh
*.cleverbridge.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-21` - `2024-12-21`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
rlproton.com Amazon RSA 2048 M02	`2023-11-14` - `2024-12-12`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
equalweb.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-18` - `2024-08-16`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
zdassets.com E6	`2024-06-29` - `2024-09-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.ca WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
reasonsecurity.zendesk.com E6	`2024-06-15` - `2024-09-13`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Frame ID: 29A62FAE59D0ABE22327D0CD5A843816
Requests: 184 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 4FCCB4044E1B4BF8BFB79B8030656A23
Requests: 62 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 179033C8AC0621BB4BBF1F0F5C44F78C
Requests: 14 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 37E5C38DEF5546572117E35BA1C2FE10
Requests: 67 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 441FD067D9EAA5A3E857F9A633685641
Requests: 65 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 53E348B855B35A7811B44FFE4A7B3C29
Requests: 14 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 529F854B350902ED738626F5D3DE9B14
Requests: 14 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 0BFCF9496BAA5610407A0A3E34F849E2
Requests: 62 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 0371D2A4D8B9BB2F7E269B74A62AA0D0
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Extension Trojan Malware Campaign | ReasonLabs

Detected technologies

EqualWeb (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.equalweb\.com.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Page Statistics

413
Requests

100 %
HTTPS

0 %
IPv6

18
Domains

22
Subdomains

23
IPs

2
Countries

2597 kB
Transfer

25959 kB
Size

13
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://chromewebstore.google.com/
Title: Chrome Web Store

Search URL Search Domain Scan URL

URL: https://microsoftedge.microsoft.com/addons/Microsoft-Edge-Extensions-Home
Title: Microsoft Edge Add-ons

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/malware.html
Title: malware

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/trojan.html
Title: trojan

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/adware.html
Title: adware

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/powershell.html
Title: PowerShell

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/c2.html
Title: C2

Search URL Search Domain Scan URL

URL: https://source.chromium.org/chromium/chromium/src/+/HEAD:chrome/browser/upgrade_detector/upgrade_detector_impl.cc;l=204
Title: outdatedbuilddetector

Search URL Search Domain Scan URL

URL: https://source.chromium.org/chromium/chromium/src/+/main:extensions/docs/security_faq.md?q=extensions-on-chrome-url&ss=chromium%2Fchromium%2Fsrc
Title: removes protection

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/22e7d2d85820b49f1278ce152c5ed39fd88087c7a998dcf348b6164d5b33bb8d/details
Title: https://www.virustotal.com/gui/url/22e7d2d85820b49f1278ce152c5ed39fd88087c7a998dcf348b6164d5b33bb8d/details

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/collection/04480b9dc7eb0e7150ff89df24c8f30f11f40714b93a1cab00712bde7019fc55
Title: collection and graph with IOCs

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/5ce016d3133d960f68b0415d5bb825b143713ffaea751b098ffcf80353bc171b/content
Title: https://www.virustotal.com/gui/file/5ce016d3133d960f68b0415d5bb825b143713ffaea751b098ffcf80353bc171b/content

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReasonLabsCyberSec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/6428902

Search URL Search Domain Scan URL

URL: https://twitter.com/Reasonsecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Reasoncoresecurity

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/
Title: Cyberpedia

Search URL Search Domain Scan URL

URL: https://familykeeper.reasonlabs.com/
Title: FamilyKeeper

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.cookiepro.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

413 HTTP transactions
84 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request new-widespread-extension-trojan-malware-campaign Show response
reasonlabs.com/research/ 171 KB
26 KB 115ms
42ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dca4cbb98102d13ad9acbaef3347e5237f2ebd2954ef40889877e772e6a96e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240860
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:33:41 GMT
etag: W/"4c36bb3ea1f535b00fe0a077c0555e8f"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /research/new-widespread-extension-trojan-malware-campaign
x-vercel-cache: HIT
x-vercel-id: iad1::d9ww2-1723185221080-b706918f7f5a

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ 40 KB
10 KB 43ms
42ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 0ec662aeefa47c32.css
reasonlabs.com/_next/static/css/ 6 KB
2 KB 56ms
56ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/0ec662aeefa47c32.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3ba8e9bca43cf0ec1c74472b11d9fdb32b1ae5a23e798a55e2ad4d2f48136f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::69xzp-1723185221158-219ee8ba19a7
age: 240403
x-matched-path: /_next/static/css/0ec662aeefa47c32.css
etag: W/"04f463cae17c5216cf98aeb5eef54d84"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="0ec662aeefa47c32.css"

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 21 KB
7 KB 78ms
30ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 54381
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7509cab54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ 29 KB
7 KB 89ms
41ms Script
application/x-javascript 104.16.243.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.243.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45781
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b7509d5354a3-YYZ
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:38:41 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ 28 KB
9 KB 73ms
69ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::4jm98-1723185221185-468c4d0eb56d
age: 241049
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ 127 KB
43 KB 45ms
41ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::d9ww2-1723185221185-b68aee680057
age: 241049
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ 106 KB
33 KB 44ms
40ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::69xzp-1723185221185-68c4f2cdb32e
age: 241049
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ 140 KB
48 KB 74ms
71ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221185-3fd2b2b27fda
age: 241049
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 1852-bf14fe5709c35c21.js Show response
reasonlabs.com/_next/static/chunks/ 22 KB
7 KB 73ms
70ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/1852-bf14fe5709c35c21.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e61a2227b4f8927a7bb04c00abf4470c65280bbd7be7c6d3c6645889818671be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::g4fqb-1723185221185-4095cfc64254
age: 241049
x-matched-path: /_next/static/chunks/1852-bf14fe5709c35c21.js
etag: W/"c8b074dcfa0d3e6b43b3bd000532a754"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1852-bf14fe5709c35c21.js"

GET
H2 200 1994-ba9996d7d0129c46.js Show response
reasonlabs.com/_next/static/chunks/ 89 KB
27 KB 74ms
71ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/1994-ba9996d7d0129c46.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8a5bcace9ac4612a8d5fe7e38adcb49bed25cc3f52c40fabb2031778e1febfef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::h9cjd-1723185221185-580e721afbac
age: 240403
x-matched-path: /_next/static/chunks/1994-ba9996d7d0129c46.js
etag: W/"4a12dc93f95e41b444abc36219623c5d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1994-ba9996d7d0129c46.js"

GET
H2 200 new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js Show response
reasonlabs.com/_next/static/chunks/pages/research/ 1 KB
923 B 245ms
242ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/research/new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5b1dfcadb7fc6e398a1c67b49c0b20bba912a7bd47abaf6517d4e04cff67e3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::66847-1723185221233-37aa46075960
age: 240403
x-matched-path: /_next/static/chunks/pages/research/new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js
etag: W/"27f1f4b9d213f6738db771082c1e2332"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ 14 KB
4 KB 74ms
71ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::zlr49-1723185221185-d4a2da2b23f6
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ 2 KB
726 B 70ms
68ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723185221185-472fa1de9788
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 267 KB
94 KB 147ms
57ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a5b37639bb49072fc2fc35a93952f862f855165d83d45dce33cd4dc80fae2489

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95988
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 chat Show response
reasonlabs.com/ Frame 4FCC 3 KB
2 KB 67ms
66ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/chat

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 241057
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:33:41 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::qhg7g-1723185221199-c63292221983

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87adcffe1607717e5111488c32d471f7278b0df8a7a0d09b3f62d079cedb07f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3698c70b88abb2a94a0ed5e90cadb42c262a07a0b972fc314a154e575ba3c6b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 734e12ea5d89fc6c8da84f0eac2ee9bc479ee728fa25d5f24d279a881429b3e2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c56494b7e0c445e01d2fee0de214450debb0bd77d23c214fb71b0f044f810d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 172ca2ee9eef5c6b46bb828d6ead12caa09400d76d58d8b11080de0e8a6cc202

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ff34f763ac8d45e73740b469ed434ee600d3263211dfba79b6f2b1c73e8bde7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e53cacecb4f6b51948407a352f63bd4b8f4a437393f5a304af76441a2fe47713

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0f3b1e96730ac8e5dfeed671562469a45d96beddae9f4e629beb9d43fc6ea04

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: faa902d968312dcd1a8df12afc85dec2f10d3dac22898ac750a9889691702970

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b5249e69847e7c1b146876ceb34463fd6f82a4a747ff26da2bdf9784b3e5b24

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ecddf8410494cea5379e00170ab1328db3a246482336104c9d7572b852b485d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16525b2c2e97533f3b8567d3238b2fe2accbc75bf0f3262fce0b1cd07b676120

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f4e7b1971244d3bbd0587403e399829cdbb2ab499269b85cbc47efc3a6141a4

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ced7b72b89b45eb74f0b4ec551ad42a70b9343dca7597d140932c02fb6aff732

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4aa9a902b83ce9975b9cb1817997dec501aad56141f41f437d02ecca4e24b08

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e6daa2794363d6ab8c7adb8a182a9b18c5b025147af53feb7af58b11da5b7be

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f19aafb8794e426a2f46e55f0a0ccb386ad75cb1b3369c6330a03e7694187a96

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed4487e444877efefe1093519d07f9cea62519c93f40562e54a0c26b93346399

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 052e6be56abff0379a8cb7e92e759b19e1e43d1ddd22458fc71600ae7a18077b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fce7079cc8c55b7482809b9cae560338a38beb1c8fa165ededf78def0e65c88

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab98e00318002d085dbc4e9bbed830237b9f91b8cb10ee4776f864086d4f9522

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17c6bdb8c5eb4f42c8a3ba5ec378bee05df5e0777f26fd826931f2173a99eeb8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34c6c382cc128c236adbb602584b773cb511b4347f0179779d781b4a8b291dfd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b62cefcd86e6b76fadb64fbc35571884c70ae41fcd5eb824c9b99979fc4d392

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a13a3549c2d1a7d616fa512ad14beb5c27a1040a752c1bb3972853f1529407b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a360bd9dde2c64d5f43feae453b7d563ef0743af0a55e44e05ffcddaa933e958

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a3170e91ef6263fa67eaaf04dd38d9d54df98e9339f122b587392732d7661bc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b37ca6c575afd9835dad0665bdecd6af5d5ec0d79a6ae8f526ee6a76dd9420ef

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4e409aa158a0a803ce2da327e85ab26193bdf08d4fa778bb95ab349251c2242

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2e9e3242b4c5c071d18fc9c901e0332a95a3eb0e7c95bf59dbff6484eb3e30a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e029c4f4d1e048ed38d6a56c7c857034ee2fee1c5fc27a2cd6d5cb80df68cb5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1de48f15a736cfc90e852297faa51c00861f71082e590de34b5414a4f189b8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e1d5bfbec317e501c989b9215d8153e6c71894003742a2cb94be3ed9701339e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 287d58587a729034072a58fc0738bb876bdea908dc0d6fc86c7f83e6c6e008ba

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f92b0855ca604ce5286ede5299696e3bfc2cc676f5a9f481fa650d9069018a51

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3c00a8330d85db4a636380a3a8f372fe033a6b2eb607c1d67d98fc171e49e5a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453f8d94af003ea1b202d17babe41fa00d9b1c14825dc735c5e9c7038d5017a0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7e5fd43939dc33c5e445b73aef73f85bfc52de6ce84e303dad90ebbc514937

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf053499e338013d7e8929675faff0aff58ea8ef1e4d7895dec469346902d0de

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 301c0686904a489da3626d6592dc4cb3a4e157bd0638fcfbcd66da78b8c9445e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36809553a0e6234f000c7e617c3528e23f0d1500599c37ee176e078b7026515b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: afabe80d0da822ecb48dab7940c89b31f8c0b1cebfeb27d1654bcb4e3fea4a02

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15928a00dd5079d986641664c08efcf8a9dac72ca4f905e38b1a0c30976ab973

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fec6b37efbcb6c56c57f75d454bb3d31df2c8a8ff51d4a866d91329fd315c5b9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09de44220d2f31175ac2e93526479d1f346c3f61a64a18d971129aba27746832

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 754e7795ae6899ee54bbc4d7ddf9b515f4c07d7dd4f3c15f7319ba3cb1a62b0b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37e1e0aef2082b7d2537bd3de9cbcc6432c84345a3a60f8280e3fb9c7cecf48d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f923dfdeaae8120e92c0a48fbdcdf033cb927f57a053d1c8feefcb3dde7a35

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a109878c0662bba5d28433d4f0b92077fbabcabb0cfcb4b14bda19987174e55e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15a1f0bb005ee2d4d9c84410aad1bcd9ff6e36686573fe3e0a4959d7df79eed3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3ddd6dfeee98cca3295e79b96700162959cd13d1014d43db1ba865335d68fbf

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83f9442b0ae777927d2d88bb8eb41e76d4379ac404084e716528a46ecbf6433b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 435e173afb0a80e150da0e651c05398b07280fc8790e02129e925afdbe0ba6ad

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2eb499ec1df28add1ce48be0f9ec2cba7d6b7ab4c9316474a9ef1f0566d4351a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 arrow-menu.fab38cce.svg
reasonlabs.com/_next/static/media/ 586 B
795 B 44ms
44ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/arrow-menu.fab38cce.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b499f9cc78d42c5fb07c17e9138efd2a802d1a79f3db0ab41a5a7cf49ccc590a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::455pg-1723185221241-9a48b0ac26b5
age: 241049
x-matched-path: /_next/static/media/arrow-menu.fab38cce.svg
etag: "62a6b7c588b06e2c179e21ebcdc844fb"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="arrow-menu.fab38cce.svg"
accept-ranges: bytes
content-length: 586

GET
H2 200 facebook.c9139725.svg
reasonlabs.com/_next/static/media/ 805 B
969 B 43ms
42ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/facebook.c9139725.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

08883e0f0fd0db967a7c9875e12aef7e951ca023456e90be517405c28c029e2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723185221245-20165f311555
age: 241049
x-matched-path: /_next/static/media/facebook.c9139725.svg
etag: "51edd89129d5d27144d876c542689bd3"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="facebook.c9139725.svg"
accept-ranges: bytes
content-length: 805

GET
H2 200 linkedin.3950c8b8.svg
reasonlabs.com/_next/static/media/ 1 KB
775 B 41ms
40ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/linkedin.3950c8b8.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eed7f235ef695c1cf88567e5688b332740677653c9728786d40b22fdee04099c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::d9ww2-1723185221245-0008137f1fc4
age: 241049
x-matched-path: /_next/static/media/linkedin.3950c8b8.svg
etag: W/"ed3fcfc3bf6da0c4a8dc51342136883c"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="linkedin.3950c8b8.svg"

GET
H2 200 twitter.d8c3fb02.svg
reasonlabs.com/_next/static/media/ 930 B
1 KB 45ms
44ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/twitter.d8c3fb02.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3187d2113abc1ec76fbc938ef426e2635f5f961dd48292062ac2e5506380f85e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ft8xs-1723185221245-731d96082603
age: 241049
x-matched-path: /_next/static/media/twitter.d8c3fb02.svg
etag: "fd51f1fe67f862f4b727cca9a09f9cec"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="twitter.d8c3fb02.svg"
accept-ranges: bytes
content-length: 930

GET
H2 200 youtube.ea5ff4f6.svg
reasonlabs.com/_next/static/media/ 1 KB
788 B 49ms
48ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/youtube.ea5ff4f6.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

ce5a0525d35ec2fbf605e9d8fd039ba6f62ee7897255d1f1b9d7107300acb8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::9pns7-1723185221249-c8f7f38a0912
age: 241049
x-matched-path: /_next/static/media/youtube.ea5ff4f6.svg
etag: W/"0832d214ba4de693904d0aa232ae095c"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="youtube.ea5ff4f6.svg"

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ 45 KB
45 KB 183ms
104ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "0db105f867c7eb2e491db586cc26b417"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: ksTpXorPnPgR_7oc4opXp3vIeza9KeGUIIhkdAh8nvsZ-m0AQKQCjQ==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ 45 KB
46 KB 195ms
117ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 22:53:30 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 27612
x-amz-server-side-encryption: AES256
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46516
x-amz-cf-id: KKyTKPQAhOHpB1mD5ztoq0ARYFEqloSyFcf9yBW96pu5ZvT0ro4Mnw==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ 47 KB
47 KB 207ms
130ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49196
x-amz-server-side-encryption: AES256
etag: "6d10397a151d83e4407fecd27f76cafb"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 47772
x-amz-cf-id: _HFzTgV0lN44750ShN68miD2KdgmZFg19keq3zMHve2fTAwwU-5H2A==

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ 45 KB
46 KB 156ms
78ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "78e812f3fda430191facc31c64a4b927"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46444
x-amz-cf-id: iCbzv_vfVRnQG3aOgEs-c9MUFTNYPKby_1UKeBKl8qFqmmWX3osGKw==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ 46 KB
46 KB 118ms
41ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: msWvKBYSgs_RBUEMqprD2JzZxxDoLJG8ufDATsGtbYeKaunKXPz_YQ==

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 4FCC 40 KB
0 43ms
42ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 4FCC 264 B
442 B 46ms
45ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::9pns7-1723185221375-125ba8050e64
age: 241049
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 4FCC 21 KB
0 0ms
0ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 54381
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7509cab54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 4FCC 29 KB
39 B 38ms
31ms Script
application/x-javascript 104.16.243.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.243.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45781
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b751cd8854a3-YYZ
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:38:41 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 4FCC 28 KB
0 2ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::4jm98-1723185221185-468c4d0eb56d
age: 241049
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 4FCC 127 KB
0 2ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::d9ww2-1723185221185-b68aee680057
age: 241049
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 4FCC 106 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::69xzp-1723185221185-68c4f2cdb32e
age: 241049
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 4FCC 140 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221185-3fd2b2b27fda
age: 241049
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 4FCC 4 KB
2 KB 44ms
36ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::455pg-1723185221418-a29e1d01eaae
age: 241049
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 4FCC 14 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::zlr49-1723185221185-d4a2da2b23f6
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 4FCC 2 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723185221185-472fa1de9788
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 4FCC 267 KB
0 5ms
5ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a5b37639bb49072fc2fc35a93952f862f855165d83d45dce33cd4dc80fae2489

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ 5 KB
2 KB 76ms
38ms XHR
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 40501
content-md5: gKmtabxTjnCJszgSfszYnQ==
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f2077bb7-001e-006e-5a15-6b7e93000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7521a77ab54-YYZ

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 4FCC 5 KB
0 41ms
41ms XHR
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 40501
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f2077bb7-001e-006e-5a15-6b7e93000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7521a77ab54-YYZ

OPTIONS
H2 200 /
pac.rlproton.com/ Frame 0
0 116ms
36ms Preflight
application/json 13.32.151.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-63.iad66.r.cloudfront.net
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://reasonlabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 600
age: 64277
content-length: 0
content-type: application/json; charset=utf-8
date: Thu, 08 Aug 2024 12:42:24 GMT
server: awselb/2.0
vary: Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-id: p-UO0DNfOXeYpgiPPkNFPTvMFhAnm3hlocNufnZS_-iL5tqZnLstMg==
x-amz-cf-pop: IAD66-C2
x-cache: Hit from cloudfront

POST
H2 200 / Show response
pac.rlproton.com/ 0
239 B 52ms
49ms Fetch 13.32.151.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-63.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
via: 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: armK8EE1zNha00rOiAM5u25pUSa1GF6e-3R3H4fjzlHN1Eog4HlR9w==

