forums.commentcamarche.net Open in urlscan Pro
104.111.237.235 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Submission: On September 07 via manual (September 7th 2021, 6:37:53 pm UTC) from US

Summary HTTP 270 Redirects Links 87 Behaviour Indicators

Summary

This website contacted 77 IPs in 8 countries across 61 domains to perform 270 HTTP transactions. The main IP is 104.111.237.235, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is forums.commentcamarche.net.
TLS certificate: Issued by R3 on September 7th 2021. Valid for: 3 months.

This is the only time forums.commentcamarche.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	104.111.237.235 104.111.237.235	16625 (AKAMAI-AS) (AKAMAI-AS)
25	104.89.44.127 104.89.44.127	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
4	13.225.35.62 13.225.35.62	16509 (AMAZON-02) (AMAZON-02)
1	143.204.228.65 143.204.228.65	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	35.227.209.167 35.227.209.167	15169 (GOOGLE) (GOOGLE)
1	13.225.25.61 13.225.25.61	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:a860	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.89.44.87 104.89.44.87	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	3.127.193.214 3.127.193.214	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	13.36.52.215 13.36.52.215	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
2 6	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
12	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	18.66.92.200 18.66.92.200	16509 (AMAZON-02) (AMAZON-02)
4	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
1	104.111.237.122 104.111.237.122	16625 (AKAMAI-AS) (AKAMAI-AS)
1 5	13.225.25.74 13.225.25.74	16509 (AMAZON-02) (AMAZON-02)
3 5	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
7 18	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
3 5	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
4	34.248.201.47 34.248.201.47	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
16	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
4	52.19.5.220 52.19.5.220	16509 (AMAZON-02) (AMAZON-02)
2	18.193.140.39 18.193.140.39	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
9	2.18.234.190 2.18.234.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.186.238.175 35.186.238.175	15169 (GOOGLE) (GOOGLE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2606:4700::68... 2606:4700::6813:b702	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.18.232.28 2.18.232.28	16625 (AKAMAI-AS) (AKAMAI-AS)
1 8	52.95.123.41 52.95.123.41	16509 (AMAZON-02) (AMAZON-02)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	70.42.32.127 70.42.32.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2	151.101.14.132 151.101.14.132	54113 (FASTLY) (FASTLY)
2	2606:4700:10:... 2606:4700:10::6814:b25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	185.86.139.93 185.86.139.93	201081 (SMARTADSE...) (SMARTADSERVER)
2	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
7	18.200.182.178 18.200.182.178	16509 (AMAZON-02) (AMAZON-02)
2 4	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1	209.54.176.128 209.54.176.128	16509 (AMAZON-02) (AMAZON-02)
2 2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
2 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	52.71.142.200 52.71.142.200	14618 (AMAZON-AES) (AMAZON-AES)
4 9	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	52.215.67.233 52.215.67.233	16509 (AMAZON-02) (AMAZON-02)
1 4	216.52.2.19 216.52.2.19	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	54.163.239.172 54.163.239.172	14618 (AMAZON-AES) (AMAZON-AES)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
4	50.31.142.191 50.31.142.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
15	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
4 4	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	18.182.119.142 18.182.119.142	16509 (AMAZON-02) (AMAZON-02)
2	172.217.18.99 172.217.18.99	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 2	217.182.200.29 217.182.200.29	16276 (OVH) (OVH)
1	52.48.181.137 52.48.181.137	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.114 185.86.137.114	201081 (SMARTADSE...) (SMARTADSERVER)
1	52.210.224.224 52.210.224.224	16509 (AMAZON-02) (AMAZON-02)
2	34.255.105.163 34.255.105.163	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1 5	185.86.137.32 185.86.137.32	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.186.114 142.250.186.114	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2012	15169 (GOOGLE) (GOOGLE)
270	77

4 104.111.237.235 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-237-235.deploy.static.akamaitechnologies.com

forums.commentcamarche.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
akm-static.ccmbg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img-19.ccm2.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 104.89.44.127 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-44-127.deploy.static.akamaitechnologies.com

astatic.ccmbg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.225.35.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-35-62.cdg3.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.228.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-228-65.cdg3.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.209.167 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 167.209.227.35.bc.googleusercontent.com

cdn.appconsent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.25.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-25-61.cdg3.r.cloudfront.net

static.digidip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:a860 (United States)

ASN13335 (CLOUDFLARENET, US)

js.srvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.srvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.44.87 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-44-87.deploy.static.akamaitechnologies.com

static-lists.linternaute.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.127.193.214 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-193-214.eu-central-1.compute.amazonaws.com

tagger.opecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.36.52.215 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-52-215.eu-west-3.compute.amazonaws.com

dpm.zebestof.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.92.200 (United States)

ASN16509 (AMAZON-02, US)

dnlgm0m0r44nl.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.237.122 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-237-122.deploy.static.akamaitechnologies.com

cdn.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.25.74 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-25-74.cdg3.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.220.244 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 172.217.18.98 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.174.68 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.248.201.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-201-47.eu-west-1.compute.amazonaws.com

hades.srvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.19.5.220 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-5-220.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.140.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-140-39.eu-central-1.compute.amazonaws.com

profiles.tagger.opecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.234.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.238.175 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 175.238.186.35.bc.googleusercontent.com

fr-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:b702 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.hubvisor.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
client-context.hubvisor.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-28.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.95.123.41 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.127 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mv.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6814:b25 (United States)

ASN13335 (CLOUDFLARENET, US)

sac.ayads.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geoworker.ayads.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.93 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.251.249.14 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.200.182.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com

antenna.ayads.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.248.242.197 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.54.176.128 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.71.142.200 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-142-200.compute-1.amazonaws.com

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.138 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.67.233 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-67-233.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.19 (United States) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.163.239.172 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-239-172.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (United Kingdom) 3 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 50.31.142.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

mcdp-chidc2.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.253.211 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.182.119.142 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-182-119-142.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.99 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f99.1e100.net

p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.182.200.29 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm7.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.181.137 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-181-137.eu-west-1.compute.amazonaws.com

optchk.ayads.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.114 (France)

ASN201081 (SMARTADSERVER, FR)

www8.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.224.224 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-224-224.eu-west-1.compute.amazonaws.com

pbjs.sskzlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.255.105.163 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-105-163.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.86.137.32 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

www6.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.114 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f18.1e100.net

p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i1-v6exp3.v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i2-v6exp3.ds.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	doubleclick.net 7 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net pubads.g.doubleclick.net	208 KB
30	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com 2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com	344 KB
27	ccmbg.com astatic.ccmbg.com akm-static.ccmbg.com	399 KB
25	google.com 2 redirects www.google.com fundingchoicesmessages.google.com adservice.google.com	93 KB
15	outbrain.com widgets.outbrain.com widget-pixels.outbrain.com odb.outbrain.com mcdp-chidc2.outbrain.com mv.outbrain.com	127 KB
13	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com	42 KB
12	rubiconproject.com 5 redirects eus.rubiconproject.com token.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com	17 KB
10	casalemedia.com 3 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com	10 KB
10	ayads.co sac.ayads.co antenna.ayads.co geoworker.ayads.co optchk.ayads.co	99 KB
8	gstatic.com p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com csi.gstatic.com fonts.gstatic.com p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i1-v6exp3.v4.metric.gstatic.com p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i2-v6exp3.ds.metric.gstatic.com	35 KB
8	opecloud.com 4 redirects tagger.opecloud.com profiles.tagger.opecloud.com	3 KB
7	lijit.com 3 redirects ap.lijit.com ce.lijit.com	5 KB
7	smartadserver.com 2 redirects ssbsync.smartadserver.com www8.smartadserver.com www6.smartadserver.com	3 KB
7	googletagservices.com www.googletagservices.com	237 KB
6	krxd.net cdn.krxd.net consumer.krxd.net beacon.krxd.net	93 KB
6	srvtrck.com js.srvtrck.com hades.srvtrck.com i.srvtrck.com	31 KB
5	rlcdn.com 3 redirects idsync.rlcdn.com id.rlcdn.com	1 KB
5	adnxs.com 3 redirects secure.adnxs.com ib.adnxs.com	4 KB
5	scorecardresearch.com 1 redirects sb.scorecardresearch.com	4 KB
5	adsafeprotected.com cdn.adsafeprotected.com pixel.adsafeprotected.com	47 KB
4	openx.net 4 redirects rtb.openx.net	1 KB
4	adsrvr.org 2 redirects match.adsrvr.org	1 KB
4	google.de www.google.de adservice.google.de	1 KB
4	google-analytics.com www.google-analytics.com	19 KB
4	googleapis.com ajax.googleapis.com fonts.googleapis.com imasdk.googleapis.com	158 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	1 KB
3	hubvisor.io cdn.hubvisor.io client-context.hubvisor.io	268 KB
3	criteo.com 1 redirects gum.criteo.com mug.criteo.com	6 KB
3	mookie1.com cdn.mookie1.com fr-gmtdmp.mookie1.com odr.mookie1.com	3 KB
2	gemius.pl 1 redirects googlecm.hit.gemius.pl	543 B
2	adingo.jp cc.adingo.jp	87 B
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	yahoo.com 1 redirects ads.yahoo.com pr-bh.ybp.yahoo.com	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	637 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	bidr.io 2 redirects match.prod.bidr.io	1018 B
2	tapad.com 2 redirects pixel.tapad.com	848 B
2	sitescout.com 2 redirects pixel-sync.sitescout.com	1 KB
2	3lift.com 2 redirects eb2.3lift.com	744 B
2	outbrainimg.com tcheck.outbrainimg.com log.outbrainimg.com	789 B
2	appconsent.io cdn.appconsent.io	72 KB
2	googletagmanager.com www.googletagmanager.com	143 KB
1	sskzlabs.com pbjs.sskzlabs.com	357 B
1	quantserve.com cms.quantserve.com	464 B
1	mathtag.com 1 redirects sync.mathtag.com	632 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	468 B
1	media.net contextual.media.net	371 B
1	clickagy.com 1 redirects aorta.clickagy.com	657 B
1	extend.tv 1 redirects sync.extend.tv	546 B
1	rfihub.com 1 redirects p.rfihub.com	773 B
1	exelator.com 1 redirects loadm.exelator.com	641 B
1	googleadservices.com partner.googleadservices.com	660 B
1	pghub.io pghub.io	2 KB
1	cloudfront.net dnlgm0m0r44nl.cloudfront.net	487 B
1	zebestof.com dpm.zebestof.com	2 KB
1	linternaute.com static-lists.linternaute.com	8 KB
1	digidip.net static.digidip.net	12 KB
1	criteo.net static.criteo.net	39 KB
1	ccm2.net img-19.ccm2.net	3 KB
1	commentcamarche.net forums.commentcamarche.net	29 KB
0	ccm.net Failed ccm.net Failed
270	61

