urlscan.io logo urlscan.io
SecurityTrails logo

www.mac-forums.com Open in urlscan Pro
192.124.249.5  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Submission: On July 20 via manual from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 6 countries across 14 domains to perform 71 HTTP transactions. The main IP is 192.124.249.5, located in United States and belongs to SUCURI-SEC, US. The main domain is www.mac-forums.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 18th 2019. Valid for: a year.
This is the only time www.mac-forums.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

23    192.124.249.5 (United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10005.sucuri.net
www.mac-forums.com
23    2.18.235.93 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
lg3.media.net
hblg.media.net
1    2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
8    2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.de
googleads.g.doubleclick.net
www.googletagservices.com
2    151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)
s.skimresources.com
1    2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
2    2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2.16.186.50 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
qsearch-a.akamaihd.net
3    35.190.59.101 (Mountain View, United States)

ASN15169 (GOOGLE, US)
r.skimresources.com
3    35.201.67.47 (Ascension Island)

ASN15169 (GOOGLE, US)
t.skimresources.com
3    35.190.91.160 (Mountain View, United States)

ASN15169 (GOOGLE, US)
p.skimresources.com
2    2a00:1450:4001:825::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    35.190.40.172 (Mountain View, United States)

ASN15169 (GOOGLE, US)
api.skimlinks.mgr.consensu.org
2    35.244.255.22 (Mountain View, United States)

ASN15169 (GOOGLE, US)
x.skimresources.com
2    147.75.102.200 (Central, Hong Kong)

ASN54825 (PACKET, US)
loadeu.exelator.com
1    195.181.175.55 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
load77.exelator.com
2    34.245.253.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.crwdcntrl.net
Domain Requested by
23 www.mac-forums.com 2 redirects www.mac-forums.com
16 contextual.media.net www.mac-forums.com
contextual.media.net
5 lg3.media.net www.mac-forums.com
contextual.media.net
4 pagead2.googlesyndication.com www.mac-forums.com
pagead2.googlesyndication.com
3 p.skimresources.com www.mac-forums.com
3 t.skimresources.com www.mac-forums.com
s.skimresources.com
3 r.skimresources.com 1 redirects www.mac-forums.com
s.skimresources.com
2 sync.crwdcntrl.net 2 redirects
2 loadeu.exelator.com 2 redirects
2 x.skimresources.com 2 redirects
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 hblg.media.net www.mac-forums.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 s.skimresources.com www.mac-forums.com
s.skimresources.com
1 load77.exelator.com
1 api.skimlinks.mgr.consensu.org s.skimresources.com
1 qsearch-a.akamaihd.net www.mac-forums.com
1 stats.g.doubleclick.net www.mac-forums.com
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 www.googletagmanager.com www.mac-forums.com
71 23

This site contains links to these domains. Also see Links.

Domain
itunes.apple.com
support.intego.com
developer.mozilla.org
www.google.com
xenforo.com
Subject Issuer Validity Valid
mac-forums.com
Go Daddy Secure Certificate Authority - G2		 2019-08-18 -
2020-08-18		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2020-02-25 -
2021-05-26		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
*.skimresources.com
DigiCert SHA2 Secure Server CA		 2018-09-13 -
2020-10-07		 2 years crt.sh
*.google.de
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1		 2019-08-13 -
2020-08-12		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
api.skimlinks.mgr.consensu.org
DigiCert SHA2 Secure Server CA		 2019-10-04 -
2021-10-07		 2 years crt.sh
1605158521.rsc.cdn77.org
Let's Encrypt Authority X3		 2020-06-09 -
2020-09-07		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Frame ID: 49E0FD40EEA94CE6FD4E0EAB283D218C
Requests: 53 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200715/r20190131/zrt_lookup.html
Frame ID: 581E478F448E87DFC4F51591001A6046
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBLC6P18&prvid=80%2C82%2C97%2C109%2C175%2C178%2C226%2C3015&rtime=6&https=1&gdpr=1&gdprconsent=2&usp_status=0&usp_consent=1
Frame ID: 072CD64B5867A97FF4C8800E148AA60B
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&size=728x90&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&nse=0&vi=1595213080711793920&lw=1&ugd=4&rtbs=1&ntv=1&nb=1
Frame ID: 5361955B12FDF67BA2263BC62FDC2EE8
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3236772477570922&output=html&adk=85976724&adf=3412083302&lmt=1595213078&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1595213080189&bpp=12&bdt=885&idt=267&shv=r20200715&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=717907826352&frm=20&pv=2&ga_vid=1873965501.1595213080&ga_sid=1595213080&ga_hid=979012990&ga_fc=0&iag=0&icsg=576128&dssz=17&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066005%2C21066649&oid=3&pvsid=1714629757232862&pem=916&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=283
Frame ID: 22321C1D872B05C9EE1D33918013633A
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/mediamain.html?&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&pid=8PO3Y63HC&size=728x90&cpnet=yVb1sHm-0KIh29BOFTjjrGjDZ5mdsG3AT4eGFjXhH8Y%3D&cme=eEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7C&https=1&cc=NL&bf=0&staticIframe=1&vif=1&vi=1595213080711793920&lw=1&ugd=4&ib=0&bid=279249&nb=1
Frame ID: 9FD7EC6F1D62318439F0C496CB91C862
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/mediamain.html?&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&pid=8PO3Y63HC&size=728x90&cpnet=yVb1sHm-0KIh29BOFTjjrGjDZ5mdsG3AT4eGFjXhH8Y%3D&cme=eEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7C&https=1&cc=NL&bf=0&vif=1&vi=1595213080219678390&lw=1&ugd=4&ib=0&bid=279250&nb=1
Frame ID: 1C852575F29EEF6CAF8A1BEBCE75C2C2
Requests: 1 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.4358333796399241
Frame ID: 84993B96AE662C521AF611649D020645
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 181AD23274950DE34396EA8468A65CE9
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/8/nrrV73987.js
Frame ID: 7B6503FEBDA0F02A5B67EA7FB02478AC
Requests: 4 HTTP requests in this frame

Frame: https://contextual.media.net/8/nrrV73987.js
Frame ID: F2927CF198F29E20AF7CC95830852530
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

71
Requests

100 %
HTTPS

33 %
IPv6

14
Domains

23
Subdomains

16
IPs

6
Countries

1367 kB
Transfer

3370 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.mac-forums.com/forums/images/member_badge.gif HTTP 301
  • https://www.mac-forums.com/images/member_badge.gif
Request Chain 15
  • https://www.mac-forums.com/forums/images/badges/MFSeniorMember.png HTTP 301
  • https://www.mac-forums.com/images/badges/MFSeniorMember.png
Request Chain 38
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=979012990&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&ul=en-us&de=UTF-8&dt=What%20now%3F%20Trojans%2C%20etc%2C%20reported%20%7C%20Mac-Forums%3A%20The%20Everything%20Apple%20Community&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAUAB~&jid=867236576&gjid=392922344&cid=1873965501.1595213080&tid=UA-112917213-1&_gid=1586010585.1595213080&_r=1&gtm=2ou783&z=1610408937 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-112917213-1&cid=1873965501.1595213080&jid=867236576&_gid=1586010585.1595213080&gjid=392922344&_v=j83&z=1610408937
Request Chain 44
  • https://r.skimresources.com/api/ HTTP 307
  • https://r.skimresources.com/api/?xguid=01EDN1QT6VKG80CN037903Z3YN&persistence=1&checksum=1bb94efc3d041df1fba8281019960f3c0260921c92583d1fe4e9d55776d7b8d4
Request Chain 62
  • https://x.skimresources.com/?provider=exelate&gdpr=1&gdpr_consent= HTTP 302
  • https://loadeu.exelator.com/load/?p=787&g=001&j=0&gdpr=1 HTTP 302
  • https://loadeu.exelator.com/load/?p=787&g=001&j=0&gdpr=1&xl8blockcheck=1 HTTP 302
  • https://load77.exelator.com/pixel.gif
Request Chain 69
  • https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
  • https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=199232e5b848b4f32b5930840907dbae HTTP 302
  • https://p.skimresources.com/?provider_id=199232e5b848b4f32b5930840907dbae&skim_mapping=true