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81114370a44b3e7a14b193d85d39ac0573f3a2e742a658ae1063db31b8bf444f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
315 B 80ms
37ms XHR
application/json 104.18.29.127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.127 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b75399d6a1ed-YYZ
access-control-allow-headers: Content-Type

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 4FCC 68 B
140 B 116ms
36ms XHR
application/json 104.18.29.127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.127 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b753d9f1a1ed-YYZ
access-control-allow-headers: Content-Type

GET
H2 200 logo-reason-labs.884f8136.svg
reasonlabs.com/_next/static/media/ 8 KB
3 KB 47ms
46ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/logo-reason-labs.884f8136.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

29ef19e05f73b9d30ac355e7ef49e6a81a6f31b8da31fc61c60c524f196b4904

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723185221682-9e0705cbd64c
age: 214623
x-matched-path: /_next/static/media/logo-reason-labs.884f8136.svg
etag: W/"7e5a5a50068c3233c88b85d6c0c4ce79"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="logo-reason-labs.884f8136.svg"

GET
H2 200 banner.ee0b4b42.svg
reasonlabs.com/_next/static/media/ 66 KB
22 KB 41ms
41ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/banner.ee0b4b42.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c98642e3367866a5926b51ddaa9306bb49135d2b0550a3ea06ca3fc9b41b83c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221682-01b37910222b
age: 240223
x-matched-path: /_next/static/media/banner.ee0b4b42.svg
etag: W/"d064284f01adc50e0634645ad3848d8d"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="banner.ee0b4b42.svg"

GET
H2 200 badge.5cc43f89.svg
reasonlabs.com/_next/static/media/ 2 KB
1 KB 46ms
46ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/badge.5cc43f89.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

476245c8c89e381f57b178924bfa750abd88a47e8d9b7c939e7fd32e61a4c46f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::x7nm6-1723185221682-e090b4d642b1
age: 241049
x-matched-path: /_next/static/media/badge.5cc43f89.svg
etag: W/"5892cd79270b68dfaa4c5a76ae5dbe46"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="badge.5cc43f89.svg"

GET
H2 200 9669-c1dd85627d14116a.js
reasonlabs.com/_next/static/chunks/ 0
6 KB 60ms
58ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9669-c1dd85627d14116a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723185221687-f1e9e69626ea
age: 241049
x-matched-path: /_next/static/chunks/9669-c1dd85627d14116a.js
etag: W/"df94e0a9e336407fee547b88bb300177"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9669-c1dd85627d14116a.js"

GET
H2 200 7536-d078bab37095fd33.js
reasonlabs.com/_next/static/chunks/ 0
9 KB 60ms
51ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/7536-d078bab37095fd33.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::zlr49-1723185221697-632d4f702556
age: 241049
x-matched-path: /_next/static/chunks/7536-d078bab37095fd33.js
etag: W/"77108c566aca03f6efbddef060527122"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="7536-d078bab37095fd33.js"

GET
H2 200 4853-a702dd05d0560e1e.js
reasonlabs.com/_next/static/chunks/ 0
4 KB 48ms
40ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/4853-a702dd05d0560e1e.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ft8xs-1723185221693-f499a5267534
age: 241049
x-matched-path: /_next/static/chunks/4853-a702dd05d0560e1e.js
etag: W/"1b730895d2887145510a56eac5c6c912"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4853-a702dd05d0560e1e.js"

GET
H2 200 9491-cb307f0820dea16a.js
reasonlabs.com/_next/static/chunks/ 0
19 KB 46ms
38ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9491-cb307f0820dea16a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221693-c54ea1992559
age: 241049
x-matched-path: /_next/static/chunks/9491-cb307f0820dea16a.js
etag: W/"94f0bea99e6ca73dcad46858d27f410e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9491-cb307f0820dea16a.js"

GET
H2 200 9181-783f2b62bd015354.js
reasonlabs.com/_next/static/chunks/ 0
43 KB 59ms
51ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9181-783f2b62bd015354.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::6k4l4-1723185221694-47a835b1c5cd
age: 241049
x-matched-path: /_next/static/chunks/9181-783f2b62bd015354.js
etag: W/"9ca24510e1cdd5d5e7d5ddff68e98437"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9181-783f2b62bd015354.js"

GET
H2 200 5074-22f981bef7596111.js
reasonlabs.com/_next/static/chunks/ 0
3 KB 69ms
62ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/5074-22f981bef7596111.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::zlr49-1723185221706-73bc12ba60a9
age: 241049
x-matched-path: /_next/static/chunks/5074-22f981bef7596111.js
etag: W/"310e55de2050605a798b639f502ed60b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5074-22f981bef7596111.js"

GET
H2 200 contact-us-d3628e156bfb164b.js
reasonlabs.com/_next/static/chunks/pages/ 0
2 KB 72ms
65ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/contact-us-d3628e156bfb164b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::x7nm6-1723185221706-b0fd75288cb5
age: 241049
x-matched-path: /_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
etag: W/"358d84a1371694326c440828f385f56c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="contact-us-d3628e156bfb164b.js"

GET
H2 200 blog.json Show response
reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/ 181 KB
55 KB 48ms
39ms Fetch
application/json 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/blog.json

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dc13a24b6ecd3b6e6412a108aa5ba5f7271a1ba3df048cc088b6dceedcd605cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:31:54 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::iad1::x7nm6-1723185221691-115330e2bcbe
age: 106
x-matched-path: /_next/data/5eUuBX5htYtNuQSXgmh55/blog.json
etag: W/"fzkv4vjsje3y3i"
x-vercel-cache: STALE
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 2205-b8b042bddf4b1387.js
reasonlabs.com/_next/static/chunks/ 0
15 KB 65ms
56ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2205-b8b042bddf4b1387.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221706-8d447bd9f6a7
age: 241049
x-matched-path: /_next/static/chunks/2205-b8b042bddf4b1387.js
etag: W/"ba817c6de20566a33d8d0ff4e3bcb244"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2205-b8b042bddf4b1387.js"

GET
H2 200 2491-9ec92f3cd3328555.js
reasonlabs.com/_next/static/chunks/ 0
4 KB 73ms
64ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2491-9ec92f3cd3328555.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::rmdrx-1723185221706-bf64230eb0dc
age: 241049
x-matched-path: /_next/static/chunks/2491-9ec92f3cd3328555.js
etag: W/"4fff78c55ddd1a3e147f39c093de99b7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2491-9ec92f3cd3328555.js"

GET
H2 200 blog-52fec28581808e54.js
reasonlabs.com/_next/static/chunks/pages/ 0
810 B 72ms
63ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/blog-52fec28581808e54.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::4jm98-1723185221706-57ff24974372
age: 241049
x-matched-path: /_next/static/chunks/pages/blog-52fec28581808e54.js
etag: W/"918586f29b4068e56808459b8d9cde16"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="blog-52fec28581808e54.js"

GET
H2 200 index.json Show response
reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/ 48 B
246 B 53ms
44ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/index.json

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3aade53fdf55b8055fb9dc90732c4e7f470b9d695d8668d601a106c52274ce9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723185221692-08f82a9de921
age: 241056
x-matched-path: /_next/data/5eUuBX5htYtNuQSXgmh55/index.json
etag: "aa1b2640b6e2044ab22eade428af1e37"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
accept-ranges: bytes
content-length: 48

GET
H2 200 ea88be26-58ed6ef11764b90d.js
reasonlabs.com/_next/static/chunks/ 0
79 KB 70ms
65ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/ea88be26-58ed6ef11764b90d.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723185221706-ade36e5aa922
age: 241049
x-matched-path: /_next/static/chunks/ea88be26-58ed6ef11764b90d.js
etag: W/"06fd9f72883d76e633821a2a49c5e00a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ea88be26-58ed6ef11764b90d.js"

GET
H2 200 334-32080295da286e1b.js
reasonlabs.com/_next/static/chunks/ 0
12 KB 59ms
54ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/334-32080295da286e1b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ft8xs-1723185221706-5d929257116d
age: 241049
x-matched-path: /_next/static/chunks/334-32080295da286e1b.js
etag: W/"7df4cb4701054c6232f09e0f4bc68ae0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="334-32080295da286e1b.js"

GET
H2 200 2769-806d4971ab81cede.js
reasonlabs.com/_next/static/chunks/ 0
8 KB 69ms
64ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2769-806d4971ab81cede.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723185221706-ee398aa512bc
age: 241049
x-matched-path: /_next/static/chunks/2769-806d4971ab81cede.js
etag: W/"d7f581e10d3f964cd887d56d56ad2230"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2769-806d4971ab81cede.js"

GET
H2 200 6704-0f25a7eb013f0542.js
reasonlabs.com/_next/static/chunks/ 0
405 KB 67ms
63ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/6704-0f25a7eb013f0542.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::nt74w-1723185221706-64298eaccef9
age: 241049
x-matched-path: /_next/static/chunks/6704-0f25a7eb013f0542.js
etag: W/"3764708a2bcac5893337a72604873fa0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="6704-0f25a7eb013f0542.js"

GET
H2 200 index-be0f6d764aebb9c2.js
reasonlabs.com/_next/static/chunks/pages/ 0
13 KB 97ms
93ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/index-be0f6d764aebb9c2.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::h94q5-1723185221707-bca1b3ee200b
age: 241049
x-matched-path: /_next/static/chunks/pages/index-be0f6d764aebb9c2.js
etag: W/"85baf6f0d8b41f85b1956e1e36bbac7a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="index-be0f6d764aebb9c2.js"

GET
H2 200 b09dfccc-0d4362519e83f737.js
reasonlabs.com/_next/static/chunks/ 0
7 KB 66ms
62ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/b09dfccc-0d4362519e83f737.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::scmgq-1723185221706-37618b0b0f9b
age: 241050
x-matched-path: /_next/static/chunks/b09dfccc-0d4362519e83f737.js
etag: W/"010c52841b45e58787fa5559057279b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b09dfccc-0d4362519e83f737.js"

GET
H2 200 5515-da6bcd073351bba9.js
reasonlabs.com/_next/static/chunks/ 0
10 KB 64ms
61ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/5515-da6bcd073351bba9.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::z6xnd-1723185221706-1f62e0745381
age: 241050
x-matched-path: /_next/static/chunks/5515-da6bcd073351bba9.js
etag: W/"97fc8a2d007e82a5ea121e9e913754a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5515-da6bcd073351bba9.js"

GET
H2 200 company-f58c4c93bb87ba63.js
reasonlabs.com/_next/static/chunks/pages/ 0
6 KB 76ms
72ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/company-f58c4c93bb87ba63.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723185221709-992d94ab24b5
age: 241049
x-matched-path: /_next/static/chunks/pages/company-f58c4c93bb87ba63.js
etag: W/"4d9d7a54137e67b9182d3aaa760a176e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="company-f58c4c93bb87ba63.js"

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 316 KB
105 KB 55ms
54ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

c36fca529a1a48b0f9b1dd80d71b7323633566d95dec0a1713dac262d48739e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107217
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 242 KB
86 KB 64ms
63ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e13a8d24930fe4efaab9c57441033713336a54805d3528b1565c6338f375f243

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87547
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 245ms
84ms Script
application/javascript 146.75.40.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.40.157 Seattle, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
last-modified: Fri, 15 Mar 2024 03:07:08 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000023-IAD, cache-bfi-kbfi7400034-BFI

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 239 KB
85 KB 112ms
111ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a866af5bc256894915b0989df635ed39468ae4a85b6708fd5be3da0f1569bd4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86956
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ 43 KB
15 KB 79ms
34ms Script
application/javascript 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235035
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QODk1nA9oAiihvzc4iDbotAI2t3eeP44H2KofruC9ciDct3LGM8g7JiEZ3lJQwmDRozia%2B%2Bet4if%2BtTZrjB8kBPzlmX1jQbSm9Bh62vjcMwN7e286sDwQ8Zj1K5BFUtko%2FU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7540d4aabd0-YYZ

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 115ms
38ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 06:33:41 GMT
document-policy: force-load-at-top
x-fb-server-load: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=12, mss=1316, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: c9jvyP+dGvLO9cmToPtw/36KEpDuIUMmmI/E2mPMWz3uU3b4atWwpH5QiL1C46fbjWSX+rug70xuHc3eZKZSxQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 135ms
59ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4cccf9057ca970c60f96f27bfc9dc8443996885a1dc059bdc7329aa660584cc3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 102f019e.786e3ac1
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334197D52351D52751A7EE49-34BFE932B035BB34-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 13,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=8, inner; dur=3
content-length: 1604
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334197D52351D52751A7EE49
x-cache-remote: TCP_MISS from a23-50-129-168.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.50.129.168
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe10cc63cbeea7baa8e365dad6dd9bdd2a98ded660c8c408bc472e2955e9a41c51186b3c2d34dcc4368b88b6489d263bce09b32821b1b2d07352435552a8dde3902038e81a4bfc6135353cc11c80272732f
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 4FCC 10 KB
5 KB 85ms
40ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 23
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx9wk8OL1JnzEiNnNAZCXyy%2FkHAMCcZl6xh9%2BBdB50d8F%2FzzAHFF4H%2B1R23BdFtKVteNl9FK70mUB%2FJ9U2M%2Fscy8Qg%2FYPMXLGiiu6R6hDdyx%2BUTTla0fU8p0QieQRi2CK%2FslfIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05b7546884ab78-YYZ
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 4FCC 0
240 B 43ms
40ms Fetch 13.32.151.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-63.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
via: 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: NvBmN0pjx-bnE3vvnDdIF4dzdIdIb6AIg0UEqm9oQ4eLuGpnLEX1Hw==

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ 383 KB
92 KB 32ms
31ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 68438
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7546d7e54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 back-arrow-dark.dd4a6803.svg
reasonlabs.com/_next/static/media/ 805 B
1 KB 46ms
44ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/back-arrow-dark.dd4a6803.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eff2c68552f68a310adf531ba016021cb7a6b3d40ef9cc10fe9f4baea839898c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723185221835-a9265a47d05e
age: 239955
x-matched-path: /_next/static/media/back-arrow-dark.dd4a6803.svg
etag: "c09af1c787d4810791793ec917235f3a"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="back-arrow-dark.dd4a6803.svg"
accept-ranges: bytes
content-length: 805

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 4FCC 383 KB
0 28ms
28ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 68438
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7546d7e54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 4FCC 316 KB
0 1ms
1ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

c36fca529a1a48b0f9b1dd80d71b7323633566d95dec0a1713dac262d48739e4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107217
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 4FCC 242 KB
0 2ms
2ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e13a8d24930fe4efaab9c57441033713336a54805d3528b1565c6338f375f243

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87547
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 4FCC 56 KB
49 B 198ms
76ms Script
application/javascript 146.75.40.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.40.157 Seattle, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
last-modified: Fri, 15 Mar 2024 03:07:08 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-bfi-kbfi7400034-BFI

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 4FCC 239 KB
0 2ms
2ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a866af5bc256894915b0989df635ed39468ae4a85b6708fd5be3da0f1569bd4b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86956
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 4FCC 43 KB
0 3ms
3ms Script
application/javascript 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QODk1nA9oAiihvzc4iDbotAI2t3eeP44H2KofruC9ciDct3LGM8g7JiEZ3lJQwmDRozia%2B%2Bet4if%2BtTZrjB8kBPzlmX1jQbSm9Bh62vjcMwN7e286sDwQ8Zj1K5BFUtko%2FU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7540d4aabd0-YYZ

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 4FCC 225 KB
0 3ms
3ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:41 GMT
document-policy: force-load-at-top
x-fb-server-load: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=12, mss=1316, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: c9jvyP+dGvLO9cmToPtw/36KEpDuIUMmmI/E2mPMWz3uU3b4atWwpH5QiL1C46fbjWSX+rug70xuHc3eZKZSxQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 4FCC 5 KB
2 KB 76ms
58ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3780c591e793a4234ab85343970b697ca6bbc0591e0739790a74ef6d3256dac

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 2b48c5d2.786e3c16
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063341CFE3CD67231439A1D529-11C530C1523D5714-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 12,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=3, origin; dur=9, inner; dur=3
content-length: 1644
pragma: no-cache
server: nginx
x-tt-logid: 20240809063341CFE3CD67231439A1D529
x-cache-remote: TCP_MISS from a23-50-129-175.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.50.129.175
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe1d2d416cd4576b58206cf3b92d53db64d9eed3ab67a2762445056fe175b66a7780cdd3622a10b3e95225a4ec039c8506cf2a3e75a7c88efc5ebb37af47242117699d27c1d439387d9a767ba1c89d788d5
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ 20 KB
4 KB 30ms
28ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235035
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHrg0%2FxuNWbYVjXcFS9LlGvAtMgD6DeS54r6%2FHsuyFJZ1LeBGdIq1sxwKaHJu4zm3dQTqw5SV74kCTu8GqKYaU2Y6MNP6eVEgNvkkmdKtRaHOMZxlCOuFfNn5KsgRRBZ9oI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc2abd0-YYZ

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ 105 B
533 B 27ms
26ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235035
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22Ezy6JO7zM2rb%2BQfVcqMqKJQiJx6EJa4CQQRcfEJGrUQC1CXCSKIwCRzHhNBgp%2BOjIYAU3UbaCCtpW6VaIqu6crcLWgyaAu%2BY1%2BgEgU9mEVkKejkZ2IbSiik3AIKS%2Fu77k%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc3abd0-YYZ

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ 810 B
737 B 173ms
173ms Fetch
application/json 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKvM222uh2zcYDteK%2BekSkBVTnUEZV0nvcYG2BrhBUYhWsGxqJt%2FxfHi9%2FNMbrfTu5FYWjonaIf3OOJ2%2BSaNDMjQ8v0sV4JC00sSPMrPQTpt7L%2FPPeQ79ScZRwf3BIFrq%2BE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: CA
cf-ray: 8b05b7553dc4abd0-YYZ

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ 3 KB
1 KB 143ms
54ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723185222044&cv=11&fst=1723185222044&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

4847b086042c1294a866ed1a9274fe3133d9436ad69d9c5737b25c1a6e9c3d1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1383
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 td
www.googletagmanager.com/ 0
15 B 48ms
47ms Image
text/plain 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=AW-10933293401&v=3&t=t&pid=1934839282&dl=reasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tdp=AW-10933293401;181795201;1;7;1&frm=0&rtg=53740014&rlo=13&slo=11&hlo=1&lst=1&pcid=53740014&z=0
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 173.194.175.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: qs-in-f97.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ 3 KB
1 KB 110ms
51ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723185222073&cv=11&fst=1723185222073&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

f59ba6d4aeadef79593be7fd3cc38f7a8086e9c11420a0f2ebe057ae7813d8ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1384
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 130ms
40ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185221223&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723185222&sct=1&seg=0&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1093
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 146ms
46ms Ping
text/plain 173.194.207.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-EWLR9P86R1&cid=1384536247.1723185222&gtm=45je4880v888969020z8853740014za200zb853740014&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.207.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: qk-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 125ms
48ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-EWLR9P86R1&cid=1384536247.1723185222&gtm=45je4880v888969020z8853740014za200zb853740014&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1694346117

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame 4FCC 3 KB
1 KB 51ms
50ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723185222152&cv=11&fst=1723185222152&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

e4555830139e39462eb55cd2d2e9be862f59ed313be48c8c27474f91bcad2530

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 331 KB
94 KB 40ms
40ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e4163
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024080813451581DC9FA2DA121D4E0AAB
x-tt-trace-id: 00-24080813451581DC9FA2DA121D4E0AAB-246D3144CB4AE0BC-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018619d3b7b26a0fce8582d22382de0c76e85f89068a53ba1b4920691f22820fe07400b1a33662a9a054726bd9d9b59a960a169757ff9cfb05cd0c952b4577d7668b215d64fcb26ff3228394e1028a05f193798d28ff83c25ca8ad27337111c8e4
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3
content-length: 95400