	Domain	Requested by
25	astatic.ccmbg.com	forums.commentcamarche.net astatic.ccmbg.com
18	cm.g.doubleclick.net	7 redirects ap.lijit.com eus.rubiconproject.com forums.commentcamarche.net googleads.g.doubleclick.net
16	fundingchoicesmessages.google.com	static-lists.linternaute.com
15	tpc.googlesyndication.com	googleads.g.doubleclick.net securepubads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
14	pagead2.googlesyndication.com	astatic.ccmbg.com pagead2.googlesyndication.com googleads.g.doubleclick.net forums.commentcamarche.net tpc.googlesyndication.com www.googletagservices.com
11	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net forums.commentcamarche.net
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
8	aax-eu.amazon-adsystem.com	1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com ap.lijit.com eus.rubiconproject.com
8	widgets.outbrain.com	astatic.ccmbg.com widgets.outbrain.com forums.commentcamarche.net
7	antenna.ayads.co	forums.commentcamarche.net
7	www.googletagservices.com	forums.commentcamarche.net pagead2.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net
6	dsum-sec.casalemedia.com	2 redirects ssum-sec.casalemedia.com
6	www.google.com	2 redirects forums.commentcamarche.net googleads.g.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com
6	tagger.opecloud.com	4 redirects forums.commentcamarche.net
5	www6.smartadserver.com	1 redirects forums.commentcamarche.net
5	pixel.rubiconproject.com	1 redirects eus.rubiconproject.com
5	sb.scorecardresearch.com	1 redirects forums.commentcamarche.net widgets.outbrain.com
4	rtb.openx.net	4 redirects
4	mcdp-chidc2.outbrain.com	widgets.outbrain.com
4	ce.lijit.com	1 redirects ap.lijit.com
4	token.rubiconproject.com	3 redirects eus.rubiconproject.com
4	match.adsrvr.org	2 redirects ssum-sec.casalemedia.com eus.rubiconproject.com
4	pixel.adsafeprotected.com	cdn.adsafeprotected.com forums.commentcamarche.net
4	hades.srvtrck.com	js.srvtrck.com hades.srvtrck.com
4	c.amazon-adsystem.com	forums.commentcamarche.net c.amazon-adsystem.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com forums.commentcamarche.net
3	image6.pubmatic.com	3 redirects
3	ap.lijit.com	2 redirects aax-eu.amazon-adsystem.com
3	ssum-sec.casalemedia.com	1 redirects aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	idsync.rlcdn.com	2 redirects forums.commentcamarche.net
3	secure.adnxs.com	2 redirects astatic.ccmbg.com
3	cdn.krxd.net	forums.commentcamarche.net cdn.krxd.net
2	fonts.gstatic.com	fonts.googleapis.com
2	csi.gstatic.com	imasdk.googleapis.com
2	imasdk.googleapis.com	securepubads.g.doubleclick.net
2	beacon.krxd.net	cdn.krxd.net forums.commentcamarche.net
2	googlecm.hit.gemius.pl	1 redirects forums.commentcamarche.net
2	p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com
2	cc.adingo.jp	googleads.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	1 redirects eus.rubiconproject.com
2	sync-tm.everesttech.net	2 redirects
2	sync.1rx.io	2 redirects
2	match.prod.bidr.io	2 redirects
2	pixel.tapad.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	ib.adnxs.com	1 redirects sac.ayads.co
2	eb2.3lift.com	2 redirects
2	eus.rubiconproject.com	aax-eu.amazon-adsystem.com eus.rubiconproject.com
2	client-context.hubvisor.io	cdn.hubvisor.io
2	profiles.tagger.opecloud.com	forums.commentcamarche.net
2	gum.criteo.com	1 redirects static.criteo.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	cdn.appconsent.io	forums.commentcamarche.net cdn.appconsent.io
2	www.googletagmanager.com	forums.commentcamarche.net
2	akm-static.ccmbg.com	forums.commentcamarche.net
1	p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i2-v6exp3.ds.metric.gstatic.com
1	p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i1-v6exp3.v4.metric.gstatic.com
1	pubads.g.doubleclick.net	forums.commentcamarche.net
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	pbjs.sskzlabs.com	sac.ayads.co
1	www8.smartadserver.com	sac.ayads.co
1	optchk.ayads.co	sac.ayads.co
1	geoworker.ayads.co	sac.ayads.co
1	cms.quantserve.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.mathtag.com	1 redirects
1	ads.yahoo.com	eus.rubiconproject.com
1	mv.outbrain.com	widgets.outbrain.com
1	pixel-eu.rubiconproject.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	contextual.media.net	ap.lijit.com
1	aorta.clickagy.com	1 redirects
1	sync.extend.tv	1 redirects
1	p.rfihub.com	1 redirects
1	loadm.exelator.com	1 redirects
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	s.amazon-adsystem.com	ssum-sec.casalemedia.com
1	ssbsync.smartadserver.com	1 redirects
1	sac.ayads.co	cdn.hubvisor.io
1	odb.outbrain.com	widgets.outbrain.com
1	log.outbrainimg.com	widgets.outbrain.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	consumer.krxd.net	cdn.krxd.net
1	widget-pixels.outbrain.com	forums.commentcamarche.net
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	cdn.hubvisor.io	astatic.ccmbg.com
1	mug.criteo.com	gum.criteo.com
1	fr-gmtdmp.mookie1.com	forums.commentcamarche.net
1	i.srvtrck.com	forums.commentcamarche.net
1	cdn.mookie1.com	forums.commentcamarche.net
1	pghub.io	forums.commentcamarche.net
1	dnlgm0m0r44nl.cloudfront.net	js.srvtrck.com
1	www.google.de	forums.commentcamarche.net
1	dpm.zebestof.com	forums.commentcamarche.net
1	static-lists.linternaute.com	forums.commentcamarche.net
1	js.srvtrck.com	forums.commentcamarche.net
1	static.digidip.net	forums.commentcamarche.net
1	static.criteo.net	forums.commentcamarche.net
1	cdn.adsafeprotected.com	forums.commentcamarche.net
1	ajax.googleapis.com	forums.commentcamarche.net
1	img-19.ccm2.net	forums.commentcamarche.net
1	forums.commentcamarche.net
0	ccm.net Failed	forums.commentcamarche.net
270	108

This site contains links to these domains. Also see Links.

Domain
www.commentcamarche.net
de.ccm.net
ccm.net
es.ccm.net
br.ccm.net
id.ccm.net
it.ccm.net
ru.ccm.net
pl.ccm.net
nl.ccm.net
in.ccm.net
www.cadremploi.fr
forum.malekal.com
www.malekal.com
pjjoint.malekal.com
www.outbrain.com
m.cdn.mieux-entendre.ch
trk.trkmm.com
plaudit-critions.icu
www.clubmed.ch
www.trucs-et-astuces.co
rfvtgb.learnitwise.com
rfvtgb.restwow.com
sportstelly.com
sportpirate.com
rfvtgb.novelodge.com
www.ccmbenchmark.com
formation.ccmbenchmark.com
media.figaro.fr
www.journaldesfemmes.fr
www.journaldunet.com
www.linternaute.com
droit-finances.commentcamarche.com
copainsdavant.linternaute.com
www.hugolescargot.com
viadeo.journaldunet.com
www.jeux-gratuits.com
cuisine.journaldesfemmes.fr
sante.journaldesfemmes.fr
www.linternaute.fr
avis-deces.linternaute.com
www.journaldunet.fr

Subject Issuer	Validity	Valid
astatic.ccmbg.com R3	`2021-09-07` - `2021-12-06`	3 months	crt.sh
www.commentcamarche.net DigiCert SHA2 Secure Server CA	`2021-07-12` - `2022-07-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.adsafeprotected.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
cdn.appconsent.io R3	`2021-08-09` - `2021-11-07`	3 months	crt.sh
static.digidip.net Amazon	`2021-08-08` - `2022-09-06`	a year	crt.sh
*.srvtrck.com Go Daddy Secure Certificate Authority - G2	`2020-12-21` - `2022-01-22`	a year	crt.sh
*.tagger.opecloud.com Amazon	`2021-07-02` - `2022-07-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.zebestof.com Gandi Standard SSL CA 2	`2021-05-17` - `2022-06-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
cdn.krxd.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-02-08` - `2022-02-07`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2021-02-09` - `2022-02-16`	a year	crt.sh
cdn.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-01` - `2022-04-01`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
hubvisor.io Cloudflare Inc ECC CA-3	`2021-06-05` - `2022-06-04`	a year	crt.sh
*.outbrainimg.com DigiCert SHA2 Secure Server CA	`2021-05-04` - `2022-05-09`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
consumer.krxd.net DigiCert SHA2 Secure Server CA	`2020-09-14` - `2021-09-14`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.ayads.co DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-08-04`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-16` - `2021-10-06`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2019-09-11` - `2021-09-24`	2 years	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.sskzlabs.com Amazon	`2020-10-24` - `2021-11-22`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.v4.metric.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.ds.metric.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh

This page contains 31 frames:

Primary Page: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Frame ID: 7389974880AB7DA460AF04BC4896B943
Requests: 146 HTTP requests in this frame

Frame: https://hades.srvtrck.com/v2/uuid.html
Frame ID: 58774FE0D149D0AB698B46789B96A86B
Requests: 4 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=forums.commentcamarche.net&gdpr=0&gdpr_consent=
Frame ID: EB58778B9A3DE963E4E3CA37503A3876
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210901/r20190131/zrt_lookup.html
Frame ID: 2E6310C29CF6FB9B3ADBB8E99AAB0893
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t
Frame ID: 3B83BB34E7983A292CC8FCD24D277966
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148
Frame ID: 2C4804D09A94CB2BF5B835805BD9C0AE
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161
Frame ID: 1A086721FD2A4757E4D84DCEA4A2819E
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&adk=1812271804&adf=3025194257&lmt=1627048205&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850478&bpp=7&bdt=833&idt=154&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280%2C580x280&nras=1&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=163
Frame ID: 7E3ABBBE1744530D3E4D9032068C8CDC
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Frame ID: A3A7183E27206C5EF0E4FE9B48FDD745
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Frame ID: 852961DCD46E0F51D08A6CBA6A595076
Requests: 10 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=5738244644631199065&gdpr=0&gdpr_consent=
Frame ID: A9CB34FD04B53463743922DF15D9C3C7
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Frame ID: 12B0C1D3CE2BE48DAC4625DE848D075B
Requests: 12 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Frame ID: 8B6C3FCBAAD4ABA127CF1FCD05EB3DFA
Requests: 7 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=4850219588407231541
Frame ID: E77F8061BDDADC2E58993D93E65AC532
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=9121290a-aba9-4b3e-99cc-906734024cf1
Frame ID: 3E987347A3EFF4EB4B617FE3B998B857
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: A0FB09129D7A5BA39317AFAE190CCE41
Requests: 2 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 697F6109976CB25A567264D22E6ED447
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A84CC428944DF14B5E594A020D454F34
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DCD12CA3D0D4280D71CF410783B8F803
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js
Frame ID: 36FDD086C220050D52287D7F603DF6DA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: F3614E457AC3A962A2BCBB6B01672923
Requests: 2 HTTP requests in this frame

Frame: https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: D47D4C34CAE325041D77AC6082C7A490
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9BB203D454385315C72FEED003CF592D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js
Frame ID: 4066CEFA2DEA06D58C923EC7E63A5A80
Requests: 1 HTTP requests in this frame

Frame: https://2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 36366C32A31F6536AE2691731D4F5EEE
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9KmzjvZSYrZOU5VS7rHUq5rsHaDIpJcmrpr3jvnj6nbH81tohOWzMQurwrYbxTAz9qVykJBTqUGMr8uUgZjI-WYW11XtoVjE-a4PmXKu2LFvw-oLL56ooqidyvpv_CfWcdijZMe-d6RrwgSx2A8YQjy7zDoMx0mIaXzy96W-IOOYUrH7vRFrQxNkuul7J2FKaXU694Pshe80EKNHekAHm-SoeIOV9OL3FkHLiyuQVOaff_FIR1oePQ4xMkX6e-Y-LlwsndiZG6oUrInMh97rG2SoqEqqlyoNXgobN25X3dEjq-sJoubmxP7MeAztBcliKFZYjjIGcYA8mKy_MRBt6pNHQIpJKOStRR-gPyX0jWKGpqNk2_hA6jAlwrYicMBHhDJcpLawYonOU5lFpcRlLEMOw507NlYmw677VSW_N&sig=Cg0ArKJSzI51hUKiZk3mEAE&urlfix=1&adurl=
Frame ID: 44EEB0F080C36C54B2972EF41D43C62A
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstO1RFEHtknSOFEzTjv-MItdoadZ-5Er7nSa5DYtW4kwM4lg4o6JLeS1pELMgq2llifxcLo6Hfl8h01xd1mSTUyzpwVtF8p-8qtWPnq67LY0y9jrim-mzSWSs54roD6myapVntc12XDKidVh-mcJA0873er2Ux-IdrI5icdnO-cAicl9-sicOtHqkjCSFAfRFokd2HFJwHI3CV1MRzjGjv8Q7DjZM6r8ey-_Q8cCP0by8gdeZq5EmTIAsnV70mURAxc4KcvC5HXYQobFkjwQ-AnubH1f-b5_uIQKQW7mWtmvU5q1EQBFJNDUXOJv6Z7LT-hYG7a79vWj1wrII1gDBNBHbvg98tBJkpRnrO_vbzOGP6JsLrIRv9cFoBMVC8wpgN7biOXfMuzCS7hNZKTS6YU2eG3D15kuF9rpuDsb1HmsA&sig=Cg0ArKJSzMZSkMwxjasjEAE&urlfix=1&adurl=
Frame ID: 89040484DE2477692992E3BAAA276D7E
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuuHS_RJ8u5VApwfFvuR7XLwe9IQ9YJ0i4Ml9f35EpII89lJFslD9-T7tmUnjwWz0kOl1MB25JJaoeXK_YGw845ksk2wGsTOpR6i0iflVTQM1GZD0KB-OzRFq8cYXek2ObG-iIHbgsJx4gLlIB3vHK2sb9E88MojAguQ4z98YZdsZMFiNblM5fVdBkx9ute5t4mUik3gALvfXG2SnM5vj6QmsLhQHJW-99-84pOG7UUd2UcK1BqBjlCemYfdOlS14XkJKhWUbaNji9viQ-e0UKCHGlbWldaMaQESJJcGL6q2Cax-YxFrFrjHSf3ydZFmNPl1VnnrDS0WCHoxGDyJIa8vhRyBlsrmY3c0sYvLkbJOHZ3hgNJxNSmx6oXYVHCwEbzf0dMcK4WVVz2VRs0DvupMtyhZKYqdu4Dd2TA87rO3Q&sig=Cg0ArKJSzEviXpTFL7lNEAE&urlfix=1&adurl=
Frame ID: F4311219B837ED6DB4F775EDB04F8E8E
Requests: 7 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Frame ID: 357B977E815D8034F1A06C07F3A84582
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 91F98EC96E8ADBBFFEA19AA9A94B2217
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CF5E957D74437272970F94EBB0849F4C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Trojan downloader [Résolu] - Comment Ça Marche

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

270
Requests

97 %
HTTPS

30 %
IPv6

61
Domains

108
Subdomains

77
IPs

8
Countries

2554 kB
Transfer

8109 kB
Size

11
Cookies

87 Outgoing links

These are links going to different origins than the main page.