71 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/ 		130 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
075f70eb719cc0c2dfe53021529cf3af737ed09bd896374861befd49a594d399
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.mac-forums.com
:scheme
https
:path
/threads/what-now-trojans-etc-reported.357297/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx
date
Mon, 20 Jul 2020 02:44:38 GMT
content-type
text/html; charset=utf-8
content-length
24284
x-sucuri-id
19005
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN SAMEORIGIN
x-content-type-options
nosniff nosniff
content-security-policy
upgrade-insecure-requests;
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
private, no-cache, max-age=0
content-encoding
gzip
vary
Accept-Encoding,User-Agent
set-cookie
xf_csrf=LHMDavrOpp0CXzt1; path=/; secure
last-modified
Mon, 20 Jul 2020 02:44:38 GMT
x-sucuri-cache
MISS
fa-regular-400.woff2
www.mac-forums.com/styles/fonts/fa/ 		166 KB
166 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/styles/fonts/fa/fa-regular-400.woff2?_v=5.12.1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
1347ac5037cc8eab1f63005e4767f2595a685e7fe47bfecafd181704e65aac12
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Origin
https://www.mac-forums.com

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
font/woff2
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-solid-900.woff2
www.mac-forums.com/styles/fonts/fa/ 		135 KB
135 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/styles/fonts/fa/fa-solid-900.woff2?_v=5.12.1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
ea1f1cd8dd93d32f9b337df9b9faf9073015353f384895a59e743eb5ddce47d4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Origin
https://www.mac-forums.com

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
font/woff2
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-brands-400.woff2
www.mac-forums.com/styles/fonts/fa/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/styles/fonts/fa/fa-brands-400.woff2?_v=5.12.1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
c8f7932217a70a360d6b40a128f6822553c178fef1d9c27419f5f5f252163fdc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Origin
https://www.mac-forums.com

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
font/woff2
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
dmedianet.js
contextual.media.net/ 		410 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU7H65N5
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8dbcd3880ba5560994daabb76ed869e223154f10fe378ebddd9e4c350cf68e72
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h
8-8
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag
"511c095d3a5206bff4e6a0ba95f5cc26"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=2400
date
Mon, 20 Jul 2020 02:44:40 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-21
expires
Mon, 20 Jul 2020 03:24:40 GMT
css.php
www.mac-forums.com/ 		372 KB
79 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=1&l=1&d=1595194949&k=76526f8a3d7a5279bb6b0c83dba877c3abfb7ee8
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
1ef075fc0ba85556266dc10ee72dd278d8b3d9b77778054a187fbd9e83022e4a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
80501
x-xss-protection
1; mode=block
last-modified
Sun, 19 Jul 2020 21:42:29 GMT
server
nginx
x-frame-options
SAMEORIGIN, SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
expires
Tue, 20 Jul 2021 02:44:39 GMT
css.php
www.mac-forums.com/ 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/css.php?css=public%3Abb_code.less%2Cpublic%3Alightbox.less%2Cpublic%3Amessage.less%2Cpublic%3Anotices.less%2Cpublic%3Ashare_controls.less%2Cpublic%3Aextra.less&s=1&l=1&d=1595194949&k=3ec5e862f94e1ea9f36837ca7b6cd814af46cf48
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
72bcf197c95b99e7aa10fd62f5f77c92ef710f99337945ea6d0aea7a51aa5ec4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
12011
x-xss-protection
1; mode=block
last-modified
Sun, 19 Jul 2020 21:42:29 GMT
server
nginx
x-frame-options
SAMEORIGIN, SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
expires
Tue, 20 Jul 2021 02:44:39 GMT
preamble.min.js
www.mac-forums.com/js/xf/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/js/xf/preamble.min.js?_v=7dc0cd7e
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
5b68d64d1694238e799940087640d808b264eb18252f407628c28514d60c8c8b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
1661
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
js
www.googletagmanager.com/gtag/ 		85 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-112917213-1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
11e1e258b72d459a9e533428b8bbd0157ae8392c2f299eb24b1b210e5c42b456
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34153
x-xss-protection
0
last-modified
Mon, 20 Jul 2020 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 20 Jul 2020 02:44:40 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		117 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9d45ceeab7b570e1d2bc653f4b6c66b41192e3c42ec4491c2a725547db042261
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42344
x-xss-protection
0
server
cafe
etag
17287300223616214041
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 20 Jul 2020 02:44:40 GMT
logo.png
www.mac-forums.com/images/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/images/logo.png
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
de0608cbbcaf661fc49b66c039892d676637112d662d57f307e0d6ffbd83b1ce
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
67948
x-xss-protection
1; mode=block
last-modified
Sat, 18 Jul 2020 22:07:14 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
nmedianet.js
contextual.media.net/ 		411 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/nmedianet.js?cid=8CU7H65N5
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3910561cab6416ac56a7760fb944b08d008e8851ae861b9cf351ac066e78d604
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h
8-10
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag
"6fe4c07e901473a19e544cdba18f6ee3"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=2400
date
Mon, 20 Jul 2020 02:44:40 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-16
expires
Mon, 20 Jul 2020 03:24:40 GMT
member_badge.gif
www.mac-forums.com/images/
Redirect Chain
  • https://www.mac-forums.com/forums/images/member_badge.gif
  • https://www.mac-forums.com/images/member_badge.gif
302 B
651 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/images/member_badge.gif
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
53f4e9922ab16032005958c2925cba38a4379a0bc59b2f557737bbc3d4dd3379
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
302
x-xss-protection
1; mode=block
last-modified
Mon, 24 Sep 2012 13:56:25 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
server
nginx
status
301
x-frame-options
SAMEORIGIN
content-type
text/html; charset=iso-8859-1
location
https://www.mac-forums.com/images/member_badge.gif
x-sucuri-cache
HIT
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
258
x-xss-protection
1; mode=block
expires
Thu, 31 Dec 2037 23:55:55 GMT
110816.jpg
www.mac-forums.com/data/avatars/m/110/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/data/avatars/m/110/110816.jpg?1592580494
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
5edca38cc210733217d293d54943925abd5826fbae1602c5db5f41dc242d0206
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
2644
x-xss-protection
1; mode=block
last-modified
Mon, 06 Jul 2020 16:38:55 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
67742.jpg
www.mac-forums.com/data/avatars/m/67/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/data/avatars/m/67/67742.jpg?1592580457
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
be66cd979bdde17afb4cec6b8ac22a83e4c2620bce93fc325bf5323eadbaf80b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
2201
x-xss-protection
1; mode=block
last-modified
Mon, 06 Jul 2020 16:38:13 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
396914.jpg
www.mac-forums.com/data/avatars/m/396/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/data/avatars/m/396/396914.jpg?1592580603
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
f31654a65e3c1870984e85a49c76ded0716a27e6c8e0ef7298692ab1aae418c1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
2682
x-xss-protection
1; mode=block
last-modified
Mon, 06 Jul 2020 16:40:27 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
MFSeniorMember.png
www.mac-forums.com/images/badges/
Redirect Chain
  • https://www.mac-forums.com/forums/images/badges/MFSeniorMember.png
  • https://www.mac-forums.com/images/badges/MFSeniorMember.png
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/images/badges/MFSeniorMember.png
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
d94b98b52ff99c8eb1342454183b2472b81bab68ce4745a7ceb1cd6d0348089d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
2130
x-xss-protection
1; mode=block
last-modified
Mon, 24 Sep 2012 13:56:15 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
server
nginx
status
301
x-frame-options
SAMEORIGIN
content-type
text/html; charset=iso-8859-1
location
https://www.mac-forums.com/images/badges/MFSeniorMember.png
x-sucuri-cache
HIT
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
267
x-xss-protection
1; mode=block
expires
Thu, 31 Dec 2037 23:55:55 GMT
190607.jpg
www.mac-forums.com/data/avatars/m/190/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/data/avatars/m/190/190607.jpg?1592580548
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
2ab32d1ddbfbd958d17537c6adaf7b36e62baccc9a9ef3f39292de82c0626c6c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
2266
x-xss-protection
1; mode=block
last-modified
Mon, 06 Jul 2020 16:39:41 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
175845.jpg
www.mac-forums.com/data/avatars/m/175/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mac-forums.com/data/avatars/m/175/175845.jpg?1592580541
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
faec57a073037f769adaa8226c659ab645b929f3160aefb6ad5aeeb382e681a3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
x-content-type-options
nosniff
status
200
x-sucuri-cache
HIT
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
9219
x-xss-protection
1; mode=block
last-modified
Mon, 06 Jul 2020 16:39:32 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.4.1.min.js
www.mac-forums.com/js/vendor/jquery/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/js/vendor/jquery/jquery-3.4.1.min.js?_v=7dc0cd7e
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
30677
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor-compiled.js
www.mac-forums.com/js/vendor/ 		71 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/js/vendor/vendor-compiled.js?_v=7dc0cd7e
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
119706abf6f2628df34cc02ea9b4dad78e7276c36daca18c456aab958b3ad655
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
21739
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
core-compiled.js
www.mac-forums.com/js/xf/ 		201 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/js/xf/core-compiled.js?_v=7dc0cd7e
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
97b669e34658649d4ca39218dbfe2ade500d2b7a441207911839c3e9c9524f3f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
lightbox-compiled.js
www.mac-forums.com/js/xf/ 		56 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/js/xf/lightbox-compiled.js?_v=7dc0cd7e
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
c65709dd1c6347f5589d17b78ed202e3d8dcfb652e50df0a260ec3d0fd86791d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
14328
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
notice.min.js
www.mac-forums.com/js/xf/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/js/xf/notice.min.js?_v=7dc0cd7e
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
07c6e6a76275666257a3b3f654e9021a3c6f89090a5df2cf5fe5e9cb5709b92a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
x-sucuri-cache
MISS
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
content-length
1759
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jun 2020 14:36:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
133510X1596532.skimlinks.js
s.skimresources.com/js/ 		60 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.skimresources.com/js/133510X1596532.skimlinks.js
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41bc89b9a13f00d85e345176542c35287df4d69590602bc1953049199e083749