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame 4FCC 3 KB
1 KB 52ms
51ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723185222161&cv=11&fst=1723185222161&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

c3cc8f83ee55e1f06b08a7b4fc3f88ced78fbafe94b62c429d44000cd432a360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1361
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 4FCC 1 KB
1 KB 111ms
41ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 26
content-encoding: br
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9SvkTDF24xOtwO6kXsT1kNo3GDEs4q%2FH7XLdzQxxBR9EGNJ7LnFMp5SzYIFHDbC80UMpanghv3NMly485nJ4y9d7rCiXg1srFgpv5uuKRJvbOvpotte2jPK%2BEKuSZYc9Z0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05b756ad43ac2e-YYZ

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ 30 KB
8 KB 40ms
38ms Fetch
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 31448
content-md5: s3PZdWUVNsl3Toq97yu7hA==
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7565c73ab54-YYZ

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame 4FCC 30 KB
0 39ms
39ms Fetch
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 31448
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7565c73ab54-YYZ

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 4FCC 64 KB
13 KB 38ms
35ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/306027671784119?v=2.9.164&r=stable&domain=reasonlabs.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 46
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=63, mss=1316, tbw=64416, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: JRw6tnHlgXEf+PXqKS4LSdxaAn+Cr8dwFnerLLvpERLQAunJ3qysT+/K34qm23yo2pXQVy2VixJUruZPPtIR0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ 64 KB
0 35ms
35ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 46
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=63, mss=1316, tbw=64416, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: JRw6tnHlgXEf+PXqKS4LSdxaAn+Cr8dwFnerLLvpERLQAunJ3qysT+/K34qm23yo2pXQVy2VixJUruZPPtIR0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ Frame 4FCC 0
0 43ms
41ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185221456&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=page_view&tfd=1042
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 4FCC 331 KB
0 1ms
1ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e4163
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024080813451581DC9FA2DA121D4E0AAB
x-tt-trace-id: 00-24080813451581DC9FA2DA121D4E0AAB-246D3144CB4AE0BC-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018619d3b7b26a0fce8582d22382de0c76e85f89068a53ba1b4920691f22820fe07400b1a33662a9a054726bd9d9b59a960a169757ff9cfb05cd0c952b4577d7668b215d64fcb26ff3228394e1028a05f193798d28ff83c25ca8ad27337111c8e4
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3
content-length: 95400

GET
H2 200 adsct
t.co/i/ 43 B
249 B 254ms
157ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=9605279b-111c-4077-8ee8-df53b4d8b794&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e5fd6e4d-e40e-4f79-8172-98c8d086fc9b&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 75
date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 72b9c0ec283c7be9
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 1e5ea1e02e51a9bfea9a567f70942528a010d75d4e56853ccbe51bd57f6279d0
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
214 B 246ms
133ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=9605279b-111c-4077-8ee8-df53b4d8b794&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e5fd6e4d-e40e-4f79-8172-98c8d086fc9b&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 75
date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 698cf4b163a2110e
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e78d293decb7466689b1afc0806e733b5df7c9baed4b03cfc14b85e860a423f1
content-length: 43

GET
H2 200 adsct
t.co/i/ Frame 4FCC 43 B
376 B 168ms
86ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=97e84b13-3c55-42f0-8b5f-14d341a7515a&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=bc1ec796-bd67-4229-9e71-dc640ac56ca2&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 5f8c3b5a8ae0affe
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: a7c9616bce91d529fb5deabeb15f49530fa2582038dbed9eb4d46fc500607940
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 4FCC 43 B
394 B 161ms
62ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=97e84b13-3c55-42f0-8b5f-14d341a7515a&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=bc1ec796-bd67-4229-9e71-dc640ac56ca2&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 5
date: Fri, 09 Aug 2024 06:33:41 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 7396ad7d27b7fe76
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e78d293decb7466689b1afc0806e733b5df7c9baed4b03cfc14b85e860a423f1
content-length: 43

GET
H2 200 7.svg Show response
cdn.equalweb.com/assets/images/ 2 KB
1 KB 27ms
27ms Fetch
image/svg+xml 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/images/7.svg

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 2804
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Aug 2019 12:51:25 GMT
server: cloudflare
etag: W/"7c8f42d46748d51:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AHOaqfFQQOBEznD1kefgkF5N%2BgYPN70730qg6EJhYRBlEAUm8rJosyla2zJZMQh4adM3N387Hx%2FUK1FeZ%2FvwzBxqbRzrIwpf%2BYjz2S7C8Hg1a48rdOhzU9WvyfSJxxKXMPw%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
vary: Accept-Encoding
x-client-country: CA
cf-ray: 8b05b7571ed4abd0-YYZ

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ 42 B
64 B 141ms
51ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723185222044&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfGnnFEUzJZp687hrV-O9M71EAfEqPaw&random=1581903824&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/10933293401/ 42 B
64 B 53ms
52ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10933293401/?random=1723185222044&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfGnnFEUzJZp687hrV-O9M71EAfEqPaw&random=1581903824&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame 4FCC 42 B
64 B 138ms
49ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723185222152&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfacL80MgU98_DgtBWMZykSmC_ZepjOg&random=1144450003&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/781451429/ Frame 4FCC 42 B
64 B 54ms
53ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/781451429/?random=1723185222152&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfacL80MgU98_DgtBWMZykSmC_ZepjOg&random=1144450003&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ 42 B
64 B 138ms
50ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723185222073&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnftgps6kON4aK9qnxoU5i6iPFo1PZH-A&random=2739048877&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/781451429/ 42 B
64 B 51ms
51ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/781451429/?random=1723185222073&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnftgps6kON4aK9qnxoU5i6iPFo1PZH-A&random=2739048877&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 13 KB
3 KB 32ms
32ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63925
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c826c6e7-601e-0014-6abf-2f7022000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdcab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ 61 KB
12 KB 34ms
34ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 63925
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdfab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 5 KB
2 KB 31ms
30ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 63924
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f70ffab6-501e-006d-61bd-2f8c06000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573ce0ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 21 KB
4 KB 34ms
34ms Fetch
text/css 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 63925
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7573ce1ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 4FCC 13 KB
0 20ms
20ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63925
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c826c6e7-601e-0014-6abf-2f7022000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdcab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 4FCC 61 KB
0 23ms
23ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 63925
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdfab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 4FCC 5 KB
0 19ms
19ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 63924
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f70ffab6-501e-006d-61bd-2f8c06000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573ce0ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 4FCC 21 KB
0 23ms
22ms Fetch
text/css 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 63925
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7573ce1ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame 4FCC 42 B
64 B 105ms
48ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723185222161&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf2P2pcPr88exBHg_YlQHZX6jsNf-hHw&random=1862339764&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/10933293401/ Frame 4FCC 42 B
64 B 50ms
49ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10933293401/?random=1723185222161&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf2P2pcPr88exBHg_YlQHZX6jsNf-hHw&random=1862339764&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
40 KB 46ms
41ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e464e
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241450B35572E78D4371A1E45
x-tt-trace-id: 00-2407291241450B35572E78D4371A1E45-4AFA5C3FE01C8E01-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0144a9baf631b5c7a7d5ca28844ef505bc5706fda4cb4c71a90d0605cdf009901ff418c8fd8a68b004fcce68d45eef2bf7b0c65cb1a633ce8a59055fbae20fcd55ab48ffe887993254c4b359a6b6f6c69832d360e2504d71af5c62a5417989aa9b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 40057

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
875 B 93ms
92ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1412d6bc.786e468d
date: Fri, 09 Aug 2024 06:33:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063342CEAC3032DF66D5A0A03C-7DEE35B663242115-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 45,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=15, origin; dur=37, inner; dur=35
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063342CEAC3032DF66D5A0A03C
x-cache-remote: TCP_MISS from a23-48-100-9.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 37,23.48.100.9
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe16668cb156c7fc9c3009aec9372f1f309f45e342eba8890782f09b81f5bdbbf5b49f97c6ceaa2e18b5fe85f4ead0b2195d55161ad55ceb203ce3d84feabe13c0b7d7e7c5c74f8ec83977bfc07b8ae3c68
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:42 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 972 KB
276 KB 43ms
42ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: EKH3SYBFDADZ3R56
age: 69366
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaDOhl1E9kFmu%2FKh0JJrLNRRioV65EBSVqjgiZ72UwuywqG2sY9kAqO01wXdi%2F4xjlQUunuirUXHFDspBnw%2FcajiMi%2B8so7C9bkFPcvlhX4MedDl1cGhb%2FZHWYx7DL0m%2Fy32jy8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75799a2ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 4FCC 0
274 B 113ms
38ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723185222398&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&cdl=API_unavailable&it=1723185222243&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=10, mss=1316, tbw=2850, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:33:42 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 4FCC 67 B
3 KB 166ms
91ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723185222398&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&cdl=API_unavailable&it=1723185222243&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 28
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024173853773381", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=18, mss=1316, tbw=3293, tp=-1, tpl=-1, uplat=54, ullat=0
pragma: no-cache
x-fb-debug: WVMN1+6sun1GC/Jm1//wH87EGo9yfBNzJ3e5gCm9wBMhN+Va0WCBxMoR/f4Q1Jku0ixW2Q+hMRkRMXaXr1dm0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024173853773381"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
103 B 109ms
38ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&rl=&if=false&ts=1723185222404&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185222248&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=10, mss=1316, tbw=3137, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:33:42 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
853 B 187ms
117ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&rl=&if=false&ts=1723185222404&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185222248&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 36
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024173604822049", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=18, mss=1316, tbw=6813, tp=-1, tpl=-1, uplat=81, ullat=0
pragma: no-cache
x-fb-debug: vXfEziq9YDbA7Gy4DZIcwBgI3/pU6GB+ltzJO2QqklPnGQyfZVNc9iwzj+UD+4B1BJZz6l5o9IV0a230g/kAZw==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024173604822049"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 4FCC 146 KB
0 0ms
0ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e464e
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241450B35572E78D4371A1E45
x-tt-trace-id: 00-2407291241450B35572E78D4371A1E45-4AFA5C3FE01C8E01-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0144a9baf631b5c7a7d5ca28844ef505bc5706fda4cb4c71a90d0605cdf009901ff418c8fd8a68b004fcce68d45eef2bf7b0c65cb1a633ce8a59055fbae20fcd55ab48ffe887993254c4b359a6b6f6c69832d360e2504d71af5c62a5417989aa9b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 40057

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 4FCC 0
719 B 88ms
86ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 786e4772
date: Fri, 09 Aug 2024 06:33:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334247D292F8DDFC0E9F31F2-4C3531CCEAA98E76-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=40, cdn-cache; desc=MISS, edge; dur=9, origin; dur=42
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334247D292F8DDFC0E9F31F2
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 42,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888fe1a78053da21b13b5c76af6a3d91781a9f919b223b11f771c281def475381f9c612c1224fd118de056201b944d6799119
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:42 GMT

GET
H2 200 ot_close.svg
cookie-cdn.cookiepro.com/logos/static/ 651 B
627 B 33ms
32ms Image
image/svg+xml 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 45490
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2a99f935-f01e-0018-245d-e4f4db000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b757fe8454bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 ot_guard_logo.svg Show response
reasonlabs.com/research/ 24 KB
5 KB 42ms
41ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/research/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

2ded1de717c67321667c2e78389eb399d1b996469fd1500c9c5d5f7561085d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:16 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::iad1::d9ww2-1723185222422-736a0eee34e5
age: 26
x-matched-path: /research/[page]
etag: W/"2s2km3ij9gj6k"
x-powered-by: Next.js
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ 33 KB
33 KB 29ms
28ms Image
image/png 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 31225
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7583e9f54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ 5 KB
2 KB 30ms
29ms Image
image/svg+xml 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 50375
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7583ea154bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 4FCC 33 KB
0 11ms
11ms Image
image/png 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 31225
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7583e9f54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 4FCC 5 KB
0 11ms
11ms Image
image/svg+xml 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 50375
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7583ea154bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame 4FCC 23 KB
4 KB 48ms
47ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::jfdmj-1723185222463-50994989a458
age: 241082
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
719 B 72ms
70ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 786e4b71
date: Fri, 09 Aug 2024 06:33:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334247D292F8DDFC0E9F31FE-1868AB31F5E2C50D-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=18, cdn-cache; desc=MISS, edge; dur=9, origin; dur=22
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334247D292F8DDFC0E9F31FE
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 22,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888fee8d8eaa28362774e424f97696a1d549eb4ca02c42dd95b3bfcf5dd0c1a9576f789081c009db45656fadf2ab8c6a63bcd
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:42 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 1790 25 KB
6 KB 32ms
31ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MHGCDDAN38T054XK
age: 2766
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NgUbdk56NMeR6bMD86m7mTqy4vm03TxnR8vy3Y6a8uT0Fq0Cp2veOHtpph9VYkzteVaaqQcKilYI6NNB8cG11YX6bMk%2FRDedZ%2BkIVtFDUreDgdkb%2B7Ka531w4TUsj95vpI09n3s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7598a7eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 1790 688 B
1 KB 107ms
38ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25
x-zendesk-origin-server: embeddable-app-server-855d4bc785-rw2td
x-cached: STALE
x-request-id: 8b05b6babafaac2a-ATL
x-runtime: 0.002824
last-modified: Fri, 09 Aug 2024 06:33:17 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ov8LzozdxDetuuZQy21wqJdcxuQvARbsvIcCBRbbhs6mEQv5uLMHQ63CcOKIppKlBB4OL17sTNZXGHvXPYPiqGC%2FIJv6CFXsKPo3kwbvNicbORHfeRihdldTrZ2cXyyyFhYmAMliZ8dt3U0d"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05b759fedeac28-YYZ

GET
H2 200 image
reasonlabs.com/_next/ 19 KB
19 KB 45ms
43ms Image
image/avif 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2Fwaves.b04b6791.png&w=1400&q=75

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e974d84489664f0ff60bb76d7b3565752e71391c36e5d1e1742868f0cff4d647

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=63072000
age: 1085420
x-vercel-imgsrc: 3d39d9f8f36ff633d4440fd26c6619e3
content-disposition: inline; filename="waves.avif"
content-length: 19000
last-modified: Sat, 27 Jul 2024 17:03:21 GMT
server: Vercel
x-vercel-id: iad1::4fgwg-1723185222660-c77ff9fd83c2
x-matched-path: /_next/static/media/waves.b04b6791.png
x-vercel-cache: HIT
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ 40 KB
0 1ms
1ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 00142aa71319f6f3.css
reasonlabs.com/_next/static/css/ 5 KB
2 KB 43ms
41ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/00142aa71319f6f3.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d52b60198aab783248d1d0d3dd27504a1c8581d7d34c81d9788ee4a4082ec30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::69xzp-1723185222660-1ca632a53435
age: 240397
x-matched-path: /_next/static/css/00142aa71319f6f3.css
etag: W/"eeb5255cd7122fada677f50c3f4095f0"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="00142aa71319f6f3.css"

GET
H2 200 chat Show response
reasonlabs.com/ Frame 37E5 3 KB
45 B 42ms
41ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/chat
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 241057
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:33:42 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::jfdmj-1723185222663-b1269bd97222

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ 47 KB
0 0ms
0ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49196
x-amz-server-side-encryption: AES256
etag: "6d10397a151d83e4407fecd27f76cafb"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 47772
x-amz-cf-id: _HFzTgV0lN44750ShN68miD2KdgmZFg19keq3zMHve2fTAwwU-5H2A==

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ 45 KB
0 2ms
2ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "78e812f3fda430191facc31c64a4b927"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46444
x-amz-cf-id: iCbzv_vfVRnQG3aOgEs-c9MUFTNYPKby_1UKeBKl8qFqmmWX3osGKw==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ 45 KB
0 0ms
0ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 22:53:30 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 27612
x-amz-server-side-encryption: AES256
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46516
x-amz-cf-id: KKyTKPQAhOHpB1mD5ztoq0ARYFEqloSyFcf9yBW96pu5ZvT0ro4Mnw==

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ 45 KB
0 1ms
1ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "0db105f867c7eb2e491db586cc26b417"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: ksTpXorPnPgR_7oc4opXp3vIeza9KeGUIIhkdAh8nvsZ-m0AQKQCjQ==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ 46 KB
0 1ms
1ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: msWvKBYSgs_RBUEMqprD2JzZxxDoLJG8ufDATsGtbYeKaunKXPz_YQ==

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 4FCC 0
875 B 79ms
77ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 9d8b32a.786e5120
date: Fri, 09 Aug 2024 06:33:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063342792576908FADF39D91F8-7F4F7B9748046F1F-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 20,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=11, origin; dur=17, inner; dur=14
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063342792576908FADF39D91F8
x-cache-remote: TCP_MISS from a23-218-222-68.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 17,23.218.222.68
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe1b30abe108b88657515a00f58cc1508fb7792a3c92ad75c323c25b72bc7de398e1f6b0e825e236dc926f8e8881f6aeee5c6f2fcd55fbcd4e5e7bbd1d409b865fe649d571caaea22e7c5efcf2664c6e3e3
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:42 GMT

GET
DATA 200
OK truncated
/ Frame 4FCC 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 4FCC 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4FCC 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4FCC 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4FCC 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame 4FCC 610 B
777 B 47ms
46ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ml68j-1723185222795-3e29edb40588
age: 241049
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 chat Show response
reasonlabs.com/ Frame 441F 3 KB
44 B 57ms
57ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/chat
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Request headers

Referer: https://reasonlabs.com/chat
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 241057
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:33:42 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::ml68j-1723185222801-0fb7fae3670d

GET
DATA 200
OK truncated
/ Frame 4FCC 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 37E5 40 KB
0 1ms
1ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 37E5 264 B
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
server: Vercel
x-vercel-id: iad1::9pns7-1723185221375-125ba8050e64
age: 241049
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 37E5 21 KB
0 0ms
0ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 54381
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7509cab54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 37E5 29 KB
90 B 51ms
50ms Script
application/x-javascript 104.16.243.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.243.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45782
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b75aaf5d54a3-YYZ
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:38:42 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 37E5 28 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::4jm98-1723185221185-468c4d0eb56d
age: 241049
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 37E5 127 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::d9ww2-1723185221185-b68aee680057
age: 241049
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 37E5 106 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::69xzp-1723185221185-68c4f2cdb32e
age: 241049
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 37E5 140 KB
0 7ms
7ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221185-3fd2b2b27fda
age: 241049
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 37E5 4 KB
0 8ms
8ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::455pg-1723185221418-a29e1d01eaae
age: 241049
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 37E5 14 KB
0 9ms
9ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::zlr49-1723185221185-d4a2da2b23f6
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 37E5 2 KB
0 9ms
9ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723185221185-472fa1de9788
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 37E5 267 KB
0 10ms
10ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a5b37639bb49072fc2fc35a93952f862f855165d83d45dce33cd4dc80fae2489

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ Frame 37E5 45 KB
0 2ms
2ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "78e812f3fda430191facc31c64a4b927"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46444
x-amz-cf-id: iCbzv_vfVRnQG3aOgEs-c9MUFTNYPKby_1UKeBKl8qFqmmWX3osGKw==