URL: https://www.commentcamarche.net/
Title:

Search URL Search Domain Scan URL

URL: https://de.ccm.net/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://ccm.net/
Title: English

Search URL Search Domain Scan URL

URL: https://es.ccm.net/
Title: Español

Search URL Search Domain Scan URL

URL: https://br.ccm.net/
Title: Português

Search URL Search Domain Scan URL

URL: https://id.ccm.net/
Title: Bahasa Indonesia

Search URL Search Domain Scan URL

URL: https://it.ccm.net/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://ru.ccm.net/
Title: Русский

Search URL Search Domain Scan URL

URL: https://pl.ccm.net/
Title: Polsky

Search URL Search Domain Scan URL

URL: https://nl.ccm.net/
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://in.ccm.net/
Title: हिंदी

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/register/
Title: S'inscrire

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/account/login
Title: Connexion

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/informatique/
Title: Informatique

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/mobile/
Title: Mobile

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/applis-sites/
Title: Applis & Sites

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/image-son/
Title: Image & Son

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/maison/
Title: Maison

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/securite/
Title: Securité

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/download/
Title: Téléchargement

Search URL Search Domain Scan URL

URL: https://www.cadremploi.fr/
Title: Emploi

Search URL Search Domain Scan URL

URL: https://forum.malekal.com/viewtopic.php?t=54182&start=
Title: Malware Fileless

Search URL Search Domain Scan URL

URL: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Title: le tutoriel FRST

Search URL Search Domain Scan URL

URL: https://pjjoint.malekal.com/files.php?id=20161026_g8u12p15b13t12
Title: https://pjjoint.malekal.com/files.php?id=20161026_g8u12p15b13t12

Search URL Search Domain Scan URL

URL: https://pjjoint.malekal.com/files.php?id=FRST_20161026_f5o13z15q5f9
Title: https://pjjoint.malekal.com/files.php?id=FRST_20161026_f5o13z15q5f9

Search URL Search Domain Scan URL

URL: https://pjjoint.malekal.com/files.php?id=20161026_15m7v6h11i13
Title: https://pjjoint.malekal.com/files.php?id=20161026_15m7v6h11i13

Search URL Search Domain Scan URL

URL: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Title: note explicative avec des captures d'écran

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/download/telecharger-34055379-malwarebytes-anti-malware
Title: Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Title: Tutoriel Malwarebytes Anti-Malware version gratuite

Search URL Search Domain Scan URL

URL: https://www.outbrain.com/what-is/default/fr

Search URL Search Domain Scan URL

URL: https://m.cdn.mieux-entendre.ch/signia_details/?utm_content=009e4d4dd14dc645f14f26a84539fe192a&utm_publisher_ID=$publisher_id$&mkt_tool_id=91d65c&act=ACT0000034302ACT&utm_source=outbrain&utm_medium=display&utm_campaign=ch_fr_mieux-entendre_display_outbrain_ch_fr_signia_details_acq_desktop_cw27_ACT0000034302ACT&utm_section_ID=$section_id$&utm_creative_ID=009e4d4dd14dc645f14f26a84539fe192a&aud_adcopy=%24%7Bregion%3Acapitalized%7D%24%3A+Recherche+des+volontaires+pour+essayer+des+aid&OutbrainClickId=$ob_click_id$&obOrigUrl=true
Title: Publicité Zurich: Recherche des volontaires pour essayer des aides auditives Mieux Entendre

Search URL Search Domain Scan URL

URL: http://trk.trkmm.com/55a715cb-c89e-4fe9-96a6-58e6b6e6cbe8?utm_source=ob&utm_campaign=may_desktop_CH&utm_term=$section_name$&utm_content=00c0aab5ef1e243122846a3496f74730fb&t=$ob_click_id$&a=ob&obOrigUrl=true
Title: Publicité Fatigue constante après 50 ans: La solution simple à faire chaque matin Nutrivia

Search URL Search Domain Scan URL

URL: https://plaudit-critions.icu/38317608-4eb0-4b70-9771-4080d3264621?utm_source=ob&utm_campaign=Felin_DK_CH_OB&utm_term=$section_name$&utm_content=008f961cfb462c628701a23c4767448592-Ne+donnez+jamais+aucun+de+ces+3+ingr%C3%A9dients+%C3%A0+votre+chat&t=$ob_click_id$&dt=ob&obOrigUrl=true
Title: Publicité Ne donnez jamais aucun de ces 3 ingrédients à votre chat Aider Nos Animaux

Search URL Search Domain Scan URL

URL: https://www.clubmed.ch/r/miches-playa-esmeralda/y?utm_medium=Display&utm_campaign=DY_DACQ_ONGOING&utm_source=Outbrain&utm_content=Multidevice_LH_Miches-FR&obOrigUrl=true
Title: Publicité Club Med Miches, un lieu préservé avec 4 univers éco-chic distincts Club Med

Search URL Search Domain Scan URL

URL: https://www.trucs-et-astuces.co/sante/position-assise/?utm_campaign=kfyjlzsp&utm_medium=native&utm_source=outbrain&utm_term=p$publisher_id$&utm_content=00416d9889adaaf9e16bf392697bf15149&obOrigUrl=true
Title: Publicité Qu’est-ce que votre posture lorsque vous êtes assis dit de vous ? Trucs-et-astuces.co

Search URL Search Domain Scan URL

URL: https://rfvtgb.learnitwise.com/worldwide/farmr-ob-fr?utm_source=outbrainjk&utm_campaign=lw-farmr-bc1-des-4s-gg-06091d&utm_term=$section_name$&utm_medium=$section_id$&utm_bid=$cpc$&utm_t=4&utm_t=4&obOrigUrl=true
Title: Publicité [Photos] Le fermier s'est vengé des gens qui se garaient sur son terrain en faisant ça Learnitwise

Search URL Search Domain Scan URL

URL: https://rfvtgb.restwow.com/worldwide/pole-ob-fr?utm_source=outbrainjk&utm_campaign=rw-pole-des-1-4s-gg-16081d&utm_term=$section_name$&utm_medium=$section_id$&utm_bid=$cpc$&utm_t=4&obOrigUrl=true
Title: Publicité [Photos] La photo compromettante qui a mis fin à la carrière de cette athlète Restwow

Search URL Search Domain Scan URL

URL: https://sportstelly.com/trending/les-voitures-de-ces-celebrites-qui-vous-donneront-des-envies-2-ob?utm_source=outbrain&utm_campaign=006cf7b68fc0551959362b5a0082197454&utm_medium=$section_name$__$section_id$&utm_term=%5BPhotos%5D+Jetez+un+%C5%93il+%C3%A0+la+voiture+que+conduit+Myl%C3%A8ne+Farmer+%C3%A0+59+ans&ts=$time_stamp$&tbv=$cpc$&pcl=1&obOrigUrl=true
Title: Publicité [Photos] Jetez un œil à la voiture que conduit Mylène Farmer à 59 ans Sports Telly

Search URL Search Domain Scan URL

URL: https://sportpirate.com/trending/ces-maisons-de-celebrites-francaises-vous-feront-halluciner-par-ici-la-visite-cela-vaut-le-detour-outbrain-nagui?utm_source=outbrain&utm_campaign=008152deddfd14bf0ef197a4753b94c2f0&utm_medium=$section_name$__$section_id$&utm_term=%5BPhotos%5D+La+maison+de+Nagui+aujourd%27hui+est+probablement+une+des+plus+&ts=$time_stamp$&tbv=$cpc$&pcl=1&obOrigUrl=true
Title: Publicité [Photos] La maison de Nagui aujourd'hui est probablement une des plus belles que vous verrez Sport Pirate

Search URL Search Domain Scan URL

URL: https://rfvtgb.novelodge.com/worldwide/oscars-ta-fr?utm_medium=outbrain&utm_source=outbrainjk&utm_campaign=nl-oscars-ml-des-4s-da-15071d&utm_term=$section_name$&utm_t=4&obOrigUrl=true
Title: Publicité [Les Photos] Les tenues les plus inoubliables des Oscars de tous les temps - Lecap Novelodge

Search URL Search Domain Scan URL

URL: https://www.ccmbenchmark.com/donnees-personnelles?origin=forums.commentcamarche.net
Title: politique de confidentialité

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/contents/132-commentcamarche-l-equipe
Title: Equipe

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/contents/140-conditions-generales-d-utilisation
Title: Conditions générales

Search URL Search Domain Scan URL

URL: https://www.ccmbenchmark.com/donnees-personnelles?origin=www.commentcamarche.net
Title: Politique de confidentialité

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/contact/
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/contents/130-charte-d-utilisation-de-commentcamarche-net
Title: Charte

Search URL Search Domain Scan URL

URL: https://formation.ccmbenchmark.com/formations
Title: Formation

Search URL Search Domain Scan URL

URL: http://media.figaro.fr/
Title: Annonceurs

Search URL Search Domain Scan URL

URL: https://www.ccmbenchmark.com/
Title: © 2021 CCM Benchmark

Search URL Search Domain Scan URL

URL: http://www.ccmbenchmark.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.journaldesfemmes.fr/
Title:

Search URL Search Domain Scan URL

URL: https://www.journaldunet.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/
Title:

Search URL Search Domain Scan URL

URL: https://droit-finances.commentcamarche.com/
Title:

Search URL Search Domain Scan URL

URL: https://copainsdavant.linternaute.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.hugolescargot.com/
Title:

Search URL Search Domain Scan URL

URL: https://viadeo.journaldunet.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.jeux-gratuits.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.journaldesfemmes.fr/horoscope/
Title: Horoscope

Search URL Search Domain Scan URL

URL: https://www.journaldesfemmes.fr/beaute/conseils-cheveux/2548078-coupe-cheveux-2021/
Title: Coupe de cheveux

Search URL Search Domain Scan URL

URL: https://cuisine.journaldesfemmes.fr/toutes-les-recettes/
Title: Recette

Search URL Search Domain Scan URL

URL: https://cuisine.journaldesfemmes.fr/recette/330802-gateau-au-yaourt
Title: Gâteau au yaourt

Search URL Search Domain Scan URL

URL: https://www.journaldesfemmes.fr/prenoms/
Title: Prénoms

Search URL Search Domain Scan URL

URL: https://sante.journaldesfemmes.fr/
Title: Santé

Search URL Search Domain Scan URL

URL: https://sante.journaldesfemmes.fr/fiches-sante-du-quotidien/2441413-calcul-imc-formule-femme-homme-enfant-norme-indice-de-masse-corporelle-obese/
Title: IMC

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/actualite/
Title: Actualités

Search URL Search Domain Scan URL

URL: https://www.linternaute.fr/dictionnaire/fr/
Title: Dictionnaire

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/cartes/
Title: Carte de voeux

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/cinema/sortie-semaine/
Title: Sorties cinéma

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/television/
Title: Programme TV

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/pages-blanches/
Title: Pages blanches

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/pages-jaunes/
Title: Pages jaunes

Search URL Search Domain Scan URL

URL: https://avis-deces.linternaute.com/
Title: Avis de décès

Search URL Search Domain Scan URL

URL: https://www.linternaute.com/bons-plans/
Title: Bons plans

Search URL Search Domain Scan URL

URL: https://www.linternaute.fr/biographie/
Title: Biographie

Search URL Search Domain Scan URL

URL: https://www.journaldunet.fr/web-tech/dictionnaire-du-webmastering/1487601-test-debit-internet/
Title: Test débit

Search URL Search Domain Scan URL

URL: https://www.journaldunet.fr/patrimoine/guide-des-finances-personnelles/resiliation/
Title: Résiliation