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
last-modified
Tue, 30 Jun 2020 15:42:48 GMT
server
AmazonS3
x-amz-request-id
A3FCAB5D70B3B962
etag
"807f0f36233f506f3cec961a18388634"
x-hw
1595213080.cds068.am5.hn,1595213080.cds125.am5.c
content-type
application/octet-stream
status
200
cache-control
max-age=3600
accept-ranges
bytes
content-length
22589
x-amz-id-2
QvsavLR8/Bv+yELlArkRkqpyGGzFFdnMu4NqoUzIRPyqEJDu40USSPetLS58zzc8CN1NPhFLKZo=
integrator.js
adservice.google.de/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.mac-forums.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.mac-forums.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200715/r20190131/ 		220 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200715/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8e98d84da2424bc7e75d8816697cb36062860d91b3cfdcba1d5a3083d076e931
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
84780
x-xss-protection
0
server
cafe
etag
2308157152436191864
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 20 Jul 2020 02:44:40 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200715/r20190131/ Frame 581E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200715/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200715/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Thu, 16 Jul 2020 10:06:22 GMT
expires
Thu, 30 Jul 2020 10:06:22 GMT
content-type
text/html; charset=UTF-8
etag
1809543571055990350
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4277
x-xss-protection
0
cache-control
public, max-age=1209600
age
319098
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-112917213-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
6502
date
Mon, 20 Jul 2020 00:56:18 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Mon, 20 Jul 2020 02:56:18 GMT
checksync.php
contextual.media.net/ Frame 072C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBLC6P18&prvid=80%2C82%2C97%2C109%2C175%2C178%2C226%2C3015&rtime=6&https=1&gdpr=1&gdprconsent=2&usp_status=0&usp_consent=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7H65N5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBLC6P18&prvid=80%2C82%2C97%2C109%2C175%2C178%2C226%2C3015&rtime=6&https=1&gdpr=1&gdprconsent=2&usp_status=0&usp_consent=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/