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ Frame 37E5 45 KB
0 1ms
1ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "0db105f867c7eb2e491db586cc26b417"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: ksTpXorPnPgR_7oc4opXp3vIeza9KeGUIIhkdAh8nvsZ-m0AQKQCjQ==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ Frame 37E5 46 KB
0 1ms
1ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49195
x-amz-server-side-encryption: AES256
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: msWvKBYSgs_RBUEMqprD2JzZxxDoLJG8ufDATsGtbYeKaunKXPz_YQ==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ Frame 37E5 45 KB
0 0ms
0ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 22:53:30 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 27612
x-amz-server-side-encryption: AES256
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46516
x-amz-cf-id: KKyTKPQAhOHpB1mD5ztoq0ARYFEqloSyFcf9yBW96pu5ZvT0ro4Mnw==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ Frame 37E5 47 KB
0 0ms
0ms Font
binary/octet-stream 3.162.103.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-75.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 16:53:46 GMT
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 49196
x-amz-server-side-encryption: AES256
etag: "6d10397a151d83e4407fecd27f76cafb"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 47772
x-amz-cf-id: _HFzTgV0lN44750ShN68miD2KdgmZFg19keq3zMHve2fTAwwU-5H2A==

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 216 KB
53 KB 34ms
34ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVUK52Yv7SsoEvfcS9XaQk8HRaTiZf6UrFERdiVSrol%2BkGbB21%2FtQezt8%2Fdx4jDTaZftN2XAVPSTJE3c4LCWl6gTZov%2BO%2Fsf36gZcLMpFkSNVNBrR9yWWdnS2VdsFaOlhziJXeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75b6b40ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 37E5 5 KB
0 0ms
0ms XHR
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 40501
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f2077bb7-001e-006e-5a15-6b7e93000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7521a77ab54-YYZ

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 441F 40 KB
0 1ms
1ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 441F 264 B
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
server: Vercel
x-vercel-id: iad1::9pns7-1723185221375-125ba8050e64
age: 241049
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 441F 21 KB
0 0ms
0ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 54381
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7509cab54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 441F 29 KB
63 B 32ms
30ms Script
application/x-javascript 104.16.243.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.243.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45782
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b75bbf9f54a3-YYZ
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:38:42 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 441F 28 KB
0 0ms
0ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::4jm98-1723185221185-468c4d0eb56d
age: 241049
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 441F 127 KB
0 2ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::d9ww2-1723185221185-b68aee680057
age: 241049
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 441F 106 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::69xzp-1723185221185-68c4f2cdb32e
age: 241049
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 441F 140 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221185-3fd2b2b27fda
age: 241049
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 441F 4 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::455pg-1723185221418-a29e1d01eaae
age: 241049
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 441F 14 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::zlr49-1723185221185-d4a2da2b23f6
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 441F 2 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723185221185-472fa1de9788
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 4FCC 20 KB
0 2ms
2ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHrg0%2FxuNWbYVjXcFS9LlGvAtMgD6DeS54r6%2FHsuyFJZ1LeBGdIq1sxwKaHJu4zm3dQTqw5SV74kCTu8GqKYaU2Y6MNP6eVEgNvkkmdKtRaHOMZxlCOuFfNn5KsgRRBZ9oI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc2abd0-YYZ

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 4FCC 105 B
0 2ms
2ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22Ezy6JO7zM2rb%2BQfVcqMqKJQiJx6EJa4CQQRcfEJGrUQC1CXCSKIwCRzHhNBgp%2BOjIYAU3UbaCCtpW6VaIqu6crcLWgyaAu%2BY1%2BgEgU9mEVkKejkZ2IbSiik3AIKS%2Fu77k%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc3abd0-YYZ

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 4FCC 810 B
0 3ms
3ms Fetch
application/json 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKvM222uh2zcYDteK%2BekSkBVTnUEZV0nvcYG2BrhBUYhWsGxqJt%2FxfHi9%2FNMbrfTu5FYWjonaIf3OOJ2%2BSaNDMjQ8v0sV4JC00sSPMrPQTpt7L%2FPPeQ79ScZRwf3BIFrq%2BE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: CA
cf-ray: 8b05b7553dc4abd0-YYZ

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 441F 267 KB
0 5ms
5ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a5b37639bb49072fc2fc35a93952f862f855165d83d45dce33cd4dc80fae2489

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 441F 40 KB
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 441F 264 B
0 2ms
2ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
server: Vercel
x-vercel-id: iad1::9pns7-1723185221375-125ba8050e64
age: 241049
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 441F 21 KB
0 6ms
6ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 54381
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7509cab54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 37E5 68 B
163 B 37ms
37ms XHR
application/json 104.18.29.127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.127 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b75c1d18a1ed-YYZ
access-control-allow-headers: Content-Type

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 37E5 10 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 23
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx9wk8OL1JnzEiNnNAZCXyy%2FkHAMCcZl6xh9%2BBdB50d8F%2FzzAHFF4H%2B1R23BdFtKVteNl9FK70mUB%2FJ9U2M%2Fscy8Qg%2FYPMXLGiiu6R6hDdyx%2BUTTla0fU8p0QieQRi2CK%2FslfIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05b7546884ab78-YYZ
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 37E5 0
240 B 44ms
43ms Fetch 13.32.151.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-63.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
via: 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: -Lc73luLezTS-DH6uQv3NR_9RcWaHCG-bQ_tL2I5V-CE06HLKEdDrQ==

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 441F 5 KB
0 0ms
0ms XHR
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 40501
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f2077bb7-001e-006e-5a15-6b7e93000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7521a77ab54-YYZ

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 37E5 383 KB
0 0ms
0ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 68438
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7546d7e54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 441F 68 B
140 B 38ms
38ms XHR
application/json 104.18.29.127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.127 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b75cdd69a1ed-YYZ
access-control-allow-headers: Content-Type

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 37E5 316 KB
0 1ms
1ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

c36fca529a1a48b0f9b1dd80d71b7323633566d95dec0a1713dac262d48739e4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107217
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 37E5 242 KB
0 4ms
4ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e13a8d24930fe4efaab9c57441033713336a54805d3528b1565c6338f375f243

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87547
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 37E5 56 KB
41 B 82ms
72ms Script
application/javascript 146.75.40.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.40.157 Seattle, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: gzip
last-modified: Fri, 15 Mar 2024 03:07:08 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-bfi-kbfi7400034-BFI

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 37E5 239 KB
0 4ms
3ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a866af5bc256894915b0989df635ed39468ae4a85b6708fd5be3da0f1569bd4b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86956
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 37E5 43 KB
0 5ms
5ms Script
application/javascript 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QODk1nA9oAiihvzc4iDbotAI2t3eeP44H2KofruC9ciDct3LGM8g7JiEZ3lJQwmDRozia%2B%2Bet4if%2BtTZrjB8kBPzlmX1jQbSm9Bh62vjcMwN7e286sDwQ8Zj1K5BFUtko%2FU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7540d4aabd0-YYZ

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 37E5 225 KB
0 5ms
5ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:41 GMT
document-policy: force-load-at-top
x-fb-server-load: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=12, mss=1316, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: c9jvyP+dGvLO9cmToPtw/36KEpDuIUMmmI/E2mPMWz3uU3b4atWwpH5QiL1C46fbjWSX+rug70xuHc3eZKZSxQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 37E5 5 KB
2 KB 58ms
51ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e509d2827ac8188e41bbf642e036e4f3b7405a68036022d94eaab96c47a0d31e

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e5a96
date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334347D292F8DDFC0E9F322F-00330797993046EF-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=3, origin; dur=8
content-length: 1604
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334347D292F8DDFC0E9F322F
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888feced1659223a018a3c4ab84a10fbdfe78c00e6fc62f87196d707ba5ad7b4fcb95fc433d6bc1ecf7387e92f0475f6cf588
expires: Fri, 09 Aug 2024 06:33:43 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 441F 10 KB
0 5ms
5ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 23
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx9wk8OL1JnzEiNnNAZCXyy%2FkHAMCcZl6xh9%2BBdB50d8F%2FzzAHFF4H%2B1R23BdFtKVteNl9FK70mUB%2FJ9U2M%2Fscy8Qg%2FYPMXLGiiu6R6hDdyx%2BUTTla0fU8p0QieQRi2CK%2FslfIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05b7546884ab78-YYZ
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 441F 0
242 B 53ms
43ms Fetch 13.32.151.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-63.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
via: 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: OHBvd7lGj4-y_FNHDIkvVZGr3vnvvRI9ivy9fqrjcjqXp44DkVMk9g==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 441F 316 KB
0 0ms
0ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

c36fca529a1a48b0f9b1dd80d71b7323633566d95dec0a1713dac262d48739e4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107217
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 441F 242 KB
0 1ms
1ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e13a8d24930fe4efaab9c57441033713336a54805d3528b1565c6338f375f243

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87547
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 441F 56 KB
18 B 99ms
77ms Script
application/javascript 146.75.40.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.40.157 Seattle, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: gzip
last-modified: Fri, 15 Mar 2024 03:07:08 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-bfi-kbfi7400034-BFI

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 441F 239 KB
0 2ms
2ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a866af5bc256894915b0989df635ed39468ae4a85b6708fd5be3da0f1569bd4b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86956
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 441F 43 KB
0 2ms
2ms Script
application/javascript 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QODk1nA9oAiihvzc4iDbotAI2t3eeP44H2KofruC9ciDct3LGM8g7JiEZ3lJQwmDRozia%2B%2Bet4if%2BtTZrjB8kBPzlmX1jQbSm9Bh62vjcMwN7e286sDwQ8Zj1K5BFUtko%2FU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7540d4aabd0-YYZ

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 441F 225 KB
0 5ms
5ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:41 GMT
document-policy: force-load-at-top
x-fb-server-load: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=12, mss=1316, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: c9jvyP+dGvLO9cmToPtw/36KEpDuIUMmmI/E2mPMWz3uU3b4atWwpH5QiL1C46fbjWSX+rug70xuHc3eZKZSxQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 441F 5 KB
2 KB 70ms
60ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b7215ebc7a1b946221540e6f87e4d270f66fb76d2d9d5d8d783e4faaf5a93366

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e5c3c
date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334347D292F8DDFC0E9F3234-41FB955122E40EF2-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=2, origin; dur=12
content-length: 1602
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334347D292F8DDFC0E9F3234
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 12,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888feaa086fe2de7dd15a46aeb5ba30c7e7967216f574bff973bd5f8647a82200862799d50173bda63895e0aa3ae3fe0f264e
expires: Fri, 09 Aug 2024 06:33:43 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 441F 383 KB
0 4ms
4ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 68438
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7546d7e54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 37E5 1 KB
0 0ms
0ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 26
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9SvkTDF24xOtwO6kXsT1kNo3GDEs4q%2FH7XLdzQxxBR9EGNJ7LnFMp5SzYIFHDbC80UMpanghv3NMly485nJ4y9d7rCiXg1srFgpv5uuKRJvbOvpotte2jPK%2BEKuSZYc9Z0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05b756ad43ac2e-YYZ

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame 37E5 30 KB
0 0ms
0ms Fetch
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 31448
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7565c73ab54-YYZ

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 441F 1 KB
0 0ms
0ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 26
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9SvkTDF24xOtwO6kXsT1kNo3GDEs4q%2FH7XLdzQxxBR9EGNJ7LnFMp5SzYIFHDbC80UMpanghv3NMly485nJ4y9d7rCiXg1srFgpv5uuKRJvbOvpotte2jPK%2BEKuSZYc9Z0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05b756ad43ac2e-YYZ

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 37E5 64 KB
0 0ms
0ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 46
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=63, mss=1316, tbw=64416, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: JRw6tnHlgXEf+PXqKS4LSdxaAn+Cr8dwFnerLLvpERLQAunJ3qysT+/K34qm23yo2pXQVy2VixJUruZPPtIR0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame 37E5 3 KB
1 KB 53ms
53ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723185223520&cv=11&fst=1723185223520&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

fb90522969c237bc317a446eb92155ec2531f7835d2201554f8684dca1185142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1375
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame 37E5 3 KB
1 KB 56ms
56ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723185223526&cv=11&fst=1723185223526&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

2a87f6cb4f4fbfddf6fce3e1a3f40af0e1d0b73bde26507a0fc4505b4e75e174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1381
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 37E5 331 KB
0 0ms
0ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e4163
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024080813451581DC9FA2DA121D4E0AAB
x-tt-trace-id: 00-24080813451581DC9FA2DA121D4E0AAB-246D3144CB4AE0BC-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018619d3b7b26a0fce8582d22382de0c76e85f89068a53ba1b4920691f22820fe07400b1a33662a9a054726bd9d9b59a960a169757ff9cfb05cd0c952b4577d7668b215d64fcb26ff3228394e1028a05f193798d28ff83c25ca8ad27337111c8e4
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3
content-length: 95400

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 972 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: EKH3SYBFDADZ3R56
age: 69366
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaDOhl1E9kFmu%2FKh0JJrLNRRioV65EBSVqjgiZ72UwuywqG2sY9kAqO01wXdi%2F4xjlQUunuirUXHFDspBnw%2FcajiMi%2B8so7C9bkFPcvlhX4MedDl1cGhb%2FZHWYx7DL0m%2Fy32jy8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75799a2ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 adsct
t.co/i/ Frame 37E5 43 B
164 B 175ms
173ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=84a53d1b-0f78-4b9a-b0b1-0e5a49542bb5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6f988882-b993-4d80-8935-65f843ce566e&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 82
date: Fri, 09 Aug 2024 06:33:43 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 489b7c65932e5a01
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 7c041a1dfd80fe23ca0ca847aa421c5b93cb85b6436c1912150e83c97206b4d3
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 37E5 43 B
117 B 138ms
137ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=84a53d1b-0f78-4b9a-b0b1-0e5a49542bb5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6f988882-b993-4d80-8935-65f843ce566e&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 77
date: Fri, 09 Aug 2024 06:33:42 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 49b2cc3d671f1714
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e78d293decb7466689b1afc0806e733b5df7c9baed4b03cfc14b85e860a423f1
content-length: 43

POST
H3 204 collect
analytics.google.com/g/ Frame 37E5 0
0 43ms
43ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185222881&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=page_view&tfd=893
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame 441F 3 KB
1 KB 58ms
57ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723185223616&cv=11&fst=1723185223616&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

d027d470e3f60b5a4cc6675454ed5fffc34b3ba54480ecc6099ab18973b6d5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1382
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame 441F 3 KB
1 KB 54ms
53ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723185223631&cv=11&fst=1723185223631&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

4e55d5f5427fca42b8a095cc80375fddd7075fdf475cc5957a1c58d0fbd47703

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1380
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame 441F 30 KB
0 0ms
0ms Fetch
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 31448
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7565c73ab54-YYZ

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 441F 64 KB
0 1ms
1ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 46
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=63, mss=1316, tbw=64416, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: JRw6tnHlgXEf+PXqKS4LSdxaAn+Cr8dwFnerLLvpERLQAunJ3qysT+/K34qm23yo2pXQVy2VixJUruZPPtIR0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 37E5 13 KB
0 0ms
0ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63925
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c826c6e7-601e-0014-6abf-2f7022000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdcab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 37E5 61 KB
0 0ms
0ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 63925
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdfab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 37E5 5 KB
0 1ms
1ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 63924
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f70ffab6-501e-006d-61bd-2f8c06000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573ce0ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 37E5 21 KB
0 1ms
1ms Fetch
text/css 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 63925
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7573ce1ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 441F 331 KB
0 1ms
1ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e4163
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024080813451581DC9FA2DA121D4E0AAB
x-tt-trace-id: 00-24080813451581DC9FA2DA121D4E0AAB-246D3144CB4AE0BC-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018619d3b7b26a0fce8582d22382de0c76e85f89068a53ba1b4920691f22820fe07400b1a33662a9a054726bd9d9b59a960a169757ff9cfb05cd0c952b4577d7668b215d64fcb26ff3228394e1028a05f193798d28ff83c25ca8ad27337111c8e4
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3
content-length: 95400

GET
H2 200 adsct
t.co/i/ Frame 441F 43 B
140 B 184ms
183ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=b0095e0e-e5ae-4656-b328-389822cacb1d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ced5d0f2-6497-4705-80fe-68872adfcdfc&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 94
date: Fri, 09 Aug 2024 06:33:43 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: d4c1e71452128a64
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 505776ee1551c03ee106cf5b3a1d8fc2dccd6c61c997de3524ac947ffa8b3690
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 441F 43 B
116 B 123ms
122ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b0095e0e-e5ae-4656-b328-389822cacb1d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ced5d0f2-6497-4705-80fe-68872adfcdfc&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 68
date: Fri, 09 Aug 2024 06:33:43 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 04f5ba21a0c7ac88
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e78d293decb7466689b1afc0806e733b5df7c9baed4b03cfc14b85e860a423f1
content-length: 43

POST
H3 204 collect
analytics.google.com/g/ Frame 441F 0
0 64ms
64ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185223088&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=page_view&tfd=909
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 972 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: EKH3SYBFDADZ3R56
age: 69366
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaDOhl1E9kFmu%2FKh0JJrLNRRioV65EBSVqjgiZ72UwuywqG2sY9kAqO01wXdi%2F4xjlQUunuirUXHFDspBnw%2FcajiMi%2B8so7C9bkFPcvlhX4MedDl1cGhb%2FZHWYx7DL0m%2Fy32jy8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75799a2ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 37E5 0
125 B 44ms
43ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723185223797&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185223476&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=10, mss=1316, tbw=7736, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:33:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 37E5 67 B
851 B 61ms
60ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723185223797&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185223476&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:33:43 GMT
document-policy: force-load-at-top
x-fb-server-load: 23
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024178787308846", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=10, mss=1316, tbw=7905, tp=-1, tpl=-1, uplat=18, ullat=0
pragma: no-cache
x-fb-debug: fXXQ1efN3Zw5BtBy4VCJ+aAzgRl8AFfl8nP7oH55ap59h6ENS2xnm0A8D4TxlEPTuHmvuQQgai7LTfhwxJAlzQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024178787308846"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame 37E5 42 B
64 B 49ms
49ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723185223520&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfDqbpbEzSFmaf8XlUj1gaROzzyrBcih-6i0YeMICFpBFidaFY&random=3036118631&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/10933293401/ Frame 37E5 42 B
64 B 51ms
51ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10933293401/?random=1723185223520&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfDqbpbEzSFmaf8XlUj1gaROzzyrBcih-6i0YeMICFpBFidaFY&random=3036118631&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame 37E5 42 B
64 B 46ms
46ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723185223526&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf4smXfXKhIT8-GKmJefYi7QrMO1H1s3yIZPaSzH-vMF-By-LG&random=2164497919&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/781451429/ Frame 37E5 42 B
64 B 51ms
51ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/781451429/?random=1723185223526&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf4smXfXKhIT8-GKmJefYi7QrMO1H1s3yIZPaSzH-vMF-By-LG&random=2164497919&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 53 KB
15 KB 33ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY06MZMS25XS7D7S
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwUk50hkCn6rohQ%2BVTuVZpGnoNAgUuDGPhiuwXQW7C1tc30nGCLG%2BpEvqSvQWoU3oF%2BdHV9NoAwryptkRg8o8QbHdmL6QuQ5RX%2FlIBJWZ0a4%2F7rsI6FFDPQmdbeQEHQpMff51jw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6bab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 1790 66 KB
19 KB 34ms
34ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04J1HCS93337TJ
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blKduWdFrQDZHDwdwmgUFrCzHL47FzzSu9jSyR6GVTuQusprObYyMXHy4mOnwu837SMhj%2Fx8ZsHbyJoBBqCEN0SF7npPNl%2Fmu3cOeVVGpKdGc7wH%2BKQ5vlHzK799TfrrNIHyN9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6cab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 236 B
584 B 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: XWRA5GPT825749X7
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gyTOQBTKukqWZHbrcwR2vaAsGkhwOZnj9XZ0ddC8%2FjJHWLZafS6NLrUsAzzpZInQwCgBjIL7Jscn79a7A4gywqaICy1tCNv7lDX4gm6bgy4qPciYFYtE%2BFYVhT5mc5BmR4mj6F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7610d9aab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 37E5 146 KB
0 0ms
0ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e464e
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241450B35572E78D4371A1E45
x-tt-trace-id: 00-2407291241450B35572E78D4371A1E45-4AFA5C3FE01C8E01-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0144a9baf631b5c7a7d5ca28844ef505bc5706fda4cb4c71a90d0605cdf009901ff418c8fd8a68b004fcce68d45eef2bf7b0c65cb1a633ce8a59055fbae20fcd55ab48ffe887993254c4b359a6b6f6c69832d360e2504d71af5c62a5417989aa9b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 40057