Search URL Search Domain Scan URL

URL: https://www.journaldunet.com/business/salaire
Title: Salaires

Search URL Search Domain Scan URL

URL: https://www.journaldunet.fr/management/guide-du-management/1200753-lettre-de-motivation-exemple-modele-gratuit-a-telecharger-et-comment-la-faire/
Title: Lettre de motivation

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/informatique/windows/guide-de-windows/
Title: Windows 10

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/mobile/ios/guide-ios/
Title: iOS

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/mobile/android/guide-android/
Title: Android

Search URL Search Domain Scan URL

URL: https://www.commentcamarche.net/applis-sites/bureautique/guide-bureautique/microsoft-office/
Title: Microsoft Office

Search URL Search Domain Scan URL

URL: https://droit-finances.commentcamarche.com/immobilier/guide-immobilier/copropriete/
Title: Copropriété

Search URL Search Domain Scan URL

URL: https://droit-finances.commentcamarche.com/patrimoine/guide-patrimoine/transmission/droit-des-successions/
Title: Succession

Search URL Search Domain Scan URL

URL: https://droit-finances.commentcamarche.com/famille-et-allocations/guide-famille-et-allocations/couple/divorce/
Title: Divorce

Search URL Search Domain Scan URL

URL: https://www.hugolescargot.com/coloriages/
Title: Coloriage

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 66

https://tagger.opecloud.com/lefigaro/v2/pixel.gif?url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ref=&tz=-2&screen=1600x1200x24&tref=&cmpstatus=gdprdoesnotapply&tcString=undefined&uspstatus=undefined&e=%5B%7B%22type%22%3A%22default%22%2C%22page_attr_url_cleaned%22%3A%22forums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader%22%2C%22page_attr_domain%22%3A%22commentcamarche.net%22%2C%22page_attr_full_domain%22%3A%22forums.commentcamarche.net%22%2C%22page_attr_page_title%22%3A%22Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche%22%2C%22page_attr_sourcesite%22%3A%22-undefined%22%2C%22page_attr_url_path_1%22%3A%22forum%22%2C%22page_attr_url_path_2%22%3A%22affich-34031474-trojan-downloader%22%2C%22page_attr_url_path_3%22%3A%22%22%2C%22page_attr_url_path_4%22%3A%22%22%2C%22page_attr_code_posta%22%3A%22%22%2C%22page_attr_ctnt_qual%22%3A%22parallaxeinfeed%2Cvirus-securite%2Cforum-34031474%22%7D%5D HTTP 302
https://tagger.opecloud.com/lefigaro/v2/pixel.gif?e=%5B%7B%22type%22%3A%22default%22%2C%22page_attr_url_cleaned%22%3A%22forums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader%22%2C%22page_attr_domain%22%3A%22commentcamarche.net%22%2C%22page_attr_full_domain%22%3A%22forums.commentcamarche.net%22%2C%22page_attr_page_title%22%3A%22Trojan+downloader+%5BR%C3%A9solu%5D+-+Comment+%C3%87a+Marche%22%2C%22page_attr_sourcesite%22%3A%22-undefined%22%2C%22page_attr_url_path_1%22%3A%22forum%22%2C%22page_attr_url_path_2%22%3A%22affich-34031474-trojan-downloader%22%2C%22page_attr_url_path_3%22%3A%22%22%2C%22page_attr_url_path_4%22%3A%22%22%2C%22page_attr_code_posta%22%3A%22%22%2C%22page_attr_ctnt_qual%22%3A%22parallaxeinfeed%2Cvirus-securite%2Cforum-34031474%22%7D%5D&tref=&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&tcString=undefined&tz=-2&trackability-redirect=true&ref=&screen=1600x1200x24&uspstatus=undefined&cmpstatus=gdprdoesnotapply HTTP 302
https://secure.adnxs.com/getuid?https%3A%2F%2Ftagger.opecloud.com%2Fappnexus%2Fpbfs.gif%3Fsource%3Dlefigaro%26state%3D2-ny%252BysyA4%252BDWPfN5R%252FtdiXadZaWibkOhcwhKr%26puid%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Ftagger.opecloud.com%252Fappnexus%252Fpbfs.gif%253Fsource%253Dlefigaro%2526state%253D2-ny%25252BysyA4%25252BDWPfN5R%25252FtdiXadZaWibkOhcwhKr%2526puid%253D%2524UID HTTP 302
https://tagger.opecloud.com/appnexus/pbfs.gif?source=lefigaro&state=2-ny%2BysyA4%2BDWPfN5R%2FtdiXadZaWibkOhcwhKr&puid=37618539627193540 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1plusx_dmp&google_cm&state=2-Iz7zmjPHjbBxwssFTes8c2Nfm3AgG6gXUqKQ&source=lefigaro HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1plusx_dmp&google_cm=&state=2-Iz7zmjPHjbBxwssFTes8c2Nfm3AgG6gXUqKQ&source=lefigaro&google_tc= HTTP 302
https://tagger.opecloud.com/dbm/opecs.gif?state=2-Iz7zmjPHjbBxwssFTes8c2Nfm3AgG6gXUqKQ&source=lefigaro&google_gid=CAESEDQGVcdgE3z2M870KiozgJ4&google_cver=1 HTTP 302
https://idsync.rlcdn.com/710875.gif?partner_uid=af9a43dd-8a21-3b48-83a4-9608d101b9b8 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CNuxKxIwCiwIARDR9gkaJGFmOWE0M2RkLThhMjEtM2I0OC04M2E0LTk2MDhkMTAxYjliOBAAGg0I6uLeiQYSBQjoBxAAQgBKAA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEhygXHHpufaYb96UulMtxs&google_cver=1

Request Chain 83

https://sb.scorecardresearch.com/b?c1=2&c2=13184767&ns__t=1631039850294&ns_c=UTF-8&cv=3.5&c8=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&c7=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=13184767&ns__t=1631039850294&ns_c=UTF-8&cv=3.5&c8=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&c7=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&c9=

Request Chain 90

https://gum.criteo.com/sid/json?origin=publishertag&domain=commentcamarche.net&sn=ChromeSyncframe&so=0&topUrl=forums.commentcamarche.net&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=QqU4sXxic2VZRHB1UkhDUU1NTHQ2SzRIL2RQeFdNMWhqZjVFZVZPb0E5NXBIeWUvM3lMZXJYMkZqM1BUcFY3YWFUbS9LcHRrSW50M010ZnJmbkFPN2VxdFF5dXhxWnhBRjBZWTZQVzBxMlIySDA2a3RSME9ZRW5ZeFppMTlrRlYwby9wWmlxN0xYUUJ0NG5sMDRDR3RnVWZWMDJnSys5RnlpYWV5NDlNRGtZRVRSdTkrdzcwSjNIeGZ2MDZlWklMMllLSlR1NnBmcDJsc1gveG5UT3ZnNGo1VXBKaWZ6Z3FDWTY5ckhHVmlYekExK1pjb2k3bjhBVzVob3ZDUGorZjBpSmMzT2x5TXFSdmdtc3lTN08yeWkxN3hkZz09fA&cppv=2

Request Chain 98

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t

Request Chain 114

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0 HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1

Request Chain 115

https://ssbsync.smartadserver.com/api/sync?callerId=2&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=5738244644631199065&gdpr=0&gdpr_consent=

Request Chain 117

https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0 HTTP 302
https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1

Request Chain 118

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0 HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=4850219588407231541

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEL-0j0tY2hmBbAN-WtL5KYQ&google_cver=1

Request Chain 124

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTexag1i2IoJZUe3L-Km9wAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHultYtMS9o37zHwAQTxR_o&google_cver=1

Request Chain 125

https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=37618539627193540

Request Chain 126

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=48 HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Df9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348%26partner_url%3Dhttps%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D64%2526external_user_id%253Df9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348%2526expiration%253D1633631851 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64%26external_user_id%3Df9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348%26expiration%3D1633631851 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64%26external_user_id%3Df9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348%26expiration%3D1633631851 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&expiration=1633631851

Request Chain 127

https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871597498062715497

Request Chain 128

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=19c3e422-5562-4227-b7a2-53f92c550a83 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=19c3e422-5562-4227-b7a2-53f92c550a83&C=1

Request Chain 132

https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://ce.lijit.com/merge?pid=85&3pid=AAA_3k7Cb2MAADtFMcnrVg&gdpr=0

Request Chain 133

https://aorta.clickagy.com/pixel.gif?ch=185&cm=a591bafb94604ae3798a71ed&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=84&3pid=c:2a4c86391b75e72d2516cf1f5f2f819e HTTP 302
https://ce.lijit.com/merge?pid=84&3pid=c%3A2a4c86391b75e72d2516cf1f5f2f819e&dnr=1

Request Chain 134

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTU5MWJhZmI5NDYwNGFlMzc5OGE3MWVk&gdpr=0

Request Chain 136

https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=145931775 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=145931775 HTTP 302
https://sync.1rx.io/usersync/tradedesk/cc0f5bb0-0219-4211-87f5-4b17418d7b08 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-371a622c-9ca8-422f-a2d1-70c69115d592-003?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-371a622c-9ca8-422f-a2d1-70c69115d592-003 HTTP 302
https://ce.lijit.com/merge?pid=56&3pid=RX-371a622c-9ca8-422f-a2d1-70c69115d592-003

Request Chain 137

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu&gdpr=0&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KTAF0JNP-T-L04H&ex=d-rubiconproject.com&status=ok&gdpr=0

Request Chain 148

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0&_test=YTexawAEWaeoiAAC HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YTexawAEWaeoiAAC&gdpr=0&_test=YTexawAEWaeoiAAC

Request Chain 149

https://token.rubiconproject.com/token?pid=26594&gdpr=0 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTAF0JNP-T-L04H&sigv=1&esig=2~694c3e87c0ecbe77d6d7967c4ce3a4e2af33eae2&gdpr=0

Request Chain 150

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=65376137-b16b-4900-b2ea-676666159297&gdpr=0&gdpr_consent=

Request Chain 151

https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&gdpr=0

Request Chain 154

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/1OvMrU6NDSAsNRxhWf2uVg?csrc=&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7422479549414016566

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEJWYt4k45JFV5At1gBgR5rw&google_cver=1

Request Chain 179

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIGEPYcUOUGjafeOcODHAxLCz885EqeNrhwBpRHmuF5zb5twDZ3-xfcHiuCXA-ZkKuIKpLj_kNXJVcUddXkH36HC8AJbajJ5_SAwGGnQKUCVkRxBSK9U7G-EzWvuYJ02rWFGLQmdt0&google_gid=CAESEMQ_CpAUHMogtkNpxY2iS6s&google_cver=1 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwd2MxU1hYaGJLdTl4R3FmLTR3Y0tLVm1GdWk3dmFqNEg4M2tDRWtVTE93MA==&google_push

Request Chain 180

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLRzqO0Dx6bQmBs_hUfvl7aTdDVqf11r2n7kCE8z6HJkcWzz9kqL6HM3nT0x2trvJuyh_PlP8FTNdAjnTvGyLJPV1u6xTuoyzgtplDszXJpvm42RrmLc1Iq1Js4K4lLwfMcJC-gy5Vh&google_gid=CAESECYe4uScuuSv2B6fbUnvZV0&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLRzqO0Dx6bQmBs_hUfvl7aTdDVqf11r2n7kCE8z6HJkcWzz9kqL6HM3nT0x2trvJuyh_PlP8FTNdAjnTvGyLJPV1u6xTuoyzgtplDszXJpvm42RrmLc1Iq1Js4K4lLwfMcJC-gy5Vh&google_gid=CAESECYe4uScuuSv2B6fbUnvZV0&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MDcxODM3MzMwMDAzNzIyMTA4NTQzOA%3D%3D&google_push=AYg5qPLRzqO0Dx6bQmBs_hUfvl7aTdDVqf11r2n7kCE8z6HJkcWzz9kqL6HM3nT0x2trvJuyh_PlP8FTNdAjnTvGyLJPV1u6xTuoyzgtplDszXJpvm42RrmLc1Iq1Js4K4lLwfMcJC-gy5Vh

Request Chain 182

https://rtb.openx.net/sync/dds?google_gid=CAESEKiJ0cOaFSazqsBe5RlVvV8&google_cver=1&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzDL_OBsuWr9kK7i1nzki-uAXCCGzRE7XcoLYhsteRIZU- HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEKiJ0cOaFSazqsBe5RlVvV8&google_cver=1&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzDL_OBsuWr9kK7i1nzki-uAXCCGzRE7XcoLYhsteRIZU-&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzDL_OBsuWr9kK7i1nzki-uAXCCGzRE7XcoLYhsteRIZU-&google_hm=9HQiCEDvxkkoMOJYT8Jfpg==