Response headers

status
200
server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Thu, 21 Jan 2021 02:44:40 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2382146805006061000V10; Expires=Tue, 20 Jul 2021 02:44:40 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=27890
expires
Mon, 20 Jul 2020 10:29:30 GMT
date
Mon, 20 Jul 2020 02:44:40 GMT
content-length
6793
rtbsmpubs.php
contextual.media.net/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBLC6P18&region=nv&ptrid=8PRBQ586U&requestString=511021934*9%7C728x90%7C8CU7H65N5%7C594534537%7C%40511021934*97%7C728x90%7C8CU7H65N5%7C594534537%7C%40511021934*178%7C728x90%7C8CU7H65N5%7C594534537%7C&crid=511021934&sd=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&bl=1&rt=5&dn=https://www.mac-forums.com&https=1&act=headerBid&prvReqId=126849859916826761595213080271&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.2660349604145813&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A1200%7D&itype=HB-CM&cc=NL&ct=AMSTERDAM&bt=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7H65N5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b097983e75e62acd714823c2f517ae04e2f9734cd5667a2045fc3d630eed836e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Mon, 20 Jul 2020 02:44:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
content-length
1448
x-mnet-hl2
E
expires
Mon, 20 Jul 2020 02:44:40 GMT
rtbsmpubs.php
contextual.media.net/ 		1 KB
811 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBLC6P18&region=nv&ptrid=8PRBQ586U&requestString=511021934*3015%7C1x1__1%7C8CU7H65N5%7C594534537%7C&crid=511021934&sd=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&bl=1&rt=5&dn=https://www.mac-forums.com&https=1&act=headerBid&prvReqId=324318241330618311595213080274&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.14421753012579974&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A1200%7D&itype=HB-CM&cc=NL&ct=AMSTERDAM&at=3&bt=1&callback=window.hbCMBidxc.rtbsnativeheaderBid3S0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7H65N5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
14bc8ec3bc456d329390bc5c251fbc16c6e7e819c575cb3122b44b27cf588f2f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Mon, 20 Jul 2020 02:44:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
content-length
602
x-mnet-hl2
E
expires
Mon, 20 Jul 2020 02:44:40 GMT
fcmdynet.js
contextual.media.net/ Frame 5361 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&size=728x90&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&nse=0&vi=1595213080711793920&lw=1&ugd=4&rtbs=1&ntv=1&nb=1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3550a406706527037af3550fa24235b81112b4b75de309fc83fe0900ef1ebd9a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
8-31
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
status
200
cache-control
max-age=300
date
Mon, 20 Jul 2020 02:44:40 GMT
x-mnt-w
8-14
content-length
14516
expires
Mon, 20 Jul 2020 02:49:40 GMT
bping.php
lg3.media.net/ 		35 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=7PRFT79UO&cid=8CU7H65N5&crid=594534537&vi=1595213080711793920&ugd=4&lf=6&cc=NL&lper=100&wsip=2886781008&r=1595213080242&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=58073&vgd_uspa=0&hvsid=00001595213080240031180500481057&gdpr=1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
server
Apache
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 20 Jul 2020 02:44:40 GMT
fcmdynet.js
contextual.media.net/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&size=728x90&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&nse=0&vi=1595213080219678390&lw=1&ugd=4
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU7H65N5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
49973f43eb58a357f560921a329bbf6918825ddc2812bdffa163bba7d3cfe5d6
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
8-31
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
status
200
cache-control
max-age=300
date
Mon, 20 Jul 2020 02:44:40 GMT
x-mnt-w
8-14
content-length
12437
expires
Mon, 20 Jul 2020 02:49:40 GMT
bping.php
lg3.media.net/ 		35 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=7PRFT79UO&cid=8CU7H65N5&crid=594534537&vi=1595213080219678390&ugd=4&lf=6&cc=NL&lper=100&wsip=2886781008&r=1595213080417&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=58073&vgd_uspa=0&hvsid=00001595213080416031180500482204&gdpr=1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
server
Apache
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 20 Jul 2020 02:44:40 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 2232 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3236772477570922&output=html&adk=85976724&adf=3412083302&lmt=1595213078&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1595213080189&bpp=12&bdt=885&idt=267&shv=r20200715&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=717907826352&frm=20&pv=2&ga_vid=1873965501.1595213080&ga_sid=1595213080&ga_hid=979012990&ga_fc=0&iag=0&icsg=576128&dssz=17&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066005%2C21066649&oid=3&pvsid=1714629757232862&pem=916&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=283
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200715/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-3236772477570922&output=html&adk=85976724&adf=3412083302&lmt=1595213078&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1595213080189&bpp=12&bdt=885&idt=267&shv=r20200715&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=717907826352&frm=20&pv=2&ga_vid=1873965501.1595213080&ga_sid=1595213080&ga_hid=979012990&ga_fc=0&iag=0&icsg=576128&dssz=17&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066005%2C21066649&oid=3&pvsid=1714629757232862&pem=916&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=283
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 20 Jul 2020 02:44:40 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 20-Jul-2020 02:59:40 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires
Mon, 20 Jul 2020 02:44:40 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200715/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c454e1fabc3c1f69a23adddf6731d3601848e1e0fbf7fe5ad91716c1ec88b79c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1594985941960796"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27217
x-xss-protection
0
expires
Mon, 20 Jul 2020 02:44:40 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=979012990&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&ul=en-us&de=UTF-8&dt=What%2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-112917213-1&cid=1873965501.1595213080&jid=867236576&_gid=1586010585.1595213080&gjid=392922344&_v=j83&z=1610408937
35 B
133 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-112917213-1&cid=1873965501.1595213080&jid=867236576&_gid=1586010585.1595213080&gjid=392922344&_v=j83&z=1610408937
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 20 Jul 2020 02:44:40 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-112917213-1&cid=1873965501.1595213080&jid=867236576&_gid=1586010585.1595213080&gjid=392922344&_v=j83&z=1610408937
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
419
expires
Fri, 01 Jan 1990 00:00:00 GMT
nrrV73987.js
contextual.media.net/8/ Frame 5361 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/8/nrrV73987.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&size=728x90&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&nse=0&vi=1595213080711793920&lw=1&ugd=4&rtbs=1&ntv=1&nb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a9ab7d70bc513ec8850056717d922f1ae7232ddba6e8d270055655f76631cc73
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"b87dcbdd2dfa86532b989fa2ead109d5"
vary
Accept-Encoding
x-mnet-h
8-10
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=1209600
date
Mon, 20 Jul 2020 02:44:40 GMT
content-length
28835
expires
Mon, 03 Aug 2020 02:44:40 GMT
mediamain.html
contextual.media.net/ Frame 9FD7 		58 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/mediamain.html?&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&pid=8PO3Y63HC&size=728x90&cpnet=yVb1sHm-0KIh29BOFTjjrGjDZ5mdsG3AT4eGFjXhH8Y%3D&cme=eEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7C&https=1&cc=NL&bf=0&staticIframe=1&vif=1&vi=1595213080711793920&lw=1&ugd=4&ib=0&bid=279249&nb=1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f63a71489981b4e4e591242a74b1fde8289027c10b7a58bde6f7ad932440a6ed
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Mon, 20 Jul 2020 02:44:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
x-mnt-hl3
8-19
cache-control
max-age=300
x-mnt-w
8-9
content-length
12924
expires
Mon, 20 Jul 2020 02:49:40 GMT
log
hblg.media.net/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hblg.media.net/log?logid=awlog&pid=8PRBQ586U&itype=HB-CM&dn=mac-forums.com&cid=8HBLC6P18&svr=2020071610_9&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001595213080493031180500484315&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=7458&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=9&prvAccId=594534537&prvApiId=8CU7H65N5&exid=31&pcId=0000EEA&mowxReqId=126849859916826761595213080271&crid=511021934&g=0&size=728x90&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&rtime=7&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-15&ltime=216&abs=0&ssregion=&ssreqid=&sssvnm=&bdp=0.35&cbdp=0.35&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.35&nms=1&di=&dt=O&epc=594534537&ogbdp=0.35&s=1&snm=success&dbf=1&bdata=bid%3D0.35%7C%7Cvv%3D0%7C%7Css%3D1600x1200%7C%7Cogbid%3D0.35%7C%7Ccbdp%3D0.35%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D&cmpid=144896&bId=&pcrid=8CU7H65N5-594534537-30-0&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU7H65N5%26crid%3D594534537%26size%3D728x90%26requrl%3Dhttps%253A%252F%252Fwww.mac-forums.com%252Fthreads%252Fwhat-now-trojans-etc-reported.357297%252F&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=&nbr=0&ba=16&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=0.35&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=46353772431924373_1138721393_51102193491&dStat=0&ogbid=0.35&acid=327279781198118551595213080266&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=0&adj0=0&adj1=0&adj2=0&adj3=0&patkey=&patint%3C%3E=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_SC=0&mx_dgf=0&mx_BCT=&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_uid_sent=0&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=4&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&actltime=224&auMxTm=&brf=0&dcs=&dfpDiv=&dfpPos=&dfpAdPath=&lper=1&td=r%3Dstr%7Cab%3D0%7C&oyaf=0&sbdrid=&ra_sz=728x90&tk=&sc_pvid=&sc_ogbdp=0&sc_adj0=0&sc_adj1=0&sc_adj2=0&sc_prspt=&sc_act=&sc_bdata=&sc_bdp=0&sc_cbdp=0&sc_bId=&sc_cat=&sc_cmpid=&sc_advId=&sc_advNm=&sc_advUrl=&udc=&rti=-1&rme=ADPTR&bbdrid=&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&kwrf=&epurl=
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.25.v20191220) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
server
Jetty(9.4.25.v20191220)
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 20 Jul 2020 02:44:40 GMT
/
qsearch-a.akamaihd.net/log/ 		35 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qsearch-a.akamaihd.net/log/?logid=kfk&evtid=ybnwl&aid=6c0ff4c6ce5945e1a759e0b1a36663a2&domain=mac-forums.com&price=0.35&cgid=26007&cid=144896&rid=3030177&url=https%3A%2F%2Fmac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297&cc=NL&td=c%3D144896%3B+dma%3D%3B+ugd%3D4%3B+ua%3DGOOGLE_CHROME%3B+bid%3D0.35%3B+r%3D&lid=&t=1595213080334&_ls=rtb-nv-dcos-10-6-42-160-20821.srv.media.net
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.50 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Jetty(9.4.25.v20191220) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 20 Jul 2020 02:44:40 GMT
Server
Jetty(9.4.25.v20191220)
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
35
Expires
Mon, 20 Jul 2020 02:44:40 GMT
mediamain.html
contextual.media.net/ Frame 1C85 		64 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/mediamain.html?&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&pid=8PO3Y63HC&size=728x90&cpnet=yVb1sHm-0KIh29BOFTjjrGjDZ5mdsG3AT4eGFjXhH8Y%3D&cme=eEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7C&https=1&cc=NL&bf=0&vif=1&vi=1595213080219678390&lw=1&ugd=4&ib=0&bid=279250&nb=1
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
41fac72e22730820078d14de84c3e8d37a88f89a593d0cd0cb365b2b17ebe225
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Mon, 20 Jul 2020 02:44:41 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
x-mnt-hl3
8-19
cache-control
max-age=300
x-mnt-w
8-13
content-length
13770
expires
Mon, 20 Jul 2020 02:49:41 GMT
/
r.skimresources.com/api/
Redirect Chain
  • https://r.skimresources.com/api/
  • https://r.skimresources.com/api/?xguid=01EDN1QT6VKG80CN037903Z3YN&persistence=1&checksum=1bb94efc3d041df1fba8281019960f3c0260921c92583d1fe4e9d55776d7b8d4
191 B
500 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.skimresources.com/api/?xguid=01EDN1QT6VKG80CN037903Z3YN&persistence=1&checksum=1bb94efc3d041df1fba8281019960f3c0260921c92583d1fe4e9d55776d7b8d4
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty/1.11.2.5 /
Resource Hash
d29b6b143aba20e0c0a3ec5d77de0b2cbc214c695ad848187801ea4e63921b9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
openresty/1.11.2.5
status
200
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.mac-forums.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
content-type
application/json
alt-svc
clear
via
1.1 google