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 37E5 0
878 B 83ms
81ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2b48cabe.786e6b23
date: Fri, 09 Aug 2024 06:33:43 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090633431B829D2E9E99527ADAC0-542567DDCF34EE3D-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 33,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=11, origin; dur=31, inner; dur=27
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090633431B829D2E9E99527ADAC0
x-cache-remote: TCP_MISS from a23-50-129-175.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 31,23.50.129.175
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe1d2d416cd4576b58206cf3b92d53db64d2a9e60e28a3cf20972306b4d9ffa16888e101420b095ba65c38101cf6dc75fb5140d478346c2f75cad7a35dc8d82c4a58788362b9bdca889e8989e76b202bbd9
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:43 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 53E3 25 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MHGCDDAN38T054XK
age: 2766
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NgUbdk56NMeR6bMD86m7mTqy4vm03TxnR8vy3Y6a8uT0Fq0Cp2veOHtpph9VYkzteVaaqQcKilYI6NNB8cG11YX6bMk%2FRDedZ%2BkIVtFDUreDgdkb%2B7Ka531w4TUsj95vpI09n3s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7598a7eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 53E3 688 B
0 1ms
1ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25
x-zendesk-origin-server: embeddable-app-server-855d4bc785-rw2td
x-cached: STALE
x-request-id: 8b05b6babafaac2a-ATL
x-runtime: 0.002824
last-modified: Fri, 09 Aug 2024 06:33:17 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ov8LzozdxDetuuZQy21wqJdcxuQvARbsvIcCBRbbhs6mEQv5uLMHQ63CcOKIppKlBB4OL17sTNZXGHvXPYPiqGC%2FIJv6CFXsKPo3kwbvNicbORHfeRihdldTrZ2cXyyyFhYmAMliZ8dt3U0d"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05b759fedeac28-YYZ

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame 441F 42 B
64 B 53ms
52ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723185223616&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfN5DOJTFbKHijqYSCCabGcPzOO0PYhluwauYoFapdQp7Uev0j&random=4261041259&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/781451429/ Frame 441F 42 B
64 B 53ms
52ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/781451429/?random=1723185223616&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfN5DOJTFbKHijqYSCCabGcPzOO0PYhluwauYoFapdQp7Uev0j&random=4261041259&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 441F 13 KB
0 1ms
0ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63925
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c826c6e7-601e-0014-6abf-2f7022000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdcab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 441F 61 KB
0 2ms
2ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 63925
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdfab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 441F 5 KB
0 2ms
2ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 63924
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f70ffab6-501e-006d-61bd-2f8c06000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573ce0ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 441F 21 KB
0 3ms
3ms Fetch
text/css 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 63925
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7573ce1ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame 441F 42 B
64 B 50ms
48ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723185223631&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf0jmJds_KLADRulyWH0vVDcWJQyQHZs_qYi4fgDKu_giI8AO0&random=3129012585&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/10933293401/ Frame 441F 42 B
64 B 53ms
51ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10933293401/?random=1723185223631&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf0jmJds_KLADRulyWH0vVDcWJQyQHZs_qYi4fgDKu_giI8AO0&random=3129012585&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 441F 0
19 B 39ms
38ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723185224059&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185223639&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4350, tp=9, tpl=0, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:33:44 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 441F 67 B
194 B 62ms
61ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723185224059&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185223639&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:33:44 GMT
document-policy: force-load-at-top
x-fb-server-load: 28
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024184010110811", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4718, tp=12, tpl=0, uplat=19, ullat=0
pragma: no-cache
x-fb-debug: 8eUh/sEnNOsf4uR3IJo75JDs+jk1B7iHGUJmEKkyLs3ad+YieyBDpLbZcaJ3//AaayfT0YBhIvWD4cEccl9cXQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024184010110811"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 441F 146 KB
0 0ms
0ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e464e
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241450B35572E78D4371A1E45
x-tt-trace-id: 00-2407291241450B35572E78D4371A1E45-4AFA5C3FE01C8E01-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0144a9baf631b5c7a7d5ca28844ef505bc5706fda4cb4c71a90d0605cdf009901ff418c8fd8a68b004fcce68d45eef2bf7b0c65cb1a633ce8a59055fbae20fcd55ab48ffe887993254c4b359a6b6f6c69832d360e2504d71af5c62a5417989aa9b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 40057

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 441F 0
876 B 93ms
91ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 9dc9e43.786e6db4
date: Fri, 09 Aug 2024 06:33:44 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063344CD2837F31A004DA7220B-542851C2A8B700D8-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 40,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=13, origin; dur=35, inner; dur=31
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063344CD2837F31A004DA7220B
x-cache-remote: TCP_MISS from a23-218-222-68.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 35,23.218.222.68
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe1b30abe108b88657515a00f58cc1508fb842a538588bfdf8efb5116758fc7987344ebc3741f9594ce6dabe0b2b2bd1bdc714993a267eb851efd62d4c2f83d56512aaad95ba39b1cb2a6bb6b00970ca287
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:44 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 529F 25 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MHGCDDAN38T054XK
age: 2766
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NgUbdk56NMeR6bMD86m7mTqy4vm03TxnR8vy3Y6a8uT0Fq0Cp2veOHtpph9VYkzteVaaqQcKilYI6NNB8cG11YX6bMk%2FRDedZ%2BkIVtFDUreDgdkb%2B7Ka531w4TUsj95vpI09n3s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7598a7eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 529F 688 B
0 0ms
0ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25
x-zendesk-origin-server: embeddable-app-server-855d4bc785-rw2td
x-cached: STALE
x-request-id: 8b05b6babafaac2a-ATL
x-runtime: 0.002824
last-modified: Fri, 09 Aug 2024 06:33:17 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ov8LzozdxDetuuZQy21wqJdcxuQvARbsvIcCBRbbhs6mEQv5uLMHQ63CcOKIppKlBB4OL17sTNZXGHvXPYPiqGC%2FIJv6CFXsKPo3kwbvNicbORHfeRihdldTrZ2cXyyyFhYmAMliZ8dt3U0d"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05b759fedeac28-YYZ

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame 37E5 23 KB
4 KB 44ms
44ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::66847-1723185224195-d3f0c4d2f0d3
age: 241083
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 37E5 33 KB
0 0ms
0ms Image
image/png 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 31225
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7583e9f54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 37E5 5 KB
0 1ms
1ms Image
image/svg+xml 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 50375
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7583ea154bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 37E5 0
719 B 70ms
68ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 786e71eb
date: Fri, 09 Aug 2024 06:33:44 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334447D292F8DDFC0E9F3277-0033079799304840-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=16, cdn-cache; desc=MISS, edge; dur=11, origin; dur=20
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334447D292F8DDFC0E9F3277
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888feced1659223a018a3c4ab84a10fbdfe7805603a6430bd4f312d60262c941b76af0f00f590a65288f3afe941f980f22e99
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:44 GMT

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 216 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVUK52Yv7SsoEvfcS9XaQk8HRaTiZf6UrFERdiVSrol%2BkGbB21%2FtQezt8%2Fdx4jDTaZftN2XAVPSTJE3c4LCWl6gTZov%2BO%2Fsf36gZcLMpFkSNVNBrR9yWWdnS2VdsFaOlhziJXeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75b6b40ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 441F 0
877 B 114ms
113ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 9dca30a.786e73a2
date: Fri, 09 Aug 2024 06:33:44 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334488902AE7B74FD69ED559-3F77A586B32A419F-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 55,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=33, origin; dur=30, inner; dur=16
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334488902AE7B74FD69ED559
x-cache-remote: TCP_MISS from a23-218-222-68.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 30,23.218.222.68
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe1b30abe108b88657515a00f58cc1508fb7a23e2135779e33e1185059669686e8f871b4568cefb3a626af16220989a5c053b2c7846b3dfafa0a63642ae5a111bc0f3b59013726a53b5e924c08987fd2ee6
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:44 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 1790 19 KB
20 KB 30ms
30ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 14033654
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhSYhEGOdxfA2vr8SS9409tNV0pQCyHxtEzvqXortEK%2BL38XjZr7odKcyzCosza55AG8p%2Bxp11sMt3JaTdentlWEAq0H5X1WdOkgotuKjcJznAd0NX4OkndWMsGtr0eHr0HoccQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b763eeedab78-YYZ
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 216 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVUK52Yv7SsoEvfcS9XaQk8HRaTiZf6UrFERdiVSrol%2BkGbB21%2FtQezt8%2Fdx4jDTaZftN2XAVPSTJE3c4LCWl6gTZov%2BO%2Fsf36gZcLMpFkSNVNBrR9yWWdnS2VdsFaOlhziJXeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75b6b40ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 441F 33 KB
0 0ms
0ms Image
image/png 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 31225
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7583e9f54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 441F 5 KB
0 1ms
1ms Image
image/svg+xml 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 50375
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7583ea154bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame 441F 23 KB
4 KB 45ms
44ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::6k4l4-1723185224373-e6a0b2e0cab7
age: 241083
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 173 KB
62 KB 56ms
55ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5Px6mPg8YcsQ5f3nk5QRiaCWj29UYGXVKr1okPeS08AU4f%2B7Aa8cr%2BdU6GQnXNHeMQ0kkjosQBNPwnY58x7k5IVdpWPt0%2ButX8YQdnjwCh6WIMUjBG%2BBwYTNeciGNu1IxST6oA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 125 KB
37 KB 65ms
61ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yARS%2BOx6NBdqN7hp71hmx4ht5%2BHbpLixOumpopLHkfM2fCEnsCpECVivY%2FnhoWBW5qg0Rz%2Fwy0vXjBn%2BdZU5qvWtK6tLnn2JsIdvxOAUwtgcHY0TUXID147eQO0flajFSNneTKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4fab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 35 KB
11 KB 35ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvYO6Y3D4ji8jGgLEwgQU6x7psNmywy1S0SSahS%2FNC3dMvl8ZLrM422vq8OIcJvtwTK3jnaENmIRuXNJu5ftTkSlNsQ%2F%2FEbLYbwbS7UMTQ0nA81ENzST%2Fu8yyOrzFPJyIfExj2Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf51ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 1790 37 KB
11 KB 36ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBv6YmqldzP5aXqQSZccRewREpXM4BRT9zyu8dSEwGvT2S4M8vASJGAPW22%2FC%2B3dZ4PqBLtcPaANRhuWsAYkVOOFQ7fSKAcY7mjuKykEqDLm5buWe0zXuoYgOj9SC0WaS%2FVP%2BfY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf52ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 1790 12 KB
5 KB 32ms
31ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 69263
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lG56KZ9HL3%2BMedpHl1rCYlFE8IcBISkw8nWk0PmkPrtXSqSBhz4sBXGL8%2FZKiPQ0FqLDh%2FBSA7r6Hk6rYa5eZWiMb%2B0EuWNKfsttw1tZCtAPbLskzVWhh%2FoGR1MuehNNBvszeU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf53ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame 37E5 610 B
0 3ms
3ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
server: Vercel
x-vercel-id: iad1::ml68j-1723185222795-3e29edb40588
age: 241049
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 chat Show response
reasonlabs.com/ Frame 0BFC 3 KB
44 B 52ms
47ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/chat
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Request headers

Referer: https://reasonlabs.com/chat
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 241057
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:33:44 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::9gfrz-1723185224511-64e02fb0f366

GET
DATA 200
OK truncated
/ Frame 37E5 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 37E5 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 37E5 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 37E5 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 37E5 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 37E5 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 37E5 20 KB
0 3ms
3ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHrg0%2FxuNWbYVjXcFS9LlGvAtMgD6DeS54r6%2FHsuyFJZ1LeBGdIq1sxwKaHJu4zm3dQTqw5SV74kCTu8GqKYaU2Y6MNP6eVEgNvkkmdKtRaHOMZxlCOuFfNn5KsgRRBZ9oI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc2abd0-YYZ

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 37E5 105 B
0 3ms
3ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22Ezy6JO7zM2rb%2BQfVcqMqKJQiJx6EJa4CQQRcfEJGrUQC1CXCSKIwCRzHhNBgp%2BOjIYAU3UbaCCtpW6VaIqu6crcLWgyaAu%2BY1%2BgEgU9mEVkKejkZ2IbSiik3AIKS%2Fu77k%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc3abd0-YYZ

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 37E5 810 B
0 4ms
3ms Fetch
application/json 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKvM222uh2zcYDteK%2BekSkBVTnUEZV0nvcYG2BrhBUYhWsGxqJt%2FxfHi9%2FNMbrfTu5FYWjonaIf3OOJ2%2BSaNDMjQ8v0sV4JC00sSPMrPQTpt7L%2FPPeQ79ScZRwf3BIFrq%2BE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: CA
cf-ray: 8b05b7553dc4abd0-YYZ

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 441F 20 KB
0 0ms
0ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHrg0%2FxuNWbYVjXcFS9LlGvAtMgD6DeS54r6%2FHsuyFJZ1LeBGdIq1sxwKaHJu4zm3dQTqw5SV74kCTu8GqKYaU2Y6MNP6eVEgNvkkmdKtRaHOMZxlCOuFfNn5KsgRRBZ9oI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc2abd0-YYZ

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 441F 105 B
0 2ms
2ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22Ezy6JO7zM2rb%2BQfVcqMqKJQiJx6EJa4CQQRcfEJGrUQC1CXCSKIwCRzHhNBgp%2BOjIYAU3UbaCCtpW6VaIqu6crcLWgyaAu%2BY1%2BgEgU9mEVkKejkZ2IbSiik3AIKS%2Fu77k%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc3abd0-YYZ

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 441F 810 B
0 1ms
1ms Fetch
application/json 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKvM222uh2zcYDteK%2BekSkBVTnUEZV0nvcYG2BrhBUYhWsGxqJt%2FxfHi9%2FNMbrfTu5FYWjonaIf3OOJ2%2BSaNDMjQ8v0sV4JC00sSPMrPQTpt7L%2FPPeQ79ScZRwf3BIFrq%2BE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: CA
cf-ray: 8b05b7553dc4abd0-YYZ

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 0BFC 40 KB
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221158-21916690d245
age: 229606
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 0BFC 264 B
0 2ms
2ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
server: Vercel
x-vercel-id: iad1::9pns7-1723185221375-125ba8050e64
age: 241049
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 0BFC 21 KB
0 6ms
6ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 54381
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7509cab54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 0BFC 29 KB
90 B 38ms
38ms Script
application/x-javascript 104.16.243.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.243.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45784
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05b765e9ee54a3-YYZ
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:38:44 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 0BFC 28 KB
0 0ms
0ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::4jm98-1723185221185-468c4d0eb56d
age: 241049
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 0BFC 127 KB
0 1ms
1ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::d9ww2-1723185221185-b68aee680057
age: 241049
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 0BFC 106 KB
0 2ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::69xzp-1723185221185-68c4f2cdb32e
age: 241049
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 0BFC 140 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221185-3fd2b2b27fda
age: 241049
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 0BFC 4 KB
0 4ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::455pg-1723185221418-a29e1d01eaae
age: 241049
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 0BFC 14 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::zlr49-1723185221185-d4a2da2b23f6
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 0BFC 2 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723185221185-472fa1de9788
age: 241049
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 favicon-32x32.png
reasonlabs.com/ 2 KB
2 KB 47ms
46ms Other
image/png 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d8d7ae40315aaf92f9393c1a514e56dbba1b2b4410d648cf8e51b3d3fbeff0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::jb5qk-1723185224655-fa5d5e69b83a
age: 241050
x-matched-path: /favicon-32x32.png
etag: "4712c2a7f8b8111661cfd429c6cdb62a"
x-vercel-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="favicon-32x32.png"
accept-ranges: bytes
content-length: 1983

GET
DATA 200
OK truncated
/ Frame 441F 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 441F 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 441F 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 441F 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 441F 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 441F 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame 441F 610 B
0 3ms
3ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
server: Vercel
x-vercel-id: iad1::ml68j-1723185222795-3e29edb40588
age: 241049
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 0BFC 267 KB
0 5ms
5ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a5b37639bb49072fc2fc35a93952f862f855165d83d45dce33cd4dc80fae2489

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 0BFC 5 KB
0 3ms
3ms XHR
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 40501
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f2077bb7-001e-006e-5a15-6b7e93000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7521a77ab54-YYZ

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 1790 131 B
658 B 36ms
36ms XHR
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
strict-transport-security: max-age=31536000;
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 94
x-zendesk-origin-server: embeddable-app-server-855d4bc785-5s88m
x-cached: HIT
x-request-id: 8abe694a29d939c3-YYZ
x-runtime: 0.012941
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZjABHjjV6%2BBo6mWenJQ6Q8LMC24lj6qjjDtlphu6ORLv6iv5pn4UIbkH5lf4oS5D7qRfIWSDQzq0l0FLC9x%2BvkASTHOQjJkI2vPtNriWU%2BH7rN0tFcatvlKIUvEsPn13v7A%2Bk7s4Oyvj7Pk"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05b7672cfeac28-YYZ

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 0BFC 68 B
163 B 34ms
33ms XHR
application/json 104.18.29.127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.127 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05b7674924a1ed-YYZ
access-control-allow-headers: Content-Type

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 0BFC 316 KB
0 0ms
0ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

c36fca529a1a48b0f9b1dd80d71b7323633566d95dec0a1713dac262d48739e4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107217
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 0BFC 242 KB
0 1ms
1ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e13a8d24930fe4efaab9c57441033713336a54805d3528b1565c6338f375f243

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87547
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 304 uwt.js Show response
static.ads-twitter.com/ Frame 0BFC 56 KB
41 B 77ms
76ms Script
application/javascript 146.75.40.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.40.157 Seattle, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
If-None-Match: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
If-Modified-Since: Fri, 15 Mar 2024 03:07:08 GMT
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-cache: HIT
cache-control: no-cache
x-served-by: cache-bfi-kbfi7400034-BFI

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 0BFC 239 KB
0 2ms
2ms Script
application/javascript 173.194.175.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a866af5bc256894915b0989df635ed39468ae4a85b6708fd5be3da0f1569bd4b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86956
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:33:41 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 0BFC 43 KB
0 2ms
2ms Script
application/javascript 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QODk1nA9oAiihvzc4iDbotAI2t3eeP44H2KofruC9ciDct3LGM8g7JiEZ3lJQwmDRozia%2B%2Bet4if%2BtTZrjB8kBPzlmX1jQbSm9Bh62vjcMwN7e286sDwQ8Zj1K5BFUtko%2FU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7540d4aabd0-YYZ