Request Chain 183

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGQvqvyejnmCQUrIZpRDczU&google_cver=1&google_push=AYg5qPI2EYqHvqOBM6kWFC2HeskOg1E-WHamOlvaS1RlwjqdvbMH1QkSdAQwlWHXrZFTC5qDBtfSfGB88SW1iQ_NAmbAPu2At3VYi0KC-W77Kzc40C-EUl5YUF9cUVFoqIERRtQ7uPMk0CA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGQvqvyejnmCQUrIZpRDczU&google_cver=1&google_push=AYg5qPI2EYqHvqOBM6kWFC2HeskOg1E-WHamOlvaS1RlwjqdvbMH1QkSdAQwlWHXrZFTC5qDBtfSfGB88SW1iQ_NAmbAPu2At3VYi0KC-W77Kzc40C-EUl5YUF9cUVFoqIERRtQ7uPMk0CA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI2EYqHvqOBM6kWFC2HeskOg1E-WHamOlvaS1RlwjqdvbMH1QkSdAQwlWHXrZFTC5qDBtfSfGB88SW1iQ_NAmbAPu2At3VYi0KC-W77Kzc40C-EUl5YUF9cUVFoqIERRtQ7uPMk0CA

Request Chain 184

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af

Request Chain 187

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 203

https://rtb.openx.net/sync/dds?google_gid=CAESEI_7vvdhp86L7bjqvv2tEAs&google_cver=1&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKWLwp20Colo8QIDOurz0y_rxld6sBTjMTIB7a0Vh_vC4q HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEI_7vvdhp86L7bjqvv2tEAs&google_cver=1&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKWLwp20Colo8QIDOurz0y_rxld6sBTjMTIB7a0Vh_vC4q&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKWLwp20Colo8QIDOurz0y_rxld6sBTjMTIB7a0Vh_vC4q&google_hm=9HQiCEDvxkkoMOJYT8Jfpg==

Request Chain 204

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMy03YKk-pPYY__HnQCHCKM&google_cver=1&google_push=AYg5qPJ_iH4bqc-mz9lno3JR8TdLxFth8ePWOYzVqWClR4DQ-Ny6x-AtEQ-CC6tjxVVA9hFzCIi6gtKK8w3aYOyMSg0mC452W-xUhJ5oSckkw99uv4B4sEIU2P-t1VkKbDZDvBQ9uz70XODL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ_iH4bqc-mz9lno3JR8TdLxFth8ePWOYzVqWClR4DQ-Ny6x-AtEQ-CC6tjxVVA9hFzCIi6gtKK8w3aYOyMSg0mC452W-xUhJ5oSckkw99uv4B4sEIU2P-t1VkKbDZDvBQ9uz70XODL

Request Chain 205

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHJ8AQQbLSgwcm3_OGXpV6I&google_cver=1&google_push=AYg5qPLoprselshUcDzVFx0x4PqK36MHsT10fUe241ak80p6a1fhAC3EqgwHWSegMf_-AJafuZIhHJGmBzmTG_YpGn3cXjrI6Au4rkWHVjuiY-8WYZUf7YUN9ckBUY97ks0Khp3Xh8ete7PF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&google_push=AYg5qPLoprselshUcDzVFx0x4PqK36MHsT10fUe241ak80p6a1fhAC3EqgwHWSegMf_-AJafuZIhHJGmBzmTG_YpGn3cXjrI6Au4rkWHVjuiY-8WYZUf7YUN9ckBUY97ks0Khp3Xh8ete7PF

Request Chain 206

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I&google_cver=1&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I

Request Chain 208

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEAYgRbZb8CjypNmF1xUWnNY&google_cver=1&google_push=AYg5qPKN0ScggGvENoi30Hk5XhYNkUbX17lkLL3f0kTn48rs0Y7mkVlwmb9wMv89T4ySBcDOXmu_mllUeeCSUzzUawDYMa6YE5YYp2ZsYAq5JUiXNnRI0B0ZelmLjbivUgy1ZI5LFEqv6tmj HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKN0ScggGvENoi30Hk5XhYNkUbX17lkLL3f0kTn48rs0Y7mkVlwmb9wMv89T4ySBcDOXmu_mllUeeCSUzzUawDYMa6YE5YYp2ZsYAq5JUiXNnRI0B0Zel&google_hm= HTTP 302
https://googlecm.hit.gemius.pl/dot.gif?id=pyM1l.MgAY658jQJ4ykHpoYhP_hR_2_qZ3eEDY6uHMX.C7&google_error=5

Request Chain 210

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 264

https://www6.smartadserver.com/ac?siteid=338324&pgid=1454088&fmtid=33229&ab=1&tgt=&oc=1&out=vast3&ps=1&pb=0&visit=S&vcn=s&vph=[playerHeight]&vpw=[playerWidth]&vpmt=[playbackMethod]&tmstp=1941544269&gdpr=[sas_gdpr_applies]&gdpr_consent=[sas_gdpr_consent] HTTP 302
https://www6.smartadserver.com/ac?siteid=338324&pgid=1454088&fmtid=33229&ab=1&tgt=&oc=1&out=vast3&ps=1&pb=0&visit=S&vcn=s&vph=%5BplayerHeight%5D&vpw=%5BplayerWidth%5D&vpmt=%5BplaybackMethod%5D&tmstp=1941544269&gdpr=%5Bsas_gdpr_applies%5D&gdpr_consent=%5Bsas_gdpr_consent%5D&cklb=1

270 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request affich-34031474-trojan-downloader Show response
forums.commentcamarche.net/forum/ 124 KB
29 KB 209ms
122ms Document
text/html 104.111.237.235
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.237.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-237-235.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4c6c7a5a3a2af0395efdfaf206443e3e490db47d6b6839f28a34f911daff80f1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .commentcamarche.net .commentcamarche.com;
X-Content-Security-Policy	frame-ancestors 'self' .commentcamarche.net .commentcamarche.com;
X-Frame-Options	DENY

Request headers

Host: forums.commentcamarche.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: Apache
Content-Type: text/html; charset=UTF-8
Content-Language: fr
X-Cache-Esi-Debug: Forwarded
Vary: Accept-Encoding
X-Frame-Options: DENY
X-Robots-Tag: index, follow
X-CCM: Not served by cache 1627048205
X-Content-Security-Policy: frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com;
Content-Security-Policy: frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com;
Last-Modified: Fri, 23 Jul 2021 13:50:05 GMT
Content-Encoding: gzip
Expires: Tue, 07 Sep 2021 18:37:29 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:29 GMT
Content-Length: 28874
Connection: keep-alive

GET
H2 200 Roboto-Gfonts-Regular.woff2
astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/fonts/ 15 KB
16 KB 79ms
18ms Font
font/woff2 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/fonts/Roboto-Gfonts-Regular.woff2
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: PrnSTvEExedycR0ar6z2OWyg8qy1Du9
last-modified: Mon, 10 May 2021 08:29:02 GMT
x-amz-request-id: tx00000000000000425459f-0061249e49-d9d868f-default-main
x-www-served-by: s3
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
date: Tue, 07 Sep 2021 18:37:29 GMT
accept-ranges: bytes
content-length: 15688
x-served-by: lxc-varnish-ressources-01

GET
H2 200 Roboto-Gfonts-Bold.woff2
astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/fonts/ 15 KB
16 KB 94ms
33ms Font
font/woff2 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/fonts/Roboto-Gfonts-Bold.woff2
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: vcWltU-hK-syDttF.tQ1uh72nPZ9xBO
last-modified: Mon, 10 May 2021 08:29:02 GMT
x-amz-request-id: tx00000000000000426ca5b-006125a79d-d9f8576-default-main
x-www-served-by: s3
etag: "bf28241e67511184c14dbd0ef7d39f91"
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
date: Tue, 07 Sep 2021 18:37:29 GMT
accept-ranges: bytes
content-length: 15828
x-served-by: lxc-varnish-ressources-02

GET
H2 200 componentsLightA
astatic.ccmbg.com/fc/css/ 10 KB
2 KB 80ms
20ms Stylesheet
text/css 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/css/componentsLightA?v=20200113153959
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ad491c66e29ec7591a82c2c91a8aaa20645f3449b4dd0f865ffdb3830770e651

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
x-www-served-by: lxc_dam_01
etag: 20200113153959
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2184
x-served-by: lxc-varnish-ressources-01

GET
H2 200 main
astatic.ccmbg.com/www.commentcamarche.net/css/ 583 KB
107 KB 82ms
22ms Stylesheet
text/css 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/css/main?v=20210903120714
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c089f1a7661e6c7474aef28aa4890524528bb6ba28fbfd1fdbb7d8650a46e030

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
x-www-served-by: lxc_dam_01
etag: 20210903120714
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 108917
x-served-by: lxc-varnish-ressources-02

GET
H2 200 skin_forum
astatic.ccmbg.com/www.commentcamarche.net/css/ 26 KB
5 KB 80ms
21ms Stylesheet
text/css 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/css/skin_forum?v=20210903120723
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5502669010ce8a02c74850a044e97fe8b38276d9e4de9fb49042c19ef4c22311

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
x-www-served-by: lxc_dam_01
etag: 20210903120723
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 5190
x-served-by: lxc-varnish-ressources-02

GET
H2 200 header.b59b328aa0bbe3790e1a.css
astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/css/ 12 KB
4 KB 81ms
22ms Stylesheet
text/css 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/css/header.b59b328aa0bbe3790e1a.css
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b1402b0b04f94c9ac7fb6689ec154949a62eeef52635a9b385c5649d3a7f26a4

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: dRlePPD6dNYz.aPqohRmqd8IK5zA-4H
content-encoding: gzip
last-modified: Mon, 31 May 2021 14:12:10 GMT
x-amz-request-id: tx000000000000004237a66-006122e577-d9f8576-default-main
x-www-served-by: s3
etag: W/"0f5f7a1ac452944b9cb1aca6746d0915"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
date: Tue, 07 Sep 2021 18:37:29 GMT
accept-ranges: bytes
content-length: 3406
x-served-by: lxc-varnish-ressources-01

GET
H2 200 footer.a50ddacc5aa1e60f0e4b.css
astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/css/ 4 KB
2 KB 119ms
60ms Stylesheet
text/css 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/css/footer.a50ddacc5aa1e60f0e4b.css
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: db84e0affe9940aea29a57d9ce892795a41ecdbcccadb3da04060c76af25e22e

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 8VlpNv553Z1jzfmK3Ihzg1P2dSdyIE1
content-encoding: gzip
last-modified: Mon, 31 May 2021 14:12:10 GMT
x-amz-request-id: tx00000000000000423b923-0061233ae3-d9f8576-default-main
x-www-served-by: s3
etag: W/"dc4f54ea0ad3b08edbac1cfb9a640aef"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
date: Tue, 07 Sep 2021 18:37:29 GMT
accept-ranges: bytes
content-length: 1726
x-served-by: lxc-varnish-ressources-02

GET
H/1.1 200
OK alpha.png
akm-static.ccmbg.com/a/aHR0cDovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcg==/ 68 B
444 B 106ms
26ms Image
image/png 104.111.237.235
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akm-static.ccmbg.com/a/aHR0cDovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcg==/alpha.png
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.237.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-237-235.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:29 GMT
Last-Modified: Thu, 18 Oct 2018 13:08:12 GMT
Server: AkamaiNetStorage
ETag: "e679fbd466a2d656f194a5da4fa083cd:1539868092"
Content-Type: image/png
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68
Expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 345 KB
101 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N4SNZN

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b59cb4602a4a520440f98b9867c1f612707a0965bc8494c91c7b6a67b0663865

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103329
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 121 KB
42 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PSD8NH

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc2d942829eb0b93ce1321a93f188bcc7356abbef19979ad0ea696c7bc7c75c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42522
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H/1.1 200
OK polyfill.css
akm-static.ccmbg.com/a/aHR0cDovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcg==/ 256 B
632 B 116ms
31ms Stylesheet
text/css 104.111.237.235
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://akm-static.ccmbg.com/a/aHR0cDovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcg==/polyfill.css
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.237.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-237-235.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 755cf1befb3a4e534fd446e703d0de8a4c5ec88f7586eb64f131dc7f3813a2cc