Redirect headers

date
Mon, 20 Jul 2020 02:44:40 GMT
via
1.1 google
server
openresty/1.11.2.5
status
307
location
https://r.skimresources.com/api/?xguid=01EDN1QT6VKG80CN037903Z3YN&persistence=1&checksum=1bb94efc3d041df1fba8281019960f3c0260921c92583d1fe4e9d55776d7b8d4
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.mac-forums.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
content-type
text/html
alt-svc
clear
content-length
193
robots.txt
t.skimresources.com/api/v2/ Frame 8499 		0
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.4358333796399241
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
206
date
Mon, 20 Jul 2020 02:44:40 GMT
via
1.1 google
server
Python/3.7 aiohttp/3.5.4
alt-svc
clear
content-length
0
content-type
text/plain charset=UTF-8
px.gif
p.skimresources.com/ 		43 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/px.gif?ch=1&rn=2.5415030228132176
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status
200
content-type
image/gif
alt-svc
clear
content-length
43
px.gif
p.skimresources.com/ 		43 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/px.gif?ch=2&rn=2.5415030228132176
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status
200
content-type
image/gif
alt-svc
clear
content-length
43
keep-alive
www.mac-forums.com/login/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mac-forums.com/login/keep-alive
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/js/vendor/jquery/jquery-3.4.1.min.js?_v=7dc0cd7e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.5 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10005.sucuri.net
Software
nginx /
Resource Hash
55e24226c85e5220e9481240ef38f50220e222b4d4452ebe6ebfffbd1e37d312
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
x-content-type-options
nosniff
server
nginx
x-sucuri-block
BBOT66
x-frame-options
SAMEORIGIN
content-type
text/html
status
403
x-sucuri-id
19005
content-security-policy
upgrade-insecure-requests;
host-header
e172abecbd394f56a1a2479517f27fbfe05ff815
x-xss-protection
1; mode=block
truncated
/ 		169 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
86c3e2d263fe07c01867c706a1ef50ee11abd4e73190c153862f85b17bf9a351

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
log
hblg.media.net/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hblg.media.net/log?logid=aplog&pid=8PRBQ586U&itype=HB-CM&dn=mac-forums.com&cid=8HBLC6P18&svr=2020071610_9&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001595213080493031180500484315&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=7527&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=0&prvAccId=&prvApiId=&exid=&pcId=0000EEA&adj0=0&adj1=0&adj2=0&adj3=0&mowxReqId=&crid=511021934&g=0&size=728x90&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0&cbdp=0&dcbdp=0&ckfl=&cs=&mnet_ckfl=&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=&dfpBd=0&nms=1&di=&dt=&epc=&ogbdp=0&s=1&snm=success&dbf=1&bdata=&cmpid=&bId=&pcrid=&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0&exp=&bfs=0&seat=&nbr=&ba=1&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=327279781198118551595213080266&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=&rtbsv2=&apid=&wsip=&ltime=&abs=&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=0&patkey=&patint=&pc=&spSource=0&spIvt=0&spId=&spFst=0&spIsReq=0&spTo=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=1&toconsider=0&dcs=&auMxTm=&actltime=224&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=%7C&lper=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&kwrf=&epurl=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.25.v20191220) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
server
Jetty(9.4.25.v20191220)
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 20 Jul 2020 02:44:40 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200715&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200715/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
01ce700d4cd2a39fd05c92ea94a5c400497d4810089d54114e5cbb8ad5629b4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5693
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200715/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1591403518460474"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
expires
Mon, 20 Jul 2020 02:44:40 GMT
/
r.skimresources.com/api/ 		173 B
436 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.skimresources.com/api/
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/133510X1596532.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty/1.11.2.5 /
Resource Hash
9e426e3eaaa6292624877c38b6e4dabf2153d2798e17fb05194031126e162859
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
openresty/1.11.2.5
status
200
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.mac-forums.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
content-type
application/json
alt-svc
clear
via
1.1 google
iab
api.skimlinks.mgr.consensu.org/ 		772 B
636 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.skimlinks.mgr.consensu.org/iab?nocache=1595213080879
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/133510X1596532.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.40.172 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx/1.14.0
access-control-allow-headers
*
status
200
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.mac-forums.com
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
via
1.1 google
runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 181A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/210/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4590
date
Mon, 20 Jul 2020 02:20:26 GMT
expires
Tue, 20 Jul 2021 02:20:26 GMT
last-modified
Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1454
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
page
t.skimresources.com/api/v2/ 		22 B
342 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.skimresources.com/api/v2/page
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/133510X1596532.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
via
1.1 google
x-content-type-options
nosniff
server
Python/3.7 aiohttp/3.5.4
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8, application/javascript
access-control-allow-origin
https://www.mac-forums.com
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
22
link
t.skimresources.com/api/v2/ 		22 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.skimresources.com/api/v2/link
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/133510X1596532.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:40 GMT
via
1.1 google
x-content-type-options
nosniff
server
Python/3.7 aiohttp/3.5.4
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8, application/javascript
access-control-allow-origin
https://www.mac-forums.com
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
22
nrrV73987.js
contextual.media.net/8/ Frame 7B65 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/8/nrrV73987.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&size=728x90&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&nse=0&vi=1595213080711793920&lw=1&ugd=4&rtbs=1&ntv=1&nb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a9ab7d70bc513ec8850056717d922f1ae7232ddba6e8d270055655f76631cc73
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"b87dcbdd2dfa86532b989fa2ead109d5"
vary
Accept-Encoding
x-mnet-h
8-10
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=1209600
date
Mon, 20 Jul 2020 02:44:40 GMT
content-length
28835
expires
Mon, 03 Aug 2020 02:44:40 GMT
tran.png
contextual.media.net/__media__/pics/800016713/ Frame 7B65 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/__media__/pics/800016713/tran.png
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
AdChoicesIcon.png
contextual.media.net/__media__/pics/800010042/ Frame 7B65 		129 B
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/__media__/pics/800010042/AdChoicesIcon.png
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e8b1012f16a7c0a81edf99671c9b9070b5a43cd55eb64d4f9ab8ca6a025647c0
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
last-modified
Thu, 23 Jan 2020 11:03:50 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
image/png
status
200
cache-control
max-age=915258
accept-ranges
bytes
content-length
129
expires
Thu, 30 Jul 2020 16:58:58 GMT
Consent_A_en.js
s.skimresources.com/js/GDPR/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.skimresources.com/js/GDPR/Consent_A_en.js
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/133510X1596532.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
944f8a7391f79095ca18febc709b05defc3bf8069f7b5e2dfebe3e582620f725

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:40 GMT
content-encoding
gzip
last-modified
Wed, 03 Jun 2020 12:17:33 GMT
server
AmazonS3
x-amz-request-id
BCD7FBD47FB53DF7
etag
"47a4841a284645fe3ecee3f2415c4c35"
x-hw
1595213080.cds068.am5.hn,1595213080.cds134.am5.c
content-type
application/octet-stream
status
200
cache-control
max-age=3600
accept-ranges
bytes
content-length
7466
x-amz-id-2
7paWaSqf18uEyml+NB4DdqtR/HNs/TZJHsMQz26Is6YGvhUwcWUT7pTr+z690Pp6fhDqUzq1qxo=
pixel.gif
load77.exelator.com/ Frame 8499
Redirect Chain
  • https://x.skimresources.com/?provider=exelate&gdpr=1&gdpr_consent=
  • https://loadeu.exelator.com/load/?p=787&g=001&j=0&gdpr=1
  • https://loadeu.exelator.com/load/?p=787&g=001&j=0&gdpr=1&xl8blockcheck=1
  • https://load77.exelator.com/pixel.gif
43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://load77.exelator.com/pixel.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.175.55 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-77-nzt
AcO1rzUB9nT9cFUDAA==
date
Mon, 20 Jul 2020 02:44:41 GMT
last-modified
Wed, 25 Oct 2017 17:03:56 GMT
server
CDN77-Turbo
x-edge-location
frankfurtDE
etag
"59f0c3fc-2b"
status
200
x-cache
HIT
content-type
image/gif
access-control-allow-origin
*
x-edge-ip
195.181.175.53
x-age
218480
accept-ranges
bytes
content-length
43