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 0BFC 225 KB
0 5ms
5ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:41 GMT
document-policy: force-load-at-top
x-fb-server-load: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=12, mss=1316, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: c9jvyP+dGvLO9cmToPtw/36KEpDuIUMmmI/E2mPMWz3uU3b4atWwpH5QiL1C46fbjWSX+rug70xuHc3eZKZSxQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 0BFC 5 KB
2 KB 55ms
55ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f479d1a918a87dbce20cb7d49b06935c4758166ff9382b2c5846b7124943e42c

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 102f5430.786e8099
date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063344E75D69A706BF99A22922-4529EB333B939631-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 13,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=2, origin; dur=11, inner; dur=4
content-length: 1644
pragma: no-cache
server: nginx
x-tt-logid: 20240809063344E75D69A706BF99A22922
x-cache-remote: TCP_MISS from a23-50-129-168.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 11,23.50.129.168
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe10cc63cbeea7baa8e365dad6dd9bdd2a97fc160ca265e08d43314cc126c5d176b803a16e64c47ddedad86473a2303b6bd863784fb6f22d857778556eb2160d653dbf9b805376473c007474cf09438cfe5
expires: Fri, 09 Aug 2024 06:33:44 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame 0BFC 3 KB
1 KB 56ms
55ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723185225010&cv=11&fst=1723185225010&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

d6ed4f4a721773158495d76312e5f497a348a79913565b1d89c7bc5ade95b163

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1382
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame 0BFC 3 KB
1 KB 58ms
57ms Script
text/javascript 209.85.144.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723185225022&cv=11&fst=1723185225022&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

209.85.144.157 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qv-in-f157.1e100.net

Software

cafe /

Resource Hash

d63f684661d8c2cf70e4922f5ab970f46de575328d0c7a7c6276c61fe90a5299

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1383
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 0BFC 64 KB
0 1ms
1ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:33:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 46
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13002
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=63, mss=1316, tbw=64416, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: JRw6tnHlgXEf+PXqKS4LSdxaAn+Cr8dwFnerLLvpERLQAunJ3qysT+/K34qm23yo2pXQVy2VixJUruZPPtIR0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 0BFC 383 KB
0 4ms
4ms Script
application/javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 68438
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7546d7e54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:41 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 0BFC 10 KB
0 5ms
5ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 23
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx9wk8OL1JnzEiNnNAZCXyy%2FkHAMCcZl6xh9%2BBdB50d8F%2FzzAHFF4H%2B1R23BdFtKVteNl9FK70mUB%2FJ9U2M%2Fscy8Qg%2FYPMXLGiiu6R6hDdyx%2BUTTla0fU8p0QieQRi2CK%2FslfIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05b7546884ab78-YYZ
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 0BFC 0
240 B 43ms
42ms Fetch 13.32.151.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-63.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:33:45 GMT
via: 1.1 fa3f15cd366c19b686cb5e8157aee206.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: oFLUbAuVjvdHK4jT4-doVBCUN98Hm46sOwb2-tOqFUpTi5MmOu2xmA==

POST
H3 204 collect
analytics.google.com/g/ Frame 0BFC 0
0 48ms
47ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723185224752&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=page_view&tfd=687
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 0BFC 0
16 B 38ms
38ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723185225243&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185225157&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=26, mss=1232, tbw=8110, tp=18, tpl=0, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:33:45 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 0BFC 67 B
197 B 54ms
54ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723185225243&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723185222397.196815036283349287&ler=empty&cdl=API_unavailable&it=1723185225157&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:33:45 GMT
document-policy: force-load-at-top
x-fb-server-load: 34
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401024188093504467", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=26, mss=1232, tbw=8350, tp=21, tpl=0, uplat=16, ullat=0
pragma: no-cache
x-fb-debug: W7ZpjOkwh2j+wEZuckDK+jjPk1PZO5/fD/ayjzaZpAfCg3DnmfmYOVJyP25M/hWYMdHuCimpCbUNuH+VynF9hA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401024188093504467"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame 0BFC 30 KB
0 1ms
1ms Fetch
application/x-javascript 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 31448
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7565c73ab54-YYZ

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 0BFC 1 KB
0 0ms
0ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 26
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9SvkTDF24xOtwO6kXsT1kNo3GDEs4q%2FH7XLdzQxxBR9EGNJ7LnFMp5SzYIFHDbC80UMpanghv3NMly485nJ4y9d7rCiXg1srFgpv5uuKRJvbOvpotte2jPK%2BEKuSZYc9Z0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05b756ad43ac2e-YYZ

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 53 KB
0 33ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY06MZMS25XS7D7S
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwUk50hkCn6rohQ%2BVTuVZpGnoNAgUuDGPhiuwXQW7C1tc30nGCLG%2BpEvqSvQWoU3oF%2BdHV9NoAwryptkRg8o8QbHdmL6QuQ5RX%2FlIBJWZ0a4%2F7rsI6FFDPQmdbeQEHQpMff51jw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6bab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 529F 66 KB
0 34ms
34ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04J1HCS93337TJ
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blKduWdFrQDZHDwdwmgUFrCzHL47FzzSu9jSyR6GVTuQusprObYyMXHy4mOnwu837SMhj%2Fx8ZsHbyJoBBqCEN0SF7npPNl%2Fmu3cOeVVGpKdGc7wH%2BKQ5vlHzK799TfrrNIHyN9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6cab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 236 B
0 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: XWRA5GPT825749X7
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gyTOQBTKukqWZHbrcwR2vaAsGkhwOZnj9XZ0ddC8%2FjJHWLZafS6NLrUsAzzpZInQwCgBjIL7Jscn79a7A4gywqaICy1tCNv7lDX4gm6bgy4qPciYFYtE%2BFYVhT5mc5BmR4mj6F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7610d9aab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 53 KB
0 33ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY06MZMS25XS7D7S
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwUk50hkCn6rohQ%2BVTuVZpGnoNAgUuDGPhiuwXQW7C1tc30nGCLG%2BpEvqSvQWoU3oF%2BdHV9NoAwryptkRg8o8QbHdmL6QuQ5RX%2FlIBJWZ0a4%2F7rsI6FFDPQmdbeQEHQpMff51jw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6bab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 53E3 66 KB
0 34ms
34ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04J1HCS93337TJ
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blKduWdFrQDZHDwdwmgUFrCzHL47FzzSu9jSyR6GVTuQusprObYyMXHy4mOnwu837SMhj%2Fx8ZsHbyJoBBqCEN0SF7npPNl%2Fmu3cOeVVGpKdGc7wH%2BKQ5vlHzK799TfrrNIHyN9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6cab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 236 B
0 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: XWRA5GPT825749X7
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gyTOQBTKukqWZHbrcwR2vaAsGkhwOZnj9XZ0ddC8%2FjJHWLZafS6NLrUsAzzpZInQwCgBjIL7Jscn79a7A4gywqaICy1tCNv7lDX4gm6bgy4qPciYFYtE%2BFYVhT5mc5BmR4mj6F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7610d9aab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 adsct
t.co/i/ Frame 0BFC 43 B
163 B 107ms
106ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=98ad7cd1-d669-4468-abb5-685516b16d86&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=20f283da-fb85-4dea-b9ad-e02d9608f4e4&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 7
date: Fri, 09 Aug 2024 06:33:45 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 60c640a27c6765b2
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 36ca4d752cbcd8c48e840aef6e4a61dbbd00735804940cfc07e513178e0c4e0d
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 0BFC 43 B
113 B 131ms
131ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=98ad7cd1-d669-4468-abb5-685516b16d86&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=20f283da-fb85-4dea-b9ad-e02d9608f4e4&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 75
date: Fri, 09 Aug 2024 06:33:45 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 9741916b28f65160
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e78d293decb7466689b1afc0806e733b5df7c9baed4b03cfc14b85e860a423f1
content-length: 43

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 0BFC 331 KB
0 1ms
1ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e4163
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024080813451581DC9FA2DA121D4E0AAB
x-tt-trace-id: 00-24080813451581DC9FA2DA121D4E0AAB-246D3144CB4AE0BC-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018619d3b7b26a0fce8582d22382de0c76e85f89068a53ba1b4920691f22820fe07400b1a33662a9a054726bd9d9b59a960a169757ff9cfb05cd0c952b4577d7668b215d64fcb26ff3228394e1028a05f193798d28ff83c25ca8ad27337111c8e4
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3
content-length: 95400

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame 0BFC 42 B
64 B 51ms
50ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723185225010&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfGPnOgrVDCUGw9vAC0XDNBzh1hvTyp9qeAmU5LT7tehNPChUo&random=2149897075&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/781451429/ Frame 0BFC 42 B
64 B 51ms
51ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/781451429/?random=1723185225010&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfGPnOgrVDCUGw9vAC0XDNBzh1hvTyp9qeAmU5LT7tehNPChUo&random=2149897075&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame 0BFC 42 B
64 B 55ms
54ms Image
image/gif 172.217.197.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723185225022&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfv2ktcPhQ_of9Od6hGLlkIDT8WFznO7mfGgPLPcxTUEQTgVRV&random=2075461744&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.197.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/10933293401/ Frame 0BFC 42 B
64 B 55ms
54ms Image
image/gif 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10933293401/?random=1723185225022&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfv2ktcPhQ_of9Od6hGLlkIDT8WFznO7mfGgPLPcxTUEQTgVRV&random=2075461744&rmt_tld=1&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 529F 19 KB
0 0ms
0ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 14033654
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhSYhEGOdxfA2vr8SS9409tNV0pQCyHxtEzvqXortEK%2BL38XjZr7odKcyzCosza55AG8p%2Bxp11sMt3JaTdentlWEAq0H5X1WdOkgotuKjcJznAd0NX4OkndWMsGtr0eHr0HoccQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b763eeedab78-YYZ
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 19 KB
0 0ms
0ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 14033654
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhSYhEGOdxfA2vr8SS9409tNV0pQCyHxtEzvqXortEK%2BL38XjZr7odKcyzCosza55AG8p%2Bxp11sMt3JaTdentlWEAq0H5X1WdOkgotuKjcJznAd0NX4OkndWMsGtr0eHr0HoccQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b763eeedab78-YYZ
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 0BFC 146 KB
0 0ms
0ms Script
application/javascript 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 786e464e
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241450B35572E78D4371A1E45
x-tt-trace-id: 00-2407291241450B35572E78D4371A1E45-4AFA5C3FE01C8E01-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0144a9baf631b5c7a7d5ca28844ef505bc5706fda4cb4c71a90d0605cdf009901ff418c8fd8a68b004fcce68d45eef2bf7b0c65cb1a633ce8a59055fbae20fcd55ab48ffe887993254c4b359a6b6f6c69832d360e2504d71af5c62a5417989aa9b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 40057

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 0BFC 0
720 B 98ms
96ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 786e8fe8
date: Fri, 09 Aug 2024 06:33:45 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334547D292F8DDFC0E9F32E0-78A0818DDF679E8A-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=30, cdn-cache; desc=MISS, edge; dur=12, origin; dur=41
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334547D292F8DDFC0E9F32E0
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 41,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888fe2038ce27a0e48d2275a3d234f28aeee38fe4b84765f31ad0833ee70c733a357b278ed9342ec9399677d0397f305bfd8b
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:45 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 0BFC 13 KB
0 0ms
0ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 63925
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c826c6e7-601e-0014-6abf-2f7022000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdcab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 0BFC 61 KB
0 1ms
1ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 63925
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573cdfab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 0BFC 5 KB
0 1ms
1ms Fetch
application/json 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 63924
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f70ffab6-501e-006d-61bd-2f8c06000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7573ce0ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 0BFC 21 KB
0 1ms
1ms Fetch
text/css 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 63925
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7573ce1ab54-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 972 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: EKH3SYBFDADZ3R56
age: 69366
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaDOhl1E9kFmu%2FKh0JJrLNRRioV65EBSVqjgiZ72UwuywqG2sY9kAqO01wXdi%2F4xjlQUunuirUXHFDspBnw%2FcajiMi%2B8so7C9bkFPcvlhX4MedDl1cGhb%2FZHWYx7DL0m%2Fy32jy8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75799a2ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 173 KB
0 56ms
55ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5Px6mPg8YcsQ5f3nk5QRiaCWj29UYGXVKr1okPeS08AU4f%2B7Aa8cr%2BdU6GQnXNHeMQ0kkjosQBNPwnY58x7k5IVdpWPt0%2ButX8YQdnjwCh6WIMUjBG%2BBwYTNeciGNu1IxST6oA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 125 KB
0 65ms
61ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yARS%2BOx6NBdqN7hp71hmx4ht5%2BHbpLixOumpopLHkfM2fCEnsCpECVivY%2FnhoWBW5qg0Rz%2Fwy0vXjBn%2BdZU5qvWtK6tLnn2JsIdvxOAUwtgcHY0TUXID147eQO0flajFSNneTKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4fab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 35 KB
0 35ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvYO6Y3D4ji8jGgLEwgQU6x7psNmywy1S0SSahS%2FNC3dMvl8ZLrM422vq8OIcJvtwTK3jnaENmIRuXNJu5ftTkSlNsQ%2F%2FEbLYbwbS7UMTQ0nA81ENzST%2Fu8yyOrzFPJyIfExj2Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf51ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 529F 37 KB
0 36ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBv6YmqldzP5aXqQSZccRewREpXM4BRT9zyu8dSEwGvT2S4M8vASJGAPW22%2FC%2B3dZ4PqBLtcPaANRhuWsAYkVOOFQ7fSKAcY7mjuKykEqDLm5buWe0zXuoYgOj9SC0WaS%2FVP%2BfY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf52ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 529F 12 KB
0 32ms
31ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 69263
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lG56KZ9HL3%2BMedpHl1rCYlFE8IcBISkw8nWk0PmkPrtXSqSBhz4sBXGL8%2FZKiPQ0FqLDh%2FBSA7r6Hk6rYa5eZWiMb%2B0EuWNKfsttw1tZCtAPbLskzVWhh%2FoGR1MuehNNBvszeU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf53ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 173 KB
0 56ms
55ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5Px6mPg8YcsQ5f3nk5QRiaCWj29UYGXVKr1okPeS08AU4f%2B7Aa8cr%2BdU6GQnXNHeMQ0kkjosQBNPwnY58x7k5IVdpWPt0%2ButX8YQdnjwCh6WIMUjBG%2BBwYTNeciGNu1IxST6oA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 125 KB
0 65ms
61ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yARS%2BOx6NBdqN7hp71hmx4ht5%2BHbpLixOumpopLHkfM2fCEnsCpECVivY%2FnhoWBW5qg0Rz%2Fwy0vXjBn%2BdZU5qvWtK6tLnn2JsIdvxOAUwtgcHY0TUXID147eQO0flajFSNneTKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4fab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 35 KB
0 35ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvYO6Y3D4ji8jGgLEwgQU6x7psNmywy1S0SSahS%2FNC3dMvl8ZLrM422vq8OIcJvtwTK3jnaENmIRuXNJu5ftTkSlNsQ%2F%2FEbLYbwbS7UMTQ0nA81ENzST%2Fu8yyOrzFPJyIfExj2Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf51ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 53E3 37 KB
0 36ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBv6YmqldzP5aXqQSZccRewREpXM4BRT9zyu8dSEwGvT2S4M8vASJGAPW22%2FC%2B3dZ4PqBLtcPaANRhuWsAYkVOOFQ7fSKAcY7mjuKykEqDLm5buWe0zXuoYgOj9SC0WaS%2FVP%2BfY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf52ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 53E3 12 KB
0 32ms
31ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 69263
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lG56KZ9HL3%2BMedpHl1rCYlFE8IcBISkw8nWk0PmkPrtXSqSBhz4sBXGL8%2FZKiPQ0FqLDh%2FBSA7r6Hk6rYa5eZWiMb%2B0EuWNKfsttw1tZCtAPbLskzVWhh%2FoGR1MuehNNBvszeU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf53ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 0371 25 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MHGCDDAN38T054XK
age: 2766
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NgUbdk56NMeR6bMD86m7mTqy4vm03TxnR8vy3Y6a8uT0Fq0Cp2veOHtpph9VYkzteVaaqQcKilYI6NNB8cG11YX6bMk%2FRDedZ%2BkIVtFDUreDgdkb%2B7Ka531w4TUsj95vpI09n3s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7598a7eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 0371 688 B
0 0ms
0ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25
x-zendesk-origin-server: embeddable-app-server-855d4bc785-rw2td
x-cached: STALE
x-request-id: 8b05b6babafaac2a-ATL
x-runtime: 0.002824
last-modified: Fri, 09 Aug 2024 06:33:17 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ov8LzozdxDetuuZQy21wqJdcxuQvARbsvIcCBRbbhs6mEQv5uLMHQ63CcOKIppKlBB4OL17sTNZXGHvXPYPiqGC%2FIJv6CFXsKPo3kwbvNicbORHfeRihdldTrZ2cXyyyFhYmAMliZ8dt3U0d"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05b759fedeac28-YYZ

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 529F 131 B
0 0ms
0ms XHR
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 94
x-zendesk-origin-server: embeddable-app-server-855d4bc785-5s88m
x-cached: HIT
x-request-id: 8abe694a29d939c3-YYZ
x-runtime: 0.012941
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZjABHjjV6%2BBo6mWenJQ6Q8LMC24lj6qjjDtlphu6ORLv6iv5pn4UIbkH5lf4oS5D7qRfIWSDQzq0l0FLC9x%2BvkASTHOQjJkI2vPtNriWU%2BH7rN0tFcatvlKIUvEsPn13v7A%2Bk7s4Oyvj7Pk"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05b7672cfeac28-YYZ

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 53E3 131 B
0 0ms
0ms XHR
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 94
x-zendesk-origin-server: embeddable-app-server-855d4bc785-5s88m
x-cached: HIT
x-request-id: 8abe694a29d939c3-YYZ
x-runtime: 0.012941
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZjABHjjV6%2BBo6mWenJQ6Q8LMC24lj6qjjDtlphu6ORLv6iv5pn4UIbkH5lf4oS5D7qRfIWSDQzq0l0FLC9x%2BvkASTHOQjJkI2vPtNriWU%2BH7rN0tFcatvlKIUvEsPn13v7A%2Bk7s4Oyvj7Pk"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05b7672cfeac28-YYZ

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 216 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVUK52Yv7SsoEvfcS9XaQk8HRaTiZf6UrFERdiVSrol%2BkGbB21%2FtQezt8%2Fdx4jDTaZftN2XAVPSTJE3c4LCWl6gTZov%2BO%2Fsf36gZcLMpFkSNVNBrR9yWWdnS2VdsFaOlhziJXeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b75b6b40ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 0BFC 0
875 B 237ms
233ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1413bcb2.786e991d
date: Fri, 09 Aug 2024 06:33:46 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063346868075535FDD42A09A2A-47B5E9ABB29D15C7-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 70,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=117, origin; dur=20, inner; dur=16
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063346868075535FDD42A09A2A
x-cache-remote: TCP_MISS from a23-48-100-9.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.48.100.9
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe16668cb156c7fc9c3009aec9372f1f30961cd5dd79f30d6c2717188444837d93f6b29e8c99d387fa876383dd5c2fadd197652ce383fa86586570fffdbfbc54a076c5fdc4c9857df0f330d8510f4dd4dc7
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:46 GMT