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:29 GMT
Last-Modified: Thu, 18 Oct 2018 13:08:51 GMT
Server: AkamaiNetStorage
ETag: "c86af52e2d47ee4537deeb0b55b9c3ec:1539868131"
Content-Type: text/css
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 256
Expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H2 200 770e30573ceb2c073e67bdcbdb87c84d-Malekal_morte
img-19.ccm2.net/yb4rFwPwjn1M8XIs0cBi0Tvb_Cs=/100x100/69435fc801234b20b25626b262c13809/auth-avatar/ 3 KB
3 KB 153ms
26ms Image
image/webp 104.111.237.235
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img-19.ccm2.net/yb4rFwPwjn1M8XIs0cBi0Tvb_Cs=/100x100/69435fc801234b20b25626b262c13809/auth-avatar/770e30573ceb2c073e67bdcbdb87c84d-Malekal_morte
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.237.235 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-237-235.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6f8fe041ec034ce69773cf40c4024a873f0c4da93ae6e6d300c8533bc4d40a84

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
last-modified: Thu, 07 Jan 2021 07:36:53 GMT
etag: "dabe74770d6793c2085ef6b2444c02368c277888"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31233038
accept-ranges: bytes
content-length: 2634
expires: Sun, 04 Sep 2022 06:28:07 GMT

GET
H2 200 profil--bonhomme.svg
astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ 6 KB
3 KB 47ms
44ms Image
image/svg+xml 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/profil--bonhomme.svg?3
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 78ac02adf745a649a860da0da4439b6ea61d87f465856f57137c2f77e27b5478

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2019 09:05:21 GMT
x-www-served-by: lxc_webcluster01_04
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2547
x-served-by: lxc-varnish-ressources-02

GET
H2 200 ico--avantage1--black.svg
astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ 3 KB
1 KB 47ms
44ms Image
image/svg+xml 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ico--avantage1--black.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 95ef5334eac7b0f5cbc0d66ddfd8ffa43f174abf9116da0ee608f1ae78d27403

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2019 09:05:21 GMT
x-www-served-by: lxc_webcluster01_06
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1081
x-served-by: lxc-varnish-ressources-01

GET
H2 200 ico--avantage2--black.svg
astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ 2 KB
1 KB 47ms
45ms Image
image/svg+xml 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ico--avantage2--black.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 84e3ab699e5b0d3c391a57913e1a840775f4eeb2610f1e2d124a1fd3e8475d11

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2019 09:05:21 GMT
x-www-served-by: lxc_webcluster01_05
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 827
x-served-by: lxc-varnish-ressources-01

GET
H2 200 ico--avantage3--black.svg
astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ 3 KB
1 KB 48ms
45ms Image
image/svg+xml 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ico--avantage3--black.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7636ff4777a79c0ffecc8720cdcf21bad9d64147ca883730670dcdd55f7be83a

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2019 09:05:21 GMT
x-www-served-by: lxc_webcluster01_05
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1243
x-served-by: lxc-varnish-ressources-01

GET
H2 200 ico--avantage4--black.svg
astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ 1 KB
900 B 48ms
44ms Image
image/svg+xml 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/_svg/ico--avantage4--black.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: eea60a66f1c1044419162cd5671a5adaffad94766ff931b5aeaa349909111e6e

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Tue, 23 Apr 2019 09:05:21 GMT
x-www-served-by: lxc_webcluster01_01
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 694
x-served-by: lxc-varnish-ressources-02

GET
H2 200 picto-nl.svg
astatic.ccmbg.com/ccmcms_commentcamarche/img/newsletter/ 3 KB
1 KB 48ms
45ms Image
image/svg+xml 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/ccmcms_commentcamarche/img/newsletter/picto-nl.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a1502f7edb3b44cda512da293596ff9163b027d71c2572026145de46fc2ee4c2

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Wed, 25 Mar 2020 10:58:14 GMT
x-www-served-by: lxc_webcluster01_07
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1141
x-served-by: lxc-varnish-ressources-01

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 11:14:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26603
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Sep 2022 11:14:06 GMT

GET
H2 200 core,lang.fr Show response
astatic.ccmbg.com/fc/js/ 121 KB
33 KB 22ms
19ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3681bc26d95f8c778c6f70a8a5ef41f33f3c2ffd392b06290925e970efad3895

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Thu, 21 Feb 2019 09:00:00 GMT
x-www-served-by: lxc_dam_01
etag: 20190221100000
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 33316
x-served-by: lxc-varnish-ressources-01

GET
H2 200 main Show response
astatic.ccmbg.com/www.commentcamarche.net/js/ 38 KB
11 KB 33ms
30ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/js/main?v=20210802154416
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8a5809af76692517558cd0a524ec42676179191702b05759c1afec7555ffe1e1

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Mon, 02 Aug 2021 13:44:00 GMT
x-www-served-by: lxc_dam_02
etag: 20210802154416
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 10729
x-served-by: lxc-varnish-ressources-02

GET
H2 200 header.4ac6a74b83b142eb21c4.js Show response
astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/js/ 6 KB
2 KB 36ms
33ms Script
application/javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/ccmcms_commentcamarche/dist/external/js/header.4ac6a74b83b142eb21c4.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2f54339ab0a5c613e53825dc014687c96a4926bec9993d5b34eca269da942721

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: o1YMcpQfgM0zeoe5XhrsK48FZK3WzH2
content-encoding: gzip
last-modified: Thu, 25 Jun 2020 08:39:07 GMT
x-amz-request-id: tx0000000000000005b2e03-0061262564-2254e3af-default-main
x-www-served-by: s3
etag: W/"afc6c3e37450bb0103f51720b0640f7e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
date: Tue, 07 Sep 2021 18:37:29 GMT
accept-ranges: bytes
content-length: 2075
x-served-by: lxc-varnish-ressources-01

GET
H2 200 codesnippet Show response
astatic.ccmbg.com/fc/js/ 69 KB
13 KB 37ms
34ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/js/codesnippet?v=20190221100000
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b9fe05b67e322f774aa406fe00df930649b758a928432a316e1b2a5efb4ab7fe

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Thu, 21 Feb 2019 09:00:00 GMT
x-www-served-by: lxc_dam_02
etag: 20190221100000
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 12819
x-served-by: lxc-varnish-ressources-01

GET
H2 200 responsive,headermobile,newsletter,ccm.common,skin,ccm.jqueryui-custom,ccm.contents.forum Show response
astatic.ccmbg.com/www.commentcamarche.net/js/ 268 KB
69 KB 44ms
41ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/js/responsive,headermobile,newsletter,ccm.common,skin,ccm.jqueryui-custom,ccm.contents.forum?v=20210802102117
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7ed2da3dc0d13695fab4e438e0d74c8edcfe6c24dcdfb6195cde00304bd5a498

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Wed, 07 Jul 2021 14:48:00 GMT
x-www-served-by: lxc_dam_01
etag: 20210707164819
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 70600
x-served-by: lxc-varnish-ressources-02

GET
H2 200 start Show response
astatic.ccmbg.com/www.commentcamarche.net/js/ 5 KB
2 KB 44ms
41ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/js/start?v=20210318153322
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 52fc20b9dff1443f82bd36d7269f969ac5b04e0295678d9d51d4c06acf47543f

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 14:33:00 GMT
x-www-served-by: lxc_dam_02
etag: 20210318153322
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1863
x-served-by: lxc-varnish-ressources-02

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PSD8NH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 6329
date: Tue, 07 Sep 2021 16:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Tue, 07 Sep 2021 18:52:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 127 KB
34 KB 110ms
34ms Script
application/javascript 13.225.35.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.35.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-35-62.cdg3.r.cloudfront.net
Software: Server /
Resource Hash: 1465ea73b9db4601cda29c323ea3eea1fc28337bd2c5193154c9ecbd7bf38bbb

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 09:18:37 GMT
content-encoding: gzip
age: 33531
x-cache: Hit from cloudfront
timing-allow-origin: *
server: Server
x-amz-rid: 0HX2989935D13N3BXEV9
etag: 708a268139e52bdfbe59398b3e766151
vary: Accept-Encoding
x-amz-version-id: bUOtLa_JuiaVr315AmNwDAtieSptDO4R
via: 1.1 c4341fb26af0c8ea61cf721453e6bebc.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: CDG3-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ZNTgOA8ePIkN_wKdIxuR8sRhDQKiJUeOPZjItw6grK-C7SUOLxlxaQ==

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 105ms
31ms Script
application/javascript 143.204.228.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.228.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-228-65.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 03 Sep 2021 15:42:36 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 17:38:57 GMT
Server: AmazonS3
Age: 356094
ETag: W/"51636de3ce868a2172f9e6996c2934e0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 e9287eddfeb8b79a705a9f26e1799360.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: CDG3-C1
X-Amz-Cf-Id: 3eEQ1soW3DIFKDrm1CynLIPrDtrhPXlvmEimHWhVLa8gKld2d9jXAA==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 118 KB
39 KB 49ms
22ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3982c942590876cf5a57ea212976927e47b081f65ead1a24e8d0c563e97e89b7

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 15:58:03 GMT
server: nginx
etag: W/"6115450b-1d808"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 08 Sep 2021 18:37:29 GMT

GET
H2 200 prebid Show response
astatic.ccmbg.com/fc/js/ 283 KB
88 KB 26ms
24ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/js/prebid?v=20210706164335
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ed1bf8a60cb5ffe8f35df41505840b1a46fb532a15c0f24ef0a8d7e499220126

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Tue, 06 Jul 2021 14:43:00 GMT
x-www-served-by: lxc_dam_02
etag: 20210706164335
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 89788
x-served-by: lxc-varnish-ressources-02

GET
H2 200 loader.js Show response
cdn.appconsent.io/ 263 B
741 B 45ms
11ms Script
application/javascript 35.227.209.167
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appconsent.io/loader.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.209.167 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 167.209.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1093721fd3d1b7475d09925296cc5986f52dcd8838cf5eca9c306387c34e0d53

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:36:45 GMT
content-encoding: gzip
age: 44
x-guploader-uploadid: ADPycdscUrRitf9yu3--QKEePvfKvs7wwCT-UXeGzJgpHbgldMA9Qe5Jv0MTQW-aHEPnZ2f6vfJtt8ZyjMEZTZ8Yya8
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 208
last-modified: Wed, 18 Aug 2021 14:32:29 GMT
server: UploadServer
etag: "e9f6c3d59790db6c2b7b073a34101d55"
vary: Accept-Encoding
x-goog-hash: crc32c=Rvm7OQ==, md5=6fbD1ZeQ22wrewc6NBAdVQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629297149844097
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 208
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 07 Sep 2021 19:36:45 GMT

GET
H2 200 commentcamarche.js Show response
static.digidip.net/ 12 KB
12 KB 109ms
33ms Script
text/javascript 13.225.25.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.digidip.net/commentcamarche.js?loc=https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.25.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-25-61.cdg3.r.cloudfront.net
Software: nginx/1.16.1 / PHP/7.3.16
Resource Hash: 045a2c60320da605d5659ab94cede04476912ac183d2cc7c1bd398acae576927

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 17:46:09 GMT
via: 1.1 aaefb45970dabebd3a727d7be2a72d11.cloudfront.net (CloudFront)
server: nginx/1.16.1
age: 3080
x-powered-by: PHP/7.3.16
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: public, max-age=3600
x-amz-cf-pop: CDG3-C2
x-amz-cf-id: 4Dk85moKqthEtVUkrLWcJOxCrJO9RLp8SlWUFwzTvElioomZ1nDyCw==
expires: Tue, 07 Sep 2021 18:46:09 GMT

GET
H2 200 js Show response
js.srvtrck.com/v1/ 67 KB
20 KB 47ms
17ms Script
application/javascript 2606:4700::6813:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.srvtrck.com/v1/js?api_key=fbb1e73815fc6a2e720ed1ffcd832d43&site_id=b865ccaa7e2c450eb7e682474c266bc3
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff967b438c73716ad8b146d82f8eab2703392999e2147c4645d8389bbf307159

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

cf-ray: 68b20c755a6f4abd-FRA
date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Sep 2021 20:06:28 GMT
server: cloudflare
age: 81016
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
cache-control: public, max-age=86400
content-type: application/javascript;charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Wed, 08 Sep 2021 18:37:29 GMT

GET
H2 200 wls.js Show response
static-lists.linternaute.com/wls/ 18 KB
8 KB 140ms
18ms Script
application/javascript 104.89.44.87
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lists.linternaute.com/wls/wls.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-87.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0877e419c532f7a5819292363a023ddb5a05a3623518e91e54d7a53fe74904a0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 09:23:37 GMT
x-backend: k8s-prod1-be
etag: W/"46f8-17af1938da8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=27
content-length: 7839

GET
H2 200 tcf-tagger.js Show response
tagger.opecloud.com/lefigaro/v2/ 2 KB
1 KB 68ms
18ms Script
text/javascript 3.127.193.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagger.opecloud.com/lefigaro/v2/tcf-tagger.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.193.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-193-214.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 24c6612de1da047a4a8b295ac292fc290e0b603d217a34f8527ac932a94530cb