Redirect headers

date
Mon, 20 Jul 2020 02:44:41 GMT
server
nginx
x-powered-by
Undertow/1
status
302
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://load77.exelator.com/pixel.gif
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200715&jk=1714629757232862&bg=!SUqlSlJYTOLi-fFzSNQCAAAAN1IAAAAMCgAkaLN1QbnAvqVDZL75e4scA-NqEKcbUADAhCZ5hyQSqAt7pX-9mQGDk0M7juousfY8YeYlc_U9MEaxmj1KWAv6vZOpbHcGrmjSyTE3P7tw_aWq1E6SKOed6uziJciJgC0QwrI1J76yG7FV0yvsY1yFwRFC_ekEHo5hAbzAYYkSamU2u8JHesTk3Mf-KYxJn74qXiszJ_WSiIhZaZzeuXYPxbH8ojw1-3igOH-VB2LDAexAULVYcyLZ6CfUgP9fuWYKbDAjOR0RIIwMIJ1YD1h-Kn4iswMjmTEbzQV4mt3WPWE_0dmsqL709mLl-ej5g0QjlKs-m28t3GX5IHavJnT7Np2eZpJ_wBvrriyNCNbI4akTaRcrZDJ7-Kli_yDWdoMl4aAeG6BviO8xQBfdRX5VdwsYyXpfvxhKtA-rgbbYBJO77TA3txwC8ZWlikZ5LbAfG9Ca-sU_KsOtC2vOssaGLEnkVfruaEbwvN8nlD2Syjr5PaRxw4NSEtafKgt7YLUyVs40kDmC5fpTJ2JidpMrL-b0a-dfPfXADiq8slcYaWjZZUwMxx7kIPgC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nrrV73987.js
contextual.media.net/8/ Frame F292 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/8/nrrV73987.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU7H65N5&cpcd=S6ua1uO5tokZWLO_2bL5Ag%3D%3D&crid=594534537&size=728x90&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&nse=0&vi=1595213080219678390&lw=1&ugd=4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a9ab7d70bc513ec8850056717d922f1ae7232ddba6e8d270055655f76631cc73
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"b87dcbdd2dfa86532b989fa2ead109d5"
vary
Accept-Encoding
x-mnet-h
8-10
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=1209600
date
Mon, 20 Jul 2020 02:44:41 GMT
content-length
28835
expires
Mon, 03 Aug 2020 02:44:41 GMT
tran.png
contextual.media.net/__media__/pics/800016713/ Frame F292 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/__media__/pics/800016713/tran.png
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
AdChoicesIcon.png
contextual.media.net/__media__/pics/800010042/ Frame F292 		129 B
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/__media__/pics/800010042/AdChoicesIcon.png
Requested by
Host: www.mac-forums.com
URL: https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e8b1012f16a7c0a81edf99671c9b9070b5a43cd55eb64d4f9ab8ca6a025647c0
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:41 GMT
last-modified
Thu, 23 Jan 2020 11:03:50 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
image/png
status
200
cache-control
max-age=915257
accept-ranges
bytes
content-length
129
expires
Thu, 30 Jul 2020 16:58:58 GMT
bql.php
lg3.media.net/ Frame 7B65 		15 B
204 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?v=1&gdpr=1&hvsid=00001595213080240031180500481057&geo=52.35|4.92&lper=100&bdrid=9&fp=Ovj9ODNjJwCi7OKkA744bDuvamVgvkdy9U1wTu8LLQU4GGfH5nRZAVifYoJBZ8P-b-qiT6e2AsGtze7ANxrFh6mr_T53A5isudYlVxqucrAKr1OoeBqNq9c9vyOVZXX5&lpid=&tsid=4&ksu=224&q=&prv=&type=&ps=&cme=yNjTBIj9KU6r33oJkKwrzFhDDRwQ9qrygr88benE8AamSxKyJuoSTeSVvt_X5yB_Rmpb-7daJux3Q3_h-imyOTQnm3r-iU4VHbp5GuwsoUp3MJuwjwjcVFaoS8DMoaEzm7Klqw5gj86vT4wx5NVQ5uoP5qYdfzOD3_bBFVJ40UwB3OadJPEeeGjCGWJv3XY0ThPliNbEJNg%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7Cvuw2PXULQigTkg2IhXHusva0D4C5dn04Z95AclBhIENmnODzyy28jS-7cYEZYPd4jea1BCN4XAhE9JmbEnnFv7SYUa04l9HhykBkPkxnFetVff-MQ3z4phuvEQ2ej3KFMTuLhMsAvoTNlcEBDi7QBXqxf3N9G0XOnakoj2EDpyxGcnKBcD4lWBypsjJv5QCRvcWEh9EPJjEaLdrPkpjjMqS8k5p7TDrR%7C&hint=&td=&cc=NL&wsip=2886781035&bca=0&ugd=4&vgd_chost=contextual.media.net&vgde_setid=NW&&rc=0&vgd_aid=327279781198118551595213080266&fdkt=355&kwd[]=Free%20Clean%20Up%20Mac%20Software&kwt[]=355&kbc[]=06e6d9d98c2208aaa713d7925bb892a7.d2s&kwp[]=1&kid[]=327745040&kbc2[]=ps%3D1.045%7C%7Crpc%3D1.27%7C%7Clvl%3D1.00&ktd[]=274894815488&kwd[]=Install%20Canon%20Drivers&kwt[]=355&kbc[]=06e6d9d98c2208aaa713d7925bb892a7.d2s&kwp[]=2&kid[]=321633764&kbc2[]=0%7C%7Cps%3D1.045%7C%7Crpc%3D0.04%7C%7Clvl%3D1.38&ktd[]=274894881024&kwd[]=Printer%20Driver%20Download&kwt[]=355&kbc[]=06e6d9d98c2208aaa713d7925bb892a7.d2s&kwp[]=3&kid[]=23159380&kbc2[]=0%7C%7Cps%3D1.045%7C%7Crpc%3D0.08%7C%7Clvl%3D1.38&ktd[]=274894881024&kwd[]=Apple%20Mac%20OS%20X&kwt[]=355&kbc[]=06e6d9d98c2208aaa713d7925bb892a7.d2s&kwp[]=4&kid[]=2043288&kbc2[]=0%7C%7Cps%3D1.045%7C%7Crpc%3D0.35%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Best%20Desktop%20Computers&kwt[]=355&kbc[]=06e6d9d98c2208aaa713d7925bb892a7.d2s&kwp[]=5&kid[]=3464430&kbc2[]=0%7C%7Cps%3D1.045%7C%7Crpc%3D0.10%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Best%20Antivirus%20Software%20of%202020&kwt[]=375&kbc[]=33417&kwp[]=6&kid[]=329900794&kbc2[]=%23c%3A1950748%7C%7Cps%3D0.838%7C%7Crpc%3D0.61%7C%7Clvl%3D1.87&ktd[]=274894684416&rand=1595213081008&cid=8CU7H65N5&vwid=1595213080711793920&vi=1595213080711793920&l3ch=0&slnkp=no&bdrct=0.35&vgd_rt=230&bto=0&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&vgd_uspa=0&vgd_l1rakh=1595213080186355133&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1595213080239&upk=1595213080.17001&hvsid=00001595213080240031180500481057&verid=3111299&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D58073&vgd_hbReqId=T1595001026C8S12U424&vgd_isiolc=1&rtbsd=10&dytm=1595213080501&matm=1595213081015&vgd_ltime=918&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D58073&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_bkwds=&vgd_l2ch=0&vgd_l1ch=1&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886780970&vgd_nrrsf=nrr&vgd_nrrv=73987&vgd_nrrs=73987&vgd_nrrmf=8&vgd_optout=0&vgd_x_pos=436&vgd_y_pos=245&vgd_ren_page_h=7632&vgd_cty=AMSTERDAM&vgd_l1hcsd=A10%7C4738&vgd_l2hcsd=A31%7C4738&vgd_l3hcsd=A19%7C4738&vgde_bdata=G8Ov9.AX%7C%7Ceev9%7C%7CQQvuF99-uf99%7C%7CmyG8Ov9.AX%7C%7CNGOEv9.AX%7C%7CGkj1yv9%7C%7CQmGEv9%7C%7COO8ev%25%25rs0MrV%2F%25%25%7C%7COYYv&vgd_fdimpl=1&vgd_cfud=190503&vgd_is_amp=0&vgd_rensize=728_90&vgd_ect=4g&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26esi%3D1%26%26cid%3D8CU7H65N5%26cpcd%3DS6ua1uO5tokZWLO_2bL5Ag%253D%253D%26crid%3D594534537%26pid%3D8PO3Y63HC%26size%3D728x90%26cpnet%3DyVb1sHm-0KIh29BOFTjjrGjDZ5mdsG3AT4eGFjXhH8Y%253D%26cme%3DeEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%253D%257C%257CNDHRnZ9Gz3KXlI-i9OnZqQ%253D%253D%257C5gDUJdTGiJzedmq9hanWYg%253D%253D%257CN7fu2vKt8_s%253D%257CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%257CsRBSg3CPSiQ%253D%257C%26https%3D1%26cc%3DNL%26bf%3D0%26staticIframe%3D1%26vif%3D1%26vi%3D1595213080711793920%26lw%3D1%26ugd%3D4%26ib%3D0%26bid%3D279249%26nb%3D1%26chost%3Dcontextual.media.net%26fvips%3D0%26vpf%3D000%26ap%3D0%26pf%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A728%3Brend_h%3A90%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A6&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/8/nrrV73987.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:41 GMT
server
Apache
status
200
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 20 Jul 2020 02:44:41 GMT
bql.php
lg3.media.net/ Frame F292 		15 B
204 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?v=1&gdpr=1&hvsid=00001595213080416031180500482204&geo=52.35|4.92&lper=100&fp=Ovj9ODNjJwCi7OKkA744bDuvamVgvkdy9U1wTu8LLQU4GGfH5nRZAVifYoJBZ8P-0nzLY37AUAeYWODeXlmDNwXi0n_1me20ly0rW_z8qr86xrLfLL-aCzLb8Uk80e7O6jRdQ4l88_w%3D&lpid=&tsid=4&ksu=224&q=&prv=&type=&ps=&cme=KVOlFe4YH7Vgu03BdGTjYdwG_gVtm1MfFYeixPBpQuSi4mkxiQCtMxq1TfqfQwToHQ8OboXbiRNHxIF1HnhA9C1-iDTPSGCfQD_kWPvCZ0lusxbDeSc6LVtB39m2kk3qGt4VSe7lfZLjtw_GjLRwoGmPk7JkA_8hMtbS9xhIm5kjQfxBKAs8PN2FtVWhVmBjL4ot-tsIMw8%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7CXQVM8ecTm_IunIMUCqhc6ntFjwMJ1kAnZBlbI-LNs5nmDqzDpCxO7qfPgOl9bHF88oLjzDuhYHLw8pmKFxhJmSzFBNPz3mFONXjEpdQ4niGUEk8d7Z8GXCyJHuD4knli0cbaUezvTPxmg-BJrccnWmQlnz6Zl12E0rdtA34yCo5kK6Fk3oQoZKQEaMckooVxthW-jhHW6pWPpEnAIBJAaA%3D%3D%7C&hint=&td=&cc=NL&wsip=2886781044&bca=0&ugd=4&vgd_chost=contextual.media.net&vgde_setid=NW&&rc=0&fdkt=266&kwd[]=Best%20Free%20Malware%20Removal&kwt[]=266&kbc[]=22695&kwp[]=1&kid[]=205770438&kbc2[]=0%7C%7Cps%3D0.683%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=2473918071040&kwd[]=Best%20Malware%20Removal%20Software&kwt[]=266&kbc[]=22695&kwp[]=2&kid[]=48906545&kbc2[]=0%7C%7Cps%3D0.683%7C%7Crpc%3D0.87%7C%7Clvl%3D1.17&ktd[]=2473934848256&kwd[]=Anti%20Trojan%20Software&kwt[]=266&kbc[]=22695&kwp[]=3&kid[]=1918808&kbc2[]=0%7C%7Cps%3D0.683%7C%7Crpc%3D0.02%7C%7Clvl%3D1.00&ktd[]=3023673950464&kwd[]=Malware%20Virus&kwt[]=266&kbc[]=22695&kwp[]=4&kid[]=18327865&kbc2[]=0%7C%7Cps%3D0.683%7C%7Crpc%3D0.40%7C%7Clvl%3D1.00&ktd[]=3023673950464&kwd[]=I%20Have%20a%20Trojan%20Virus&kwt[]=266&kbc[]=22695&kwp[]=5&kid[]=209380899&kbc2[]=0%7C%7Cps%3D0.683%7C%7Crpc%3D0.01%7C%7Clvl%3D1.00&ktd[]=3023673950464&kwd[]=Clean%20a%20Trojan%20Virus&kwt[]=266&kbc[]=22695&kwp[]=6&kid[]=6175214&kbc2[]=0%7C%7Cps%3D0.683%7C%7Crpc%3D0.03%7C%7Clvl%3D1.00&ktd[]=3023673950464&rand=1595213081157&cid=8CU7H65N5&vwid=1595213080219678390&vi=1595213080219678390&l3ch=0&slnkp=no&tdAdd[]=rtbsd%3D4&tdAdd[]=ib=0&vgd_uspa=0&vgd_l1rakh=1595213080186355133&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1595213080416&upk=1595213080.17001&hvsid=00001595213080416031180500482204&verid=3111299&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D58073&vgd_hbReqId=T1595001026C8S12U424&vgd_isiolc=1&npgv=1&rtbsd=4&dytm=1595213080680&matm=1595213081160&vgd_ltime=887&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D58073&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_bkwds=&vgd_l2ch=0&vgd_l1ch=1&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886780970&vgd_nrrsf=nrr&vgd_nrrv=73987&vgd_nrrs=73987&vgd_nrrmf=8&vgd_optout=0&vgd_x_pos=436&vgd_y_pos=7433&vgd_ren_page_h=7632&vgd_cty=AMSTERDAM&vgd_l1hcsd=A10%7C4738&vgd_l2hcsd=A31%7C4738&vgd_l3hcsd=A19%7C4738&vgd_fdimpl=1&vgd_cfud=190503&vgd_is_amp=0&vgd_rensize=728_90&vgd_ect=4g&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26esi%3D1%26%26cid%3D8CU7H65N5%26cpcd%3DS6ua1uO5tokZWLO_2bL5Ag%253D%253D%26crid%3D594534537%26pid%3D8PO3Y63HC%26size%3D728x90%26cpnet%3DyVb1sHm-0KIh29BOFTjjrGjDZ5mdsG3AT4eGFjXhH8Y%253D%26cme%3DeEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%253D%257C%257CNDHRnZ9Gz3KXlI-i9OnZqQ%253D%253D%257C5gDUJdTGiJzedmq9hanWYg%253D%253D%257CN7fu2vKt8_s%253D%257CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%257CsRBSg3CPSiQ%253D%257C%26https%3D1%26cc%3DNL%26bf%3D0%26vif%3D1%26vi%3D1595213080219678390%26lw%3D1%26ugd%3D4%26ib%3D0%26bid%3D279250%26nb%3D1%26chost%3Dcontextual.media.net%26fvips%3D0%26vpf%3D000%26ap%3D0%26pf%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A728%3Brend_h%3A90%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A6&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/8/nrrV73987.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:41 GMT
server
Apache
status
200
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 20 Jul 2020 02:44:41 GMT
/
p.skimresources.com/ Frame 8499
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
  • https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
  • https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=199232e5b848b4f32b5930840907dbae
  • https://p.skimresources.com/?provider_id=199232e5b848b4f32b5930840907dbae&skim_mapping=true
43 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/?provider_id=199232e5b848b4f32b5930840907dbae&skim_mapping=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 02:44:41 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status
200
content-type
image/gif
alt-svc
clear
content-length
43