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 0BFC 20 KB
0 1ms
1ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHrg0%2FxuNWbYVjXcFS9LlGvAtMgD6DeS54r6%2FHsuyFJZ1LeBGdIq1sxwKaHJu4zm3dQTqw5SV74kCTu8GqKYaU2Y6MNP6eVEgNvkkmdKtRaHOMZxlCOuFfNn5KsgRRBZ9oI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc2abd0-YYZ

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 0BFC 105 B
0 1ms
1ms Fetch
text/css 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235035
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22Ezy6JO7zM2rb%2BQfVcqMqKJQiJx6EJa4CQQRcfEJGrUQC1CXCSKIwCRzHhNBgp%2BOjIYAU3UbaCCtpW6VaIqu6crcLWgyaAu%2BY1%2BgEgU9mEVkKejkZ2IbSiik3AIKS%2Fu77k%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: CA
accept-ranges: bytes
cf-ray: 8b05b7553dc3abd0-YYZ

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 0BFC 810 B
0 1ms
1ms Fetch
application/json 172.67.71.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.71.113 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKvM222uh2zcYDteK%2BekSkBVTnUEZV0nvcYG2BrhBUYhWsGxqJt%2FxfHi9%2FNMbrfTu5FYWjonaIf3OOJ2%2BSaNDMjQ8v0sV4JC00sSPMrPQTpt7L%2FPPeQ79ScZRwf3BIFrq%2BE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: CA
cf-ray: 8b05b7553dc4abd0-YYZ

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 0BFC 33 KB
0 0ms
0ms Image
image/png 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 31225
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05b7583e9f54bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 0BFC 5 KB
0 1ms
1ms Image
image/svg+xml 104.18.15.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.15.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:33:42 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 50375
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05b7583ea154bb-YYZ
expires: Sat, 10 Aug 2024 06:33:42 GMT

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame 0BFC 23 KB
4 KB 55ms
54ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::zlr49-1723185226233-2eeed321225c
age: 241085
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
DATA 200
OK truncated
/ Frame 0BFC 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 0BFC 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0BFC 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0BFC 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0BFC 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0BFC 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame 0BFC 610 B
0 3ms
3ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:42 GMT
server: Vercel
x-vercel-id: iad1::ml68j-1723185222795-3e29edb40588
age: 241049
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 9669-c1dd85627d14116a.js Show response
reasonlabs.com/_next/static/chunks/ 17 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9669-c1dd85627d14116a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 20eaa1a63aedbf0019f8562605496a18af58ff9c9850f502f1c40946b16f753c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qbskj-1723185221687-f1e9e69626ea
age: 241049
x-matched-path: /_next/static/chunks/9669-c1dd85627d14116a.js
etag: W/"df94e0a9e336407fee547b88bb300177"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9669-c1dd85627d14116a.js"

GET
H2 200 7536-d078bab37095fd33.js Show response
reasonlabs.com/_next/static/chunks/ 22 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/7536-d078bab37095fd33.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 36c93b58f03ecca968f0a0369e2396c5c29a06efc3ecd99fae1d13b0a973ada2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::zlr49-1723185221697-632d4f702556
age: 241049
x-matched-path: /_next/static/chunks/7536-d078bab37095fd33.js
etag: W/"77108c566aca03f6efbddef060527122"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="7536-d078bab37095fd33.js"

GET
H2 200 4853-a702dd05d0560e1e.js Show response
reasonlabs.com/_next/static/chunks/ 10 KB
0 4ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/4853-a702dd05d0560e1e.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 04dfafbc5fe883fde964a85d80ca6fa19d06db854e82aa0549b0d66547d8397c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ft8xs-1723185221693-f499a5267534
age: 241049
x-matched-path: /_next/static/chunks/4853-a702dd05d0560e1e.js
etag: W/"1b730895d2887145510a56eac5c6c912"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4853-a702dd05d0560e1e.js"

GET
H2 200 9491-cb307f0820dea16a.js Show response
reasonlabs.com/_next/static/chunks/ 55 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9491-cb307f0820dea16a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7421ded58b0b66795aac889dd51d394477f7bd2252448af4c3219bf2ce6863a2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221693-c54ea1992559
age: 241049
x-matched-path: /_next/static/chunks/9491-cb307f0820dea16a.js
etag: W/"94f0bea99e6ca73dcad46858d27f410e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9491-cb307f0820dea16a.js"

GET
H2 200 9181-783f2b62bd015354.js Show response
reasonlabs.com/_next/static/chunks/ 126 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9181-783f2b62bd015354.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: f8b61e4330e6492cd191460e3218856657651c3d64a5c6b39d02cb9d5547bd90

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::6k4l4-1723185221694-47a835b1c5cd
age: 241049
x-matched-path: /_next/static/chunks/9181-783f2b62bd015354.js
etag: W/"9ca24510e1cdd5d5e7d5ddff68e98437"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9181-783f2b62bd015354.js"

GET
H2 200 5074-22f981bef7596111.js Show response
reasonlabs.com/_next/static/chunks/ 8 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/5074-22f981bef7596111.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 786dd0b17ecf4df37a3f900e719bd36c61ae73e13e2d7187980b8852ccab0278

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::zlr49-1723185221706-73bc12ba60a9
age: 241049
x-matched-path: /_next/static/chunks/5074-22f981bef7596111.js
etag: W/"310e55de2050605a798b639f502ed60b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5074-22f981bef7596111.js"

GET
H2 200 contact-us-d3628e156bfb164b.js Show response
reasonlabs.com/_next/static/chunks/pages/ 4 KB
0 10ms
10ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: e4e40b3944928b3b43a2847d5823b893d34c3861eb285ed5275d9601bb043ef8

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::x7nm6-1723185221706-b0fd75288cb5
age: 241049
x-matched-path: /_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
etag: W/"358d84a1371694326c440828f385f56c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="contact-us-d3628e156bfb164b.js"

GET
H2 200 1be5a77cd6b0c1b8.css Show response
reasonlabs.com/_next/static/css/ 2 KB
1 KB 63ms
35ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/1be5a77cd6b0c1b8.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8e4fbd3919e6cd699518666936aae750b3df6fe994b459da03fdd1d18ae3f88d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::zsczm-1723185226362-f681e19b8c50
age: 241054
x-matched-path: /_next/static/css/1be5a77cd6b0c1b8.css
etag: W/"0468ae9cfc7822bf2e099439d24a9f83"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1be5a77cd6b0c1b8.css"

GET
H2 200 2205-b8b042bddf4b1387.js Show response
reasonlabs.com/_next/static/chunks/ 39 KB
0 25ms
25ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2205-b8b042bddf4b1387.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 3032151e0f9e05a54e0e95ee99700003682894d02070c76727c239d4732efc8d

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qhg7g-1723185221706-8d447bd9f6a7
age: 241049
x-matched-path: /_next/static/chunks/2205-b8b042bddf4b1387.js
etag: W/"ba817c6de20566a33d8d0ff4e3bcb244"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2205-b8b042bddf4b1387.js"

GET
H2 200 2491-9ec92f3cd3328555.js Show response
reasonlabs.com/_next/static/chunks/ 9 KB
0 30ms
30ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2491-9ec92f3cd3328555.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 3c95513f8712f777277c207389532617e95a7f2db6f64d32e2c2a283b512d196

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::rmdrx-1723185221706-bf64230eb0dc
age: 241049
x-matched-path: /_next/static/chunks/2491-9ec92f3cd3328555.js
etag: W/"4fff78c55ddd1a3e147f39c093de99b7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2491-9ec92f3cd3328555.js"

GET
H2 200 blog-52fec28581808e54.js Show response
reasonlabs.com/_next/static/chunks/pages/ 1 KB
0 32ms
32ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/blog-52fec28581808e54.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5d388757c2dfd2793a4047c2f3031d6cbb707408adbd9eae443d7902bd1a72c2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::4jm98-1723185221706-57ff24974372
age: 241049
x-matched-path: /_next/static/chunks/pages/blog-52fec28581808e54.js
etag: W/"918586f29b4068e56808459b8d9cde16"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="blog-52fec28581808e54.js"

GET
H2 200 1554755ca48628de.css Show response
reasonlabs.com/_next/static/css/ 11 KB
3 KB 82ms
36ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/1554755ca48628de.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4058f6bce930def884b0fa7d3f0b2a8893767aea046838c23716c1f9021a5986

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::z6xnd-1723185226381-a55675de045b
age: 241054
x-matched-path: /_next/static/css/1554755ca48628de.css
etag: W/"9bea815c333dcf2e3dc5d257190c36c3"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1554755ca48628de.css"

GET
H2 200 b09dfccc-0d4362519e83f737.js Show response
reasonlabs.com/_next/static/chunks/ 135 KB
0 22ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/b09dfccc-0d4362519e83f737.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: b8939b22a328efa2a65b21503b1d86365b8c52cc80e3d4378938b99a7c3016c3

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::scmgq-1723185221706-37618b0b0f9b
age: 241050
x-matched-path: /_next/static/chunks/b09dfccc-0d4362519e83f737.js
etag: W/"010c52841b45e58787fa5559057279b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b09dfccc-0d4362519e83f737.js"

GET
H2 200 5515-da6bcd073351bba9.js Show response
reasonlabs.com/_next/static/chunks/ 29 KB
0 22ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/5515-da6bcd073351bba9.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: a3d351faa84b163e61747d86ad604d61d9f9caf84904585e629db1b4ce31c8d3

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::z6xnd-1723185221706-1f62e0745381
age: 241050
x-matched-path: /_next/static/chunks/5515-da6bcd073351bba9.js
etag: W/"97fc8a2d007e82a5ea121e9e913754a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5515-da6bcd073351bba9.js"

GET
H2 200 company-f58c4c93bb87ba63.js Show response
reasonlabs.com/_next/static/chunks/pages/ 14 KB
0 23ms
23ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/company-f58c4c93bb87ba63.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5de60fd3608d8385ce6427aec3d9846bc6462a742bcecec06780be71f4b05b08

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hccg9-1723185221709-992d94ab24b5
age: 241049
x-matched-path: /_next/static/chunks/pages/company-f58c4c93bb87ba63.js
etag: W/"4d9d7a54137e67b9182d3aaa760a176e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="company-f58c4c93bb87ba63.js"

GET
H2 200 700415d0cd3af781.css Show response
reasonlabs.com/_next/static/css/ 8 KB
3 KB 63ms
28ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/700415d0cd3af781.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4c97159d90c9f849ea78e5c4c3294b3198580a6a2c3354fe07f2e3aa5ce34430

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::6k4l4-1723185226381-a170cca553f6
age: 241054
x-matched-path: /_next/static/css/700415d0cd3af781.css
etag: W/"a492d26bdd9f13391d56990d16102b67"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="700415d0cd3af781.css"

GET
H2 200 ea88be26-58ed6ef11764b90d.js Show response
reasonlabs.com/_next/static/chunks/ 299 KB
0 22ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/ea88be26-58ed6ef11764b90d.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 016c702b4f5fe217c58e726cb7b5c4781e2783a1f9b05ce60c86e46358f17143

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qbskj-1723185221706-ade36e5aa922
age: 241049
x-matched-path: /_next/static/chunks/ea88be26-58ed6ef11764b90d.js
etag: W/"06fd9f72883d76e633821a2a49c5e00a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ea88be26-58ed6ef11764b90d.js"

GET
H2 200 334-32080295da286e1b.js Show response
reasonlabs.com/_next/static/chunks/ 37 KB
0 23ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/334-32080295da286e1b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5fe7a29f514066ef89528054eea95dc720cfb6debed549d0ede49ba3d041a762

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ft8xs-1723185221706-5d929257116d
age: 241049
x-matched-path: /_next/static/chunks/334-32080295da286e1b.js
etag: W/"7df4cb4701054c6232f09e0f4bc68ae0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="334-32080295da286e1b.js"

GET
H2 200 2769-806d4971ab81cede.js Show response
reasonlabs.com/_next/static/chunks/ 25 KB
0 23ms
23ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2769-806d4971ab81cede.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: bd5351c91b19c65b0641ff46e0fb0b46ea1706fce6c550ded58bfbffc5959f58

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qbskj-1723185221706-ee398aa512bc
age: 241049
x-matched-path: /_next/static/chunks/2769-806d4971ab81cede.js
etag: W/"d7f581e10d3f964cd887d56d56ad2230"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2769-806d4971ab81cede.js"

GET
H2 200 6704-0f25a7eb013f0542.js Show response
reasonlabs.com/_next/static/chunks/ 1 MB
0 23ms
23ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/6704-0f25a7eb013f0542.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5a69f125453d44dd18e9557ec61b7769dd6f45f323b8833f3a99ef6bfcc4a88e

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::nt74w-1723185221706-64298eaccef9
age: 241049
x-matched-path: /_next/static/chunks/6704-0f25a7eb013f0542.js
etag: W/"3764708a2bcac5893337a72604873fa0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="6704-0f25a7eb013f0542.js"

GET
H2 200 index-be0f6d764aebb9c2.js Show response
reasonlabs.com/_next/static/chunks/pages/ 38 KB
0 24ms
24ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/index-be0f6d764aebb9c2.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: eb524ab62c0fc128cbf46763b9aa0d94bda920950646a4e9c60fe1bb76c31eeb

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:41 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::h94q5-1723185221707-bca1b3ee200b
age: 241049
x-matched-path: /_next/static/chunks/pages/index-be0f6d764aebb9c2.js
etag: W/"85baf6f0d8b41f85b1956e1e36bbac7a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="index-be0f6d764aebb9c2.js"

GET
H2 200 4b517cf790f3d021.css Show response
reasonlabs.com/_next/static/css/ 25 KB
6 KB 68ms
36ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/4b517cf790f3d021.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1d3e2d2ae2c0142f78244ea6312afb6956c451970a90cb233f70f5b7e33de7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723185226381-7c9eb06a9919
age: 241054
x-matched-path: /_next/static/css/4b517cf790f3d021.css
etag: W/"4d8caf2a4e52c5dff358427a5604ddab"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4b517cf790f3d021.css"

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 53 KB
0 33ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY06MZMS25XS7D7S
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwUk50hkCn6rohQ%2BVTuVZpGnoNAgUuDGPhiuwXQW7C1tc30nGCLG%2BpEvqSvQWoU3oF%2BdHV9NoAwryptkRg8o8QbHdmL6QuQ5RX%2FlIBJWZ0a4%2F7rsI6FFDPQmdbeQEHQpMff51jw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6bab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 0371 66 KB
0 34ms
34ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04J1HCS93337TJ
age: 69322
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blKduWdFrQDZHDwdwmgUFrCzHL47FzzSu9jSyR6GVTuQusprObYyMXHy4mOnwu837SMhj%2Fx8ZsHbyJoBBqCEN0SF7npPNl%2Fmu3cOeVVGpKdGc7wH%2BKQ5vlHzK799TfrrNIHyN9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b760dd6cab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 236 B
0 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:43 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: XWRA5GPT825749X7
age: 69365
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gyTOQBTKukqWZHbrcwR2vaAsGkhwOZnj9XZ0ddC8%2FjJHWLZafS6NLrUsAzzpZInQwCgBjIL7Jscn79a7A4gywqaICy1tCNv7lDX4gm6bgy4qPciYFYtE%2BFYVhT5mc5BmR4mj6F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b7610d9aab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
876 B 79ms
77ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 3dd76515.786ea7f3
date: Fri, 09 Aug 2024 06:33:46 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090633463F502022C4C82CA89408-7A4F9F6036BCFE72-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 21,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=12, origin; dur=20, inner; dur=16
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090633463F502022C4C82CA89408
x-cache-remote: TCP_MISS from a23-218-222-69.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.218.222.69
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe14e579592a4e96a978b7d71ba70a49ae9c40da017aedcb9e454dd0dca5368311db6d7b4afc9e33b06d5dfb8b6b5effdef4c24a1a30f2d21010cc26826dd1d5f5a8be1900af18efe41d10134ecc971a5ee
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:46 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 4FCC 0
718 B 93ms
91ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 786ea7ff
date: Fri, 09 Aug 2024 06:33:46 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334647D292F8DDFC0E9F331C-41FB955122E41404-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=18, cdn-cache; desc=MISS, edge; dur=16, origin; dur=29
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334647D292F8DDFC0E9F331C
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 29,23.220.105.89
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a2383215296e5a2ec623573274463abb7afaefc5c07ce864f39e2a0d4a6fca4b6090888feaa086fe2de7dd15a46aeb5ba30c7e796b61b1c25b307a31355cd07c4771920fd331b00a91729aec8a0a868dee237884f
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:46 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 37E5 0
876 B 155ms
144ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 12bc87ba.786ea870
date: Fri, 09 Aug 2024 06:33:46 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809063346897C2A6116D8F8796AB2-04E3ADC65FB1BD78-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 85,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=72, origin; dur=29, inner; dur=25
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809063346897C2A6116D8F8796AB2
x-cache-remote: TCP_MISS from a23-218-222-71.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 30,23.218.222.71
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe12b90692df3aadb9897a4b2a7acf0188c5cf59e7e20df69502f2276ec7d2dbfeae2d07bcb1d17f917a5388673506dadfff054e97f3121d4d40bcd2a331e7a4c532fe964b2b287cbc9741e718297a52c41
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:46 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 441F 0
874 B 132ms
124ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 3121bdec.786ea871
date: Fri, 09 Aug 2024 06:33:46 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906334664826832D0266FA40182-13C0F658004ED6F0-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 64,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=44, origin; dur=40, inner; dur=15
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906334664826832D0266FA40182
x-cache-remote: TCP_MISS from a23-218-222-70.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 41,23.218.222.70
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe1be44922b4ddaa4885b59681991170efbce14f1c761ea8fe1c0c6b11013af8117f31ba7c7077a9249349452aa16c41b15bbc000a6f2c477ca43ba281b88ab8f2732951eb95578434e80d06b2550acfd4b
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:46 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 0BFC 0
881 B 302ms
295ms Ping
text/plain 23.212.249.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.249.89 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-249-89.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 102fb511.786ea872
date: Fri, 09 Aug 2024 06:33:46 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090633468F3AD3D06FD0ABA214E7-1C6863A53B3DFDA5-00
x-cache: TCP_MISS from a23-220-105-89.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 234,23.220.105.89
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=231, inner; dur=228
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090633468F3AD3D06FD0ABA214E7
x-cache-remote: TCP_MISS from a23-50-129-168.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 232,23.50.129.168
x-tt-trace-host: 01f49c7ffdf39d545dbf684b7a23832152a32627fffe4c237d7ffbeda645f8cbe10cc63cbeea7baa8e365dad6dd9bdd2a96b05fbe5f04e87159b14ae286024b05f1d38cf53e5dcbd46eb8cfae1f98bc1b94c8674ae4ef9a283997fe470a564e4ef4e42d55ce9e52cf58bb83f2dcca9bf1e
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:33:46 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 0371 19 KB
0 5ms
5ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 14033654
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhSYhEGOdxfA2vr8SS9409tNV0pQCyHxtEzvqXortEK%2BL38XjZr7odKcyzCosza55AG8p%2Bxp11sMt3JaTdentlWEAq0H5X1WdOkgotuKjcJznAd0NX4OkndWMsGtr0eHr0HoccQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b763eeedab78-YYZ
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 173 KB
0 56ms
55ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5Px6mPg8YcsQ5f3nk5QRiaCWj29UYGXVKr1okPeS08AU4f%2B7Aa8cr%2BdU6GQnXNHeMQ0kkjosQBNPwnY58x7k5IVdpWPt0%2ButX8YQdnjwCh6WIMUjBG%2BBwYTNeciGNu1IxST6oA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4eab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 125 KB
0 65ms
61ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yARS%2BOx6NBdqN7hp71hmx4ht5%2BHbpLixOumpopLHkfM2fCEnsCpECVivY%2FnhoWBW5qg0Rz%2Fwy0vXjBn%2BdZU5qvWtK6tLnn2JsIdvxOAUwtgcHY0TUXID147eQO0flajFSNneTKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf4fab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 35 KB
0 35ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvYO6Y3D4ji8jGgLEwgQU6x7psNmywy1S0SSahS%2FNC3dMvl8ZLrM422vq8OIcJvtwTK3jnaENmIRuXNJu5ftTkSlNsQ%2F%2FEbLYbwbS7UMTQ0nA81ENzST%2Fu8yyOrzFPJyIfExj2Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf51ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 0371 37 KB
0 36ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 69323
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBv6YmqldzP5aXqQSZccRewREpXM4BRT9zyu8dSEwGvT2S4M8vASJGAPW22%2FC%2B3dZ4PqBLtcPaANRhuWsAYkVOOFQ7fSKAcY7mjuKykEqDLm5buWe0zXuoYgOj9SC0WaS%2FVP%2BfY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf52ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 0371 12 KB
0 32ms
31ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 69263
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lG56KZ9HL3%2BMedpHl1rCYlFE8IcBISkw8nWk0PmkPrtXSqSBhz4sBXGL8%2FZKiPQ0FqLDh%2FBSA7r6Hk6rYa5eZWiMb%2B0EuWNKfsttw1tZCtAPbLskzVWhh%2FoGR1MuehNNBvszeU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05b764bf53ab78-YYZ
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 0371 131 B
0 1ms
1ms XHR
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:33:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 94
x-zendesk-origin-server: embeddable-app-server-855d4bc785-5s88m
x-cached: HIT
x-request-id: 8abe694a29d939c3-YYZ
x-runtime: 0.012941
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZjABHjjV6%2BBo6mWenJQ6Q8LMC24lj6qjjDtlphu6ORLv6iv5pn4UIbkH5lf4oS5D7qRfIWSDQzq0l0FLC9x%2BvkASTHOQjJkI2vPtNriWU%2BH7rN0tFcatvlKIUvEsPn13v7A%2Bk7s4Oyvj7Pk"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05b7672cfeac28-YYZ