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
cache-control: private, max-age=3600
content-encoding: gzip
content-length: 1075
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 71 KB
25 KB 25ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05df810f275cf536ad44bdfefb5b4821072e4cca2909a72acd66244f6b0de52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "980 / 985 of 1000 / last-modified: 1631012997"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25043
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H/1.1 200
OK tag.js Show response
dpm.zebestof.com/678/ 5 KB
2 KB 102ms
26ms Script
text/javascript 13.36.52.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.zebestof.com/678/tag.js

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.36.52.215 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-52-215.eu-west-3.compute.amazonaws.com

Software

Resource Hash

9cc50100b6f633fb0d0d7771f8af025e5163e5913bd479d9a2734a517ec6d85e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Frame-Options	sameorigin always

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:29 GMT
Content-Encoding: gzip
X-Frame-Options: sameorigin always
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Cache-Control: no-store
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
Access-Control-Allow-Headers
Content-Length: 2015

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2072733453&t=pageview&_s=1&dl=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ul=en-us&de=UTF-8&dt=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=6778172&gjid=1702204476&cid=312521241.1631039850&tid=UA-6560367-1&_gid=1846161746.1631039850&_r=1&gtm=2wg910PSD8NH&cd1=forum&cd2=forums.commentcamarche.net&cd3=Sujet%20Forum&cd4=production&cd6=Forum%20d%27assistance%20informatique&cd7=Virus%20%2F%20S%C3%A9curit%C3%A9&cd9=classique&cd10=Virus%20%2F%20S%C3%A9curit%C3%A9&cd15=&cd17=Anonyme&cd18=nonConnectee&cd19=paysage&cd20=Virus%20%2F%20S%C3%A9curit%C3%A9&cd21=oui&cd22=oui&cd23=4&cd24=25-10-2016&cd25=26-10-2016&cd29=sujet%20forum&cd35=&z=1868206576

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=2072733453&t=pageview&_s=1&dl=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&dp=%2Fforum%2Faffich-34031474-trojan-downloader&ul=en-us&de=UTF-8&dt=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEhAAEABAAAAAC~&jid=965673391&gjid=1891660275&cid=312521241.1631039850&tid=UA-101739686-1&_gid=1065026897.1631039850&_r=1&gtm=2wg910N4SNZN&cd1=forums.commentcamarche.net&cd2=production&cd3=Forum%20d%27assistance%20informatique&cd4=Virus%20%2F%20S%C3%A9curit%C3%A9&cd6=Sujet%20Forum&cd8=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F92.0.4515.159%20Safari%2F537.36&cd9=classique&cd11=Virus%20%2F%20S%C3%A9curit%C3%A9&cd18=KVJRsGaL&cd22=paysage&z=818266979

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
95 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-6560367-1&cid=312521241.1631039850&jid=6778172&gjid=1702204476&_gid=1846161746.1631039850&_u=YEBAAEAAAAAAAC~&z=274570218

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 07 Sep 2021 18:37:29 GMT
content-type: text/plain
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-101739686-1&cid=312521241.1631039850&jid=965673391&gjid=1891660275&_gid=1065026897.1631039850&_u=YEhAAEABAAAAAC~&z=1439245624

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 07 Sep 2021 18:37:29 GMT
content-type: text/plain
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
30ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-6560367-1&cid=312521241.1631039850&jid=6778172&_u=YEBAAEAAAAAAAC~&z=1562788943

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-6560367-1&cid=312521241.1631039850&jid=6778172&_u=YEBAAEAAAAAAAC~&z=1562788943

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2021090201.js Show response
securepubads.g.doubleclick.net/gpt/ 332 KB
117 KB 75ms
28ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

8be49f44baab6e5003972c8bc33123dd34257840a77a1d20b7365ae8b60a896c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 02 Sep 2021 08:37:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119104
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 375 B
833 B 72ms
27ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=forums.commentcamarche.net

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

73d5b6e82699ae9fca072e291b1285483f89c47dcbd017c922f136f0973cb7d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 175
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:29 GMT

GET
H2 200 core.bundle.js Show response
cdn.appconsent.io/tcf2/28.5.0/ 332 KB
71 KB 13ms
12ms Script
application/javascript 35.227.209.167
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appconsent.io/tcf2/28.5.0/core.bundle.js
Requested by: Host: cdn.appconsent.io
URL: https://cdn.appconsent.io/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.209.167 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 167.209.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f00c5784ddf9d97ff66a5811f764cff205d4881a5338d55d191785c3b9eb642a

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 06:28:46 GMT
content-encoding: gzip
age: 475723
x-guploader-uploadid: ADPycduHbBCvhZXG3r9H4N97qtl_oT01sdOhTWPkvyQ6eLw13fKuwlhg3r5TGkNqhNktmHKQ7nGfcD3sVPmuiJ58sf87DKTt3A
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 72405
last-modified: Wed, 18 Aug 2021 14:16:59 GMT
server: UploadServer
etag: "b42e573b22a54c177d2f9dfd736541e3"
vary: Accept-Encoding
x-goog-hash: crc32c=2xsPnA==, md5=tC5XOyKlTBd9L539c2VB4w==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629296218999518
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
cache-control: public,max-age=604800
x-goog-stored-content-length: 72405
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 09 Sep 2021 06:28:46 GMT

GET
H/1.1 200
OK hjdebh67699dwnjldw00.js Show response
dnlgm0m0r44nl.cloudfront.net/abp/ 20 B
487 B 64ms
17ms Script
text/javascript 18.66.92.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dnlgm0m0r44nl.cloudfront.net/abp/hjdebh67699dwnjldw00.js
Requested by: Host: js.srvtrck.com
URL: https://js.srvtrck.com/v1/js?api_key=fbb1e73815fc6a2e720ed1ffcd832d43&site_id=b865ccaa7e2c450eb7e682474c266bc3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.92.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7516842ff556ff708e84893bf1006bf21e38f04a3374d64b64fb4db461b8c49c

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 08:13:45 GMT
Via: 1.1 018ffb575888f1c9ec960e3e977c042f.cloudfront.net (CloudFront)
Last-Modified: Mon, 24 Nov 2014 16:56:36 GMT
Server: AmazonS3
Age: 37425
ETag: "1db728e2d3216682f555d0c1e5b1127c"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA56-P2
Accept-Ranges: bytes
Content-Length: 20
X-Amz-Cf-Id: X55Gp0mrWlSlAafScf55lXvrbgYmoNGer2uAOmm3zMnjt1r5k1XRlw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 91ms
29ms XHR
application/javascript 13.225.35.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.35.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-35-62.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 1dppa0FEY0AlYhS84l0s6ApD5iti9Or8
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 42099
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Mon, 06 Sep 2021 06:55:47 GMT
server: AmazonS3
date: Tue, 07 Sep 2021 06:55:52 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 5b94f68b8669a909c688f32ce5942b2f.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: CDG3-C2
x-amz-cf-id: KRQgkp3B7mLGzZaH8QL1PKGMV1V_Uh5CbOkqy1q8zbcfUMyms2HeBg==

GET
DATA 200
OK truncated
/ 239 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 401e6eb62879b686f33b7aa6573ca259f7d4534cf0da85cb56ec5b96b1260ba3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 225 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3ebb06f58acc280e5d90bd8853be0f6e2344688322b11abe98e514fbfb80808

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 258 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69fb0bb86a5163aa78e0b9af683c88813f7642018c155fe358f95f5ec8401773

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcd43da7df771c935253b7d469416fd9f4ab904f8cf1a12b1c8f0a9660fc46f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 582 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 569db0bd476ed216140709fd498b915f54ed8ce1cf0f14085ed72822af31b88d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 178 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4cd2de1069cc1936a590429e5352a9367cd46094b08b3919f2c90ff0072073e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7027a15ff02eb8c8ff34da3a46aabcf135649f6b18a6ca956fe767d1d9b65028

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 585cebc3dc95f13d010bea414d005d1542b3aed2fdb8ff79591a29f4652406f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa4b73d8b826f378a9871dda3044cb71abbbcea8f0601beb257b7f417da64a68

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 avatar_20.jpg
astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/avatars/ 4 KB
4 KB 20ms
18ms Image
image/jpeg 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://astatic.ccmbg.com/www.commentcamarche.net/_skin/assets/img/avatars/avatar_20.jpg
Requested by: Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/www.commentcamarche.net/css/main?v=20210903120714
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 21f0cb8208ea2729469af02c2487a853a936b4bc12af310dcfbc98288005a439

Request headers

Referer: https://astatic.ccmbg.com/www.commentcamarche.net/css/main?v=20210903120714
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
last-modified: Thu, 14 Nov 2019 09:46:22 GMT
x-www-served-by: lxc_webcluster01_04
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 3864
x-served-by: lxc-varnish-ressources-02

GET
DATA 200
OK truncated
/ 343 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4210fcb7cfa530a22a3cc693d56ffa3914ea29ed38b9c29e60b88821c2bb2eb6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 controltag Show response
cdn.krxd.net/ 32 KB
8 KB 69ms
20ms Script
text/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag?confid=KVJRsGaL
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 57c2dd8141da2bbcfaa3ce98819609891d6466305d16b3b0dceb7709e2ff4d8b

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 varnish, 1.1 varnish
age: 811
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 8295
x-served-by: config-service-a004-ash-prod.krxd.net, cache-bwi5183-BWI, cache-fra19141-FRA
x-response-time: 0
x-do-esi: esi
x-timer: S1631039850.097906,VS0,VE1
etag: "222120a80d922e24bda2ab1c3ba9ff2bd97d3a9b"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 1

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 4 KB
2 KB 53ms
15ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:21:49 GMT
content-encoding: gzip
age: 941
x-guploader-uploadid: ADPycdsZlL1L_E6tv_NYKhzyItpQ8obq2SrIVhMOFuwOSqEG-hR1z6Q6Gh0Y3YqREudw6eRH-BIKpocXXWO1hndoXH-DHO7piw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1482
last-modified: Wed, 07 Apr 2021 18:40:01 GMT
server: UploadServer
etag: "dd7e4933d35d1a7cb610442e9bea8b94"
vary: Accept-Encoding
x-goog-hash: crc32c=dtXWGA==, md5=3X5JM9NdGny2EEQum+qLlA==
x-goog-generation: 1617820801121016
cache-control: public,max-age=3600
x-goog-stored-content-length: 1482
accept-ranges: bytes
content-type: application/javascript

GET
H2 204 uid Show response
tagger.opecloud.com/lefigaro/v2/ 0
157 B 20ms
20ms XHR
text/plain 3.127.193.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagger.opecloud.com/lefigaro/v2/uid
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.193.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-193-214.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: https://forums.commentcamarche.net
date: Tue, 07 Sep 2021 18:37:30 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK containr.js Show response
cdn.mookie1.com/ 2 KB
2 KB 87ms
27ms Script
application/x-javascript 104.111.237.122
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mookie1.com/containr.js
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.237.122 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-237-122.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 59bf69bcb73a067dc5a15f87f4d1236bf10b7eb558ab5697286d3f4419b604fc

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 18:37:30 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 1177
Last-Modified: Thu, 28 May 2020 09:27:37 GMT
Server: AkamaiNetStorage
ETag: "b48b8b10a8dae52dda97f6860932dcc0:1590658057.20858"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=60
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Tue, 07 Sep 2021 18:38:30 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 34ms
34ms Script
application/javascript 13.225.25.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js?cs_ucfr=1
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.25.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-25-74.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 14:16:12 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 18811
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ae3d49939dec29dad9a36d45f67300d1.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-amz-cf-id: SyoeCVPypATDjEoMON3AE2F4_RxcjnLj1gOwE-vDbAGm8VK6am_SjQ==

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j93&a=2072733453&t=event&ni=1&_s=2&dl=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ul=en-us&de=UTF-8&dt=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=global&ea=cnil_consent&el=gdpr_not_apply&_u=6EhAAEABAAAAAC~&jid=&gjid=&cid=312521241.1631039850&tid=UA-6560367-1&_gid=1846161746.1631039850&gtm=2wg910PSD8NH&cd1=forum&cd2=forums.commentcamarche.net&cd3=Sujet%20Forum&cd4=production&cd6=Forum%20d%27assistance%20informatique&cd7=Virus%20%2F%20S%C3%A9curit%C3%A9&cd9=classique&cd10=Virus%20%2F%20S%C3%A9curit%C3%A9&cd15=&cd17=Anonyme&cd18=nonConnectee&cd19=paysage&cd20=Virus%20%2F%20S%C3%A9curit%C3%A9&cd21=oui&cd22=oui&cd23=4&cd24=25-10-2016&cd25=26-10-2016&cd29=sujet%20forum&cd35=&z=976046737