Redirect headers

date
Mon, 20 Jul 2020 02:44:41 GMT
via
1.1 google
server
nginx/1.14.0
status
302
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location
https://p.skimresources.com?provider_id=199232e5b848b4f32b5930840907dbae&skim_mapping=true
content-type
text/html; charset=UTF-8
alt-svc
clear
content-length
0
bqi.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bqi.php?lf=3&&gdpr=1&prid=7PRFT79UO&vi=1595213080711793920&cid=8CU7H65N5&crid=594534537&ugd=4&cc=NL&requrl=https%3A%2F%2Fwww.mac-forums.com%2Fthreads%2Fwhat-now-trojans-etc-reported.357297%2F&pid=8PO3Y63HC&hvsid=00001595213080240031180500481057&bdrid=9&cme=eEtcsJgYJO1jFFuG_phxILm1bGJRzeTIpvEWkvsidcQCD6AysYmBKjAMFnksBPXTz9MqTw_4CtxAxutsa5thm_jifb2WsfkZpVR5DBHqP6Y31vkh7Yqmm3YqZEEUCFPj_DmHWAbUMWs%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7CvWhnHYNH3aGt70xSt0bVsK-PJ7efzNGOMLZnB-assF0yagOmhHmws3eMbd0R4Oc_Y9ss8V19sEqp8QtJGQH73Nk8X0_mH2uj%7CsRBSg3CPSiQ%3D%7C&abpl=2&l2hcsd=l2!A31|4738&l2wsip=2886780970&l2ch=0&dytm=1595213080501&rtbsd=10&l3l=%7B%7D&l3d=%7B%7D&vgd_isiolc=1&vgd_uspa=0&l1hcsd=l1!A10|4738&vgd_hbReqId=T1595001026C8S12U424&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&verid=3111299&upk=1595213080.17001&sttm=1595213080239&l1ch=1&vgd_l1rakh=1595213080186355133&startTime=1595213080233
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.mac-forums.com/threads/what-now-trojans-etc-reported.357297/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Jul 2020 02:44:41 GMT
server
Apache
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
status
200
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 20 Jul 2020 02:44:41 GMT

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _mNHandle string| medianet_versionId object| XF function| gtag object| dataLayer string| medianet_width string| medianet_height string| medianet_crid object| google_tag_manager object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd object| google_sv_map object| google_tag_data string| GoogleAnalyticsObject function| ga object| _mN object| _mNSrv function| setup string| _mN_Idf string| _mN_ctrM number| _mN_ctr object| mnjs object| hbCMBidxc function| _cR function| _cD object| _mNDetails function| _cmL1Require function| _cmL1Define object| _mN_dy function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| gaplugins object| gaData function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| _mNL2 object| winScope string| locHash string| iframeURL function| loadL3 function| $ function| jQuery object| Mustache function| Pikaday function| autosize object| $jscomp function| quickSearchClose function| get_real_link object| __SKIM_JS_GLOBAL__ object| skimlinksAPI object| GoogleGcLKhOms object| google_image_requests string| _mN_bl

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
api.skimlinks.mgr.consensu.org
contextual.media.net
googleads.g.doubleclick.net
hblg.media.net
lg3.media.net
load77.exelator.com
loadeu.exelator.com
p.skimresources.com
pagead2.googlesyndication.com
qsearch-a.akamaihd.net
r.skimresources.com
s.skimresources.com
stats.g.doubleclick.net
sync.crwdcntrl.net
t.skimresources.com
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.mac-forums.com
x.skimresources.com
147.75.102.200
151.139.128.11
192.124.249.5
195.181.175.55
2.16.186.50
2.18.235.93
2a00:1450:4001:806::2002
2a00:1450:4001:815::200e
2a00:1450:4001:821::2008
2a00:1450:4001:825::2001
2a00:1450:4001:825::2002
2a00:1450:400c:c00::9b
34.245.253.34
35.190.40.172
35.190.59.101
35.190.91.160
35.201.67.47
35.244.255.22
01ce700d4cd2a39fd05c92ea94a5c400497d4810089d54114e5cbb8ad5629b4c
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
075f70eb719cc0c2dfe53021529cf3af737ed09bd896374861befd49a594d399
07c6e6a76275666257a3b3f654e9021a3c6f89090a5df2cf5fe5e9cb5709b92a
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
119706abf6f2628df34cc02ea9b4dad78e7276c36daca18c456aab958b3ad655
11e1e258b72d459a9e533428b8bbd0157ae8392c2f299eb24b1b210e5c42b456
1347ac5037cc8eab1f63005e4767f2595a685e7fe47bfecafd181704e65aac12
14bc8ec3bc456d329390bc5c251fbc16c6e7e819c575cb3122b44b27cf588f2f
1ef075fc0ba85556266dc10ee72dd278d8b3d9b77778054a187fbd9e83022e4a
2ab32d1ddbfbd958d17537c6adaf7b36e62baccc9a9ef3f39292de82c0626c6c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3550a406706527037af3550fa24235b81112b4b75de309fc83fe0900ef1ebd9a
3910561cab6416ac56a7760fb944b08d008e8851ae861b9cf351ac066e78d604
41bc89b9a13f00d85e345176542c35287df4d69590602bc1953049199e083749
41fac72e22730820078d14de84c3e8d37a88f89a593d0cd0cb365b2b17ebe225
4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8
49973f43eb58a357f560921a329bbf6918825ddc2812bdffa163bba7d3cfe5d6
53f4e9922ab16032005958c2925cba38a4379a0bc59b2f557737bbc3d4dd3379
55e24226c85e5220e9481240ef38f50220e222b4d4452ebe6ebfffbd1e37d312
5b68d64d1694238e799940087640d808b264eb18252f407628c28514d60c8c8b
5edca38cc210733217d293d54943925abd5826fbae1602c5db5f41dc242d0206
72bcf197c95b99e7aa10fd62f5f77c92ef710f99337945ea6d0aea7a51aa5ec4
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86c3e2d263fe07c01867c706a1ef50ee11abd4e73190c153862f85b17bf9a351
8dbcd3880ba5560994daabb76ed869e223154f10fe378ebddd9e4c350cf68e72
8e98d84da2424bc7e75d8816697cb36062860d91b3cfdcba1d5a3083d076e931
944f8a7391f79095ca18febc709b05defc3bf8069f7b5e2dfebe3e582620f725
97b669e34658649d4ca39218dbfe2ade500d2b7a441207911839c3e9c9524f3f
9d45ceeab7b570e1d2bc653f4b6c66b41192e3c42ec4491c2a725547db042261
9e426e3eaaa6292624877c38b6e4dabf2153d2798e17fb05194031126e162859
a9ab7d70bc513ec8850056717d922f1ae7232ddba6e8d270055655f76631cc73
b097983e75e62acd714823c2f517ae04e2f9734cd5667a2045fc3d630eed836e
be66cd979bdde17afb4cec6b8ac22a83e4c2620bce93fc325bf5323eadbaf80b
c454e1fabc3c1f69a23adddf6731d3601848e1e0fbf7fe5ad91716c1ec88b79c
c65709dd1c6347f5589d17b78ed202e3d8dcfb652e50df0a260ec3d0fd86791d
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8f7932217a70a360d6b40a128f6822553c178fef1d9c27419f5f5f252163fdc
d29b6b143aba20e0c0a3ec5d77de0b2cbc214c695ad848187801ea4e63921b9a
d94b98b52ff99c8eb1342454183b2472b81bab68ce4745a7ceb1cd6d0348089d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de0608cbbcaf661fc49b66c039892d676637112d662d57f307e0d6ffbd83b1ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8b1012f16a7c0a81edf99671c9b9070b5a43cd55eb64d4f9ab8ca6a025647c0
ea1f1cd8dd93d32f9b337df9b9faf9073015353f384895a59e743eb5ddce47d4
f31654a65e3c1870984e85a49c76ded0716a27e6c8e0ef7298692ab1aae418c1
f63a71489981b4e4e591242a74b1fde8289027c10b7a58bde6f7ad932440a6ed
faec57a073037f769adaa8226c659ab645b929f3160aefb6ad5aeeb382e681a3
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955