POST
H3 204 collect
analytics.google.com/g/ Frame 4FCC 0
0 47ms
47ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723185221456&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=6043
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame 37E5 0
0 41ms
41ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723185222881&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=5894
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame 441F 0
0 41ms
41ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723185223088&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=5911
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame 0BFC 0
0 41ms
41ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723185224752&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1384536247.1723185222&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723185222&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=5689
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:33:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reasonlabs.com/	1970-01-21 07:25:21	Name: ruserid Value: 03980eb5-e4b4-4247-b365-6724c925bc4b
.tiktok.com/	1970-01-21 08:01:21	Name: _ttp Value: 2kPVVQH4JDI5Ci7K6UCcWgG5yig
.reasonlabs.com/	1970-01-21 08:15:45	Name: _ga Value: GA1.1.1384536247.1723185222
.reasonlabs.com/	1970-01-21 08:01:21	Name: _tt_enable_cookie Value: 1
.reasonlabs.com/	1970-01-21 08:01:21	Name: _ttp Value: kdwzL23s2nfjqUwrS7NwVR5Zii3
.reasonlabs.com/	1970-01-21 00:49:21	Name: _fbp Value: fb.1.1723185222397.196815036283349287
.twitter.com/	1970-01-21 08:15:45	Name: personalization_id Value: "v1_Io0l8VI8H8EE62rdXKtkLQ=="
.t.co/	1970-01-21 08:15:45	Name: muc_ads Value: 2d1cd2aa-5ba0-46ba-8338-5f2e17e1da05
.doubleclick.net/	1970-01-21 08:15:45	Name: IDE Value: AHWqTUn0CnC5-xbhuPRzvkyMjsQrq-juOZEIl9immnknzmjiU8me0aiCTeClQtbL
.reasonlabs.com/	1970-01-21 07:25:21	Name: __zlcmid Value: 1NAmvlNemLMsRNg
.reasonlabs.com/	1970-01-21 08:15:45	Name: _ga_EWLR9P86R1 Value: GS1.1.1723185222.1.1.1723185225.57.0.0
.reasonlabs.com/	1970-01-21 07:25:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Aug+08+2024+23%3A33%3A46+GMT-0700+(Pacific+Daylight+Time)&version=202211.1.0&isIABGlobal=false&hosts=&landingPath=NotLandingPage&AwaitingReconsent=false&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
widget-mediator.zopim.com/	1970-01-20 22:49:50	Name: AWSALBCORS Value: C/Klab+Jggm+7Uknkm9aLIWTjnaHVplzn2VNf9IJd/pmmuepXHc5kLKATeFEo5V5CNYD46lbLOwsmmBWdoeMTA5S+2QoOPTJiGAs+pqPfM+XBNyCBVTTwpvnplR1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
analytics.tiktok.com
analytics.twitter.com
cdn.equalweb.com
cdn.reasonlabs.com
connect.facebook.net
cookie-cdn.cookiepro.com
ekr.zdassets.com
geolocation.onetrust.com
googleads.g.doubleclick.net
pac.rlproton.com
reasonlabs.com
reasonsecurity.zendesk.com
static-cf.cleverbridge.com
static.ads-twitter.com
static.zdassets.com
stats.g.doubleclick.net
t.co
www.facebook.com
www.google.ca
www.google.com
www.googletagmanager.com
104.16.243.229
104.16.51.111
104.18.15.62
104.18.29.127
104.18.70.113
104.18.72.113
104.244.42.195
13.32.151.63
146.75.40.157
157.240.229.1
172.217.197.104
172.253.63.94
172.67.71.113
173.194.175.97
173.194.207.157
209.85.144.157
216.239.32.181
23.212.249.89
3.162.103.75
31.13.66.35
72.21.81.130
76.76.21.21
016c702b4f5fe217c58e726cb7b5c4781e2783a1f9b05ce60c86e46358f17143
04dfafbc5fe883fde964a85d80ca6fa19d06db854e82aa0549b0d66547d8397c
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
052e6be56abff0379a8cb7e92e759b19e1e43d1ddd22458fc71600ae7a18077b
0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e
08883e0f0fd0db967a7c9875e12aef7e951ca023456e90be517405c28c029e2e
09de44220d2f31175ac2e93526479d1f346c3f61a64a18d971129aba27746832
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14
0e029c4f4d1e048ed38d6a56c7c857034ee2fee1c5fc27a2cd6d5cb80df68cb5
0f4e7b1971244d3bbd0587403e399829cdbb2ab499269b85cbc47efc3a6141a4
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
15928a00dd5079d986641664c08efcf8a9dac72ca4f905e38b1a0c30976ab973
15a1f0bb005ee2d4d9c84410aad1bcd9ff6e36686573fe3e0a4959d7df79eed3
16525b2c2e97533f3b8567d3238b2fe2accbc75bf0f3262fce0b1cd07b676120
1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7
172ca2ee9eef5c6b46bb828d6ead12caa09400d76d58d8b11080de0e8a6cc202
17c6bdb8c5eb4f42c8a3ba5ec378bee05df5e0777f26fd826931f2173a99eeb8
1d3e2d2ae2c0142f78244ea6312afb6956c451970a90cb233f70f5b7e33de7f1
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4
20eaa1a63aedbf0019f8562605496a18af58ff9c9850f502f1c40946b16f753c
25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660
287d58587a729034072a58fc0738bb876bdea908dc0d6fc86c7f83e6c6e008ba
29ef19e05f73b9d30ac355e7ef49e6a81a6f31b8da31fc61c60c524f196b4904
2a87f6cb4f4fbfddf6fce3e1a3f40af0e1d0b73bde26507a0fc4505b4e75e174
2ded1de717c67321667c2e78389eb399d1b996469fd1500c9c5d5f7561085d05
2e1d5bfbec317e501c989b9215d8153e6c71894003742a2cb94be3ed9701339e
2eb499ec1df28add1ce48be0f9ec2cba7d6b7ab4c9316474a9ef1f0566d4351a
2ff34f763ac8d45e73740b469ed434ee600d3263211dfba79b6f2b1c73e8bde7
301c0686904a489da3626d6592dc4cb3a4e157bd0638fcfbcd66da78b8c9445e
3032151e0f9e05a54e0e95ee99700003682894d02070c76727c239d4732efc8d
3187d2113abc1ec76fbc938ef426e2635f5f961dd48292062ac2e5506380f85e
335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d
34c6c382cc128c236adbb602584b773cb511b4347f0179779d781b4a8b291dfd
35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e
36809553a0e6234f000c7e617c3528e23f0d1500599c37ee176e078b7026515b
36c93b58f03ecca968f0a0369e2396c5c29a06efc3ecd99fae1d13b0a973ada2
37e1e0aef2082b7d2537bd3de9cbcc6432c84345a3a60f8280e3fb9c7cecf48d
3a3170e91ef6263fa67eaaf04dd38d9d54df98e9339f122b587392732d7661bc
3aade53fdf55b8055fb9dc90732c4e7f470b9d695d8668d601a106c52274ce9f
3ba8e9bca43cf0ec1c74472b11d9fdb32b1ae5a23e798a55e2ad4d2f48136f7d
3c95513f8712f777277c207389532617e95a7f2db6f64d32e2c2a283b512d196
3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073
3e6daa2794363d6ab8c7adb8a182a9b18c5b025147af53feb7af58b11da5b7be
3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb
4058f6bce930def884b0fa7d3f0b2a8893767aea046838c23716c1f9021a5986
407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
41f923dfdeaae8120e92c0a48fbdcdf033cb927f57a053d1c8feefcb3dde7a35
420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f
435e173afb0a80e150da0e651c05398b07280fc8790e02129e925afdbe0ba6ad
453f8d94af003ea1b202d17babe41fa00d9b1c14825dc735c5e9c7038d5017a0
46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de
46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66
476245c8c89e381f57b178924bfa750abd88a47e8d9b7c939e7fd32e61a4c46f
4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4
4847b086042c1294a866ed1a9274fe3133d9436ad69d9c5737b25c1a6e9c3d1c
4c97159d90c9f849ea78e5c4c3294b3198580a6a2c3354fe07f2e3aa5ce34430
4cccf9057ca970c60f96f27bfc9dc8443996885a1dc059bdc7329aa660584cc3
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
4e55d5f5427fca42b8a095cc80375fddd7075fdf475cc5957a1c58d0fbd47703
4ecddf8410494cea5379e00170ab1328db3a246482336104c9d7572b852b485d
4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c
55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130
5a13a3549c2d1a7d616fa512ad14beb5c27a1040a752c1bb3972853f1529407b
5a69f125453d44dd18e9557ec61b7769dd6f45f323b8833f3a99ef6bfcc4a88e
5b1de48f15a736cfc90e852297faa51c00861f71082e590de34b5414a4f189b8
5b1dfcadb7fc6e398a1c67b49c0b20bba912a7bd47abaf6517d4e04cff67e3e0
5b5249e69847e7c1b146876ceb34463fd6f82a4a747ff26da2bdf9784b3e5b24
5d388757c2dfd2793a4047c2f3031d6cbb707408adbd9eae443d7902bd1a72c2
5de60fd3608d8385ce6427aec3d9846bc6462a742bcecec06780be71f4b05b08
5fe7a29f514066ef89528054eea95dc720cfb6debed549d0ede49ba3d041a762
60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7
65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0
65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c
6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3
6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b
734e12ea5d89fc6c8da84f0eac2ee9bc479ee728fa25d5f24d279a881429b3e2
7421ded58b0b66795aac889dd51d394477f7bd2252448af4c3219bf2ce6863a2
754e7795ae6899ee54bbc4d7ddf9b515f4c07d7dd4f3c15f7319ba3cb1a62b0b
786dd0b17ecf4df37a3f900e719bd36c61ae73e13e2d7187980b8852ccab0278
7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc
7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f
7fce7079cc8c55b7482809b9cae560338a38beb1c8fa165ededf78def0e65c88
81114370a44b3e7a14b193d85d39ac0573f3a2e742a658ae1063db31b8bf444f
816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b
836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a
83f9442b0ae777927d2d88bb8eb41e76d4379ac404084e716528a46ecbf6433b
84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8
8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa
8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4
8a5bcace9ac4612a8d5fe7e38adcb49bed25cc3f52c40fabb2031778e1febfef
8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162
8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447
8e4fbd3919e6cd699518666936aae750b3df6fe994b459da03fdd1d18ae3f88d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5
983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811
9b62cefcd86e6b76fadb64fbc35571884c70ae41fcd5eb824c9b99979fc4d392
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a109878c0662bba5d28433d4f0b92077fbabcabb0cfcb4b14bda19987174e55e
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
a360bd9dde2c64d5f43feae453b7d563ef0743af0a55e44e05ffcddaa933e958
a3d351faa84b163e61747d86ad604d61d9f9caf84904585e629db1b4ce31c8d3
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c
a5b37639bb49072fc2fc35a93952f862f855165d83d45dce33cd4dc80fae2489
a866af5bc256894915b0989df635ed39468ae4a85b6708fd5be3da0f1569bd4b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab98e00318002d085dbc4e9bbed830237b9f91b8cb10ee4776f864086d4f9522
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afabe80d0da822ecb48dab7940c89b31f8c0b1cebfeb27d1654bcb4e3fea4a02
b0f3b1e96730ac8e5dfeed671562469a45d96beddae9f4e629beb9d43fc6ea04
b2e9e3242b4c5c071d18fc9c901e0332a95a3eb0e7c95bf59dbff6484eb3e30a
b37ca6c575afd9835dad0665bdecd6af5d5ec0d79a6ae8f526ee6a76dd9420ef
b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d
b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8
b499f9cc78d42c5fb07c17e9138efd2a802d1a79f3db0ab41a5a7cf49ccc590a
b7215ebc7a1b946221540e6f87e4d270f66fb76d2d9d5d8d783e4faaf5a93366
b8939b22a328efa2a65b21503b1d86365b8c52cc80e3d4378938b99a7c3016c3
bd5351c91b19c65b0641ff46e0fb0b46ea1706fce6c550ded58bfbffc5959f58
c36fca529a1a48b0f9b1dd80d71b7323633566d95dec0a1713dac262d48739e4
c3cc8f83ee55e1f06b08a7b4fc3f88ced78fbafe94b62c429d44000cd432a360
c4e409aa158a0a803ce2da327e85ab26193bdf08d4fa778bb95ab349251c2242
c56494b7e0c445e01d2fee0de214450debb0bd77d23c214fb71b0f044f810d1d
c98642e3367866a5926b51ddaa9306bb49135d2b0550a3ea06ca3fc9b41b83c8
cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233
ce5a0525d35ec2fbf605e9d8fd039ba6f62ee7897255d1f1b9d7107300acb8e2
ced7b72b89b45eb74f0b4ec551ad42a70b9343dca7597d140932c02fb6aff732
cf053499e338013d7e8929675faff0aff58ea8ef1e4d7895dec469346902d0de
d027d470e3f60b5a4cc6675454ed5fffc34b3ba54480ecc6099ab18973b6d5c7
d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1
d3698c70b88abb2a94a0ed5e90cadb42c262a07a0b972fc314a154e575ba3c6b
d52b60198aab783248d1d0d3dd27504a1c8581d7d34c81d9788ee4a4082ec30a
d63f684661d8c2cf70e4922f5ab970f46de575328d0c7a7c6276c61fe90a5299
d6ed4f4a721773158495d76312e5f497a348a79913565b1d89c7bc5ade95b163
d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857
d8d7ae40315aaf92f9393c1a514e56dbba1b2b4410d648cf8e51b3d3fbeff0e1
dc13a24b6ecd3b6e6412a108aa5ba5f7271a1ba3df048cc088b6dceedcd605cc
dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232
dca4cbb98102d13ad9acbaef3347e5237f2ebd2954ef40889877e772e6a96e7c
e13a8d24930fe4efaab9c57441033713336a54805d3528b1565c6338f375f243
e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124
e3780c591e793a4234ab85343970b697ca6bbc0591e0739790a74ef6d3256dac
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ddd6dfeee98cca3295e79b96700162959cd13d1014d43db1ba865335d68fbf
e4555830139e39462eb55cd2d2e9be862f59ed313be48c8c27474f91bcad2530
e4aa9a902b83ce9975b9cb1817997dec501aad56141f41f437d02ecca4e24b08
e4e40b3944928b3b43a2847d5823b893d34c3861eb285ed5275d9601bb043ef8
e509d2827ac8188e41bbf642e036e4f3b7405a68036022d94eaab96c47a0d31e
e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28
e53cacecb4f6b51948407a352f63bd4b8f4a437393f5a304af76441a2fe47713
e61a2227b4f8927a7bb04c00abf4470c65280bbd7be7c6d3c6645889818671be
e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665
e974d84489664f0ff60bb76d7b3565752e71391c36e5d1e1742868f0cff4d647
eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7
eb524ab62c0fc128cbf46763b9aa0d94bda920950646a4e9c60fe1bb76c31eeb
ed4487e444877efefe1093519d07f9cea62519c93f40562e54a0c26b93346399
eed7f235ef695c1cf88567e5688b332740677653c9728786d40b22fdee04099c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff2c68552f68a310adf531ba016021cb7a6b3d40ef9cc10fe9f4baea839898c
f19aafb8794e426a2f46e55f0a0ccb386ad75cb1b3369c6330a03e7694187a96
f3c00a8330d85db4a636380a3a8f372fe033a6b2eb607c1d67d98fc171e49e5a
f479d1a918a87dbce20cb7d49b06935c4758166ff9382b2c5846b7124943e42c
f59ba6d4aeadef79593be7fd3cc38f7a8086e9c11420a0f2ebe057ae7813d8ea
f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09
f87adcffe1607717e5111488c32d471f7278b0df8a7a0d09b3f62d079cedb07f
f8b61e4330e6492cd191460e3218856657651c3d64a5c6b39d02cb9d5547bd90
f92b0855ca604ce5286ede5299696e3bfc2cc676f5a9f481fa650d9069018a51
fa7e5fd43939dc33c5e445b73aef73f85bfc52de6ce84e303dad90ebbc514937
faa902d968312dcd1a8df12afc85dec2f10d3dac22898ac750a9889691702970
fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c
fb90522969c237bc317a446eb92155ec2531f7835d2201554f8684dca1185142
fec6b37efbcb6c56c57f75d454bb3d31df2c8a8ff51d4a866d91329fd315c5b9
ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

reasonlabs.com Open in urlscan Pro 76.76.21.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

413 Requests

100 %HTTPS

0 %IPv6

18 Domains

22 Subdomains

23 IPs

2 Countries

2597 kBTransfer

25959 kBSize

13 Cookies

20 Outgoing links

Redirected requests

413 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 84 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reasonlabs.com Open in urlscan Pro
76.76.21.21 Public Scan

Screenshot
Live screenshot

Full Image

413
Requests

100 %
HTTPS

0 %
IPv6

18
Domains

22
Subdomains

23
IPs

2
Countries

2597 kB
Transfer

25959 kB
Size

13
Cookies

413 HTTP transactions
84 data transactions