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 04:06:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 52283
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 319 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45b181624cbe52f524739653c496bac6ad56d61da71c63c77b7eb06ce6f8cb31

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

362358.gif
idsync.rlcdn.com/
Redirect Chain

https://tagger.opecloud.com/lefigaro/v2/pixel.gif?url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ref=&tz=-2&screen=1600x1200x24&tref=&cmpstatus=gdprdoesnot...
https://tagger.opecloud.com/lefigaro/v2/pixel.gif?e=%5B%7B%22type%22%3A%22default%22%2C%22page_attr_url_cleaned%22%3A%22forums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader%22%2C%...
https://secure.adnxs.com/getuid?https%3A%2F%2Ftagger.opecloud.com%2Fappnexus%2Fpbfs.gif%3Fsource%3Dlefigaro%26state%3D2-ny%252BysyA4%252BDWPfN5R%252FtdiXadZaWibkOhcwhKr%26puid%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Ftagger.opecloud.com%252Fappnexus%252Fpbfs.gif%253Fsource%253Dlefigaro%2526state%253D2-ny%25252BysyA4%25252BDWPfN5R%25252FtdiXadZaWibk...
https://tagger.opecloud.com/appnexus/pbfs.gif?source=lefigaro&state=2-ny%2BysyA4%2BDWPfN5R%2FtdiXadZaWibkOhcwhKr&puid=37618539627193540
https://cm.g.doubleclick.net/pixel?google_nid=1plusx_dmp&google_cm&state=2-Iz7zmjPHjbBxwssFTes8c2Nfm3AgG6gXUqKQ&source=lefigaro
https://cm.g.doubleclick.net/pixel?google_nid=1plusx_dmp&google_cm=&state=2-Iz7zmjPHjbBxwssFTes8c2Nfm3AgG6gXUqKQ&source=lefigaro&google_tc=
https://tagger.opecloud.com/dbm/opecs.gif?state=2-Iz7zmjPHjbBxwssFTes8c2Nfm3AgG6gXUqKQ&source=lefigaro&google_gid=CAESEDQGVcdgE3z2M870KiozgJ4&google_cver=1
https://idsync.rlcdn.com/710875.gif?partner_uid=af9a43dd-8a21-3b48-83a4-9608d101b9b8
https://idsync.rlcdn.com/1000.gif?memo=CNuxKxIwCiwIARDR9gkaJGFmOWE0M2RkLThhMjEtM2I0OC04M2E0LTk2MDhkMTAxYjliOBAAGg0I6uLeiQYSBQjoBxAAQgBKAA
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEhygXHHpufaYb96UulMtxs&google_cver=1

42 B
317 B

31ms
26ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEhygXHHpufaYb96UulMtxs&google_cver=1
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEhygXHHpufaYb96UulMtxs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fancybox Show response
astatic.ccmbg.com/fc/js/ 31 KB
10 KB 18ms
18ms Script
application/x-javascript 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/js/fancybox?v=20190916102903
Requested by: Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a332079417cc3f5a266d718bdee81c22c78b2677ed75addbec5acc6b70107ede

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
last-modified: Mon, 16 Sep 2019 08:29:00 GMT
x-www-served-by: lxc_dam_01
etag: 20190916102903
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 9763
x-served-by: lxc-varnish-ressources-02

GET
H2 200 fancybox
astatic.ccmbg.com/fc/css/ 5 KB
2 KB 18ms
18ms Stylesheet
text/css 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/css/fancybox?v=20190916102903
Requested by: Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2d89038070161455a1fb23f32823ef8494fe7e6f11710301930250ef4e4fcd42

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-www-served-by: lxc_dam_01
etag: 20190916102903
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1470
x-served-by: lxc-varnish-ressources-01

GET
H/1.1 200
OK uuid.html Show response
hades.srvtrck.com/v2/ Frame 5877 311 B
486 B 164ms
38ms Document
text/html 34.248.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hades.srvtrck.com/v2/uuid.html
Requested by: Host: js.srvtrck.com
URL: https://js.srvtrck.com/v1/js?api_key=fbb1e73815fc6a2e720ed1ffcd832d43&site_id=b865ccaa7e2c450eb7e682474c266bc3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.201.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-201-47.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cd45713beee6c2428f11ad6444c6e2a6bbe1bfad330e68002052e9832a5dcc03

Request headers

Host: hades.srvtrck.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

Server: Apache-Coyote/1.1
Last-Modified: Tue, 07 Sep 2021 16:40:50 GMT
Content-Type: text/html
Content-Length: 311
Date: Tue, 07 Sep 2021 18:37:29 GMT

GET
H2 200 i
i.srvtrck.com/v1/ 68 B
244 B 69ms
58ms Image
image/png 2606:4700::6813:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.srvtrck.com/v1/i?e=pi&api_key=fbb1e73815fc6a2e720ed1ffcd832d43&site_id=b865ccaa7e2c450eb7e682474c266bc3&tid=8cbb4604-e871-4024-86fa-e4cb22d9ebbb&dch=gaia&tna=gaia&tv=0.145&title=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&refr=&page=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&afsrc=1&cache=HN020BK8GCQQDHB61KRNR4HF2B6O4EDG&vid=null&dnt=0
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 68b20c779fd24abd-FRA
p3p: CP="CAO PSA OUR"
content-type: image/png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 68

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame EB58 11 KB
5 KB 68ms
23ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=forums.commentcamarche.net&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

58da6480fc50a14bd6f73842552e9bfbd623d883c9a81d68b7d27b52d0afe71c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=forums.commentcamarche.net&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1875
set-cookie: uid=0bdaf4b7-3cc1-4ae8-8745-735e4723a226; expires=Sun, 02 Oct 2022 18:37:29 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Tue, 07 Sep 2021 18:37:29 GMT
content-length: 4666

GET
H2 200 wl.woff2
astatic.ccmbg.com/fc/fonts/whitelist/ 2 KB
2 KB 19ms
19ms Font
application/octet-stream 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/fonts/whitelist/wl.woff2
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: db1042fa1940eb82fcfad4779edaffea8f2dec93733854b6ad6b61623bb52411

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
last-modified: Tue, 13 Oct 2020 08:44:32 GMT
x-www-served-by: lxc_webcluster01_06
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2040
x-served-by: lxc-varnish-ressources-01

GET
H2 200 wl2.woff2
astatic.ccmbg.com/fc/fonts/whitelist/ 2 KB
2 KB 20ms
19ms Font
application/octet-stream 104.89.44.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://astatic.ccmbg.com/fc/fonts/whitelist/wl2.woff2
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.44.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-127.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: db1042fa1940eb82fcfad4779edaffea8f2dec93733854b6ad6b61623bb52411

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
last-modified: Wed, 14 Oct 2020 14:16:46 GMT
x-www-served-by: lxc_webcluster01_02
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2040
x-served-by: lxc-varnish-ressources-02

GET
H2 200 AGSKWxUUCYr9Z1gTsstp4bBHIhFFeRqJ83QE9kIjbl3kkmZShCh_i-As55o6RNOLMgmSMjU9xKrhTrB8PeB-H_Fj98c= Show response
fundingchoicesmessages.google.com/f/ 93 KB
35 KB 69ms
46ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUUCYr9Z1gTsstp4bBHIhFFeRqJ83QE9kIjbl3kkmZShCh_i-As55o6RNOLMgmSMjU9xKrhTrB8PeB-H_Fj98c=

Requested by

Host: static-lists.linternaute.com
URL: https://static-lists.linternaute.com/wls/wls.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c9fac7ca6bdc959e4cdd01b685d75e11b68946524d285288a055cac62528db4e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dqIgbv8zNilZkVKUMjVVBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-dqIgbv8zNilZkVKUMjVVBg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-dqIgbv8zNilZkVKUMjVVBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-dqIgbv8zNilZkVKUMjVVBg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 575 B
816 B 142ms
51ms XHR
application/json 52.19.5.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=925755&slot=%7Bid:ba_x02,s:1.1,p:/31695825/commentcamarche/web_desktop_nos/desktop_fr_ccm_hightech_forum-virus-securite_forum_special,t:display%7D&slot=%7Bid:ba_top,s:1.1,p:/31695825/commentcamarche/web_desktop_nos/desktop_fr_ccm_hightech_forum-virus-securite_forum_mban_atf,t:display%7D&slot=%7Bid:ba_right,s:1.1,p:/31695825/commentcamarche/web_desktop_nos/desktop_fr_ccm_hightech_forum-virus-securite_forum_pave_atf,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=80ec89f6-e26b-5cf7-8019-aaf6bff24d11&url=https%253A%252F%252Fforums.commentcamarche.net%252Fforum%252Faffich-34031474-trojan-downloader
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.5.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-5-220.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8eb9708f332082f0bf87339c8c9b15b4961d18e164fe1f097e65fb678ad307ff

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
x-server-name: app23.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://forums.commentcamarche.net
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
308 B 118ms
117ms XHR
text/plain 13.225.35.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3247&u=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.35.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-35-62.cdg3.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:29 GMT
via: 1.1 c4341fb26af0c8ea61cf721453e6bebc.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG3-C2
x-cache: Miss from cloudfront
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-id: 4uCewPbpDu5CGQmDBvr9MiA9e_TdAuySgOiVJKXSsk3K9OonOwsnlQ==

OPTIONS
H2 200 profile
profiles.tagger.opecloud.com/api/v1/lefigaro/ Frame 0
0 62ms
18ms Preflight 18.193.140.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://profiles.tagger.opecloud.com/api/v1/lefigaro/profile?url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&gdpr_applies=0&consent_string=
Protocol: H2
Server: 18.193.140.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-140-39.eu-central-1.compute.amazonaws.com
Software: akka-http/10.2.4 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: referrer-policy
Origin: https://forums.commentcamarche.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-length: 0
access-control-allow-headers: referrer-policy
access-control-allow-origin: https://forums.commentcamarche.net
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-max-age: 1800
access-control-allow-credentials: true
server: akka-http/10.2.4

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 137 B
521 B 206ms
205ms XHR
text/javascript 13.225.35.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3247&u=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&pid=IymokrOovfEru&cb=0&ws=1600x1200&v=7.68.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F31695825%2Fcommentcamarche%2Fweb_desktop_nos%2Fdesktop_fr_ccm_hightech_forum-virus-securite_forum_mban_atf%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F31695825%2Fcommentcamarche%2Fweb_desktop_nos%2Fdesktop_fr_ccm_hightech_forum-virus-securite_forum_pave_atf%22%7D%5D&cfgv=0&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.35.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-35-62.cdg3.r.cloudfront.net
Software: Server /
Resource Hash: add3220d92f30d53f967caa8e95787e7f4543d1d7acdcf81d95923bb4de619f9

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: CDG3-C2
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://forums.commentcamarche.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 139
via: 1.1 c4341fb26af0c8ea61cf721453e6bebc.cloudfront.net (CloudFront)
x-amz-cf-id: TnAllU1tqDsUQ3aQVlPn4FniiAYJvD4rVxGTnlMv-hkwdJlFAV5doA==

GET
H/1.1 200
OK getuidp Show response
secure.adnxs.com/ 38 B
704 B 92ms
31ms Script
application/javascript 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidp?callback=getUIDP_handle_6059699220

Requested by

Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

65ee5d200ac373724a7dd2f1193559bf84c567c2cd671d2467f5675189b2ea56

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:30 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b542e3d4-ef70-4ba7-9233-ab1721b2145f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 38
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 profile Show response
profiles.tagger.opecloud.com/api/v1/lefigaro/ 15 B
234 B 59ms
23ms XHR
application/json 18.193.140.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://profiles.tagger.opecloud.com/api/v1/lefigaro/profile?url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&gdpr_applies=0&consent_string=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.140.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-140-39.eu-central-1.compute.amazonaws.com
Software: akka-http/10.2.4 /
Resource Hash: da5956eb40499755436091829dc92f137f6a7d076a34df1aed00e74ca4689141

Request headers

Referrer-Policy: no-referrer-when-downgrade
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: https://forums.commentcamarche.net
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: akka-http/10.2.4
cache-control: no-cache
content-type: application/json

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 59ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d9e83e3e3d08f9a8d567753deae5b2de7e51709a25adba8cb4525db28a22f4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49516
x-xss-protection: 0
server: cafe
etag: 11734312164484278086
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Sep 2021 18:37:30 GMT

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 182 KB
61 KB 102ms
41ms Script
application/x-javascript 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ac383aef15736a1e1f8df9ce728d429368771f5906a14569edc5b0345e11d02e

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 13:13:35 GMT
etag: W/"2d8e6-i6HKAplNG73nIr7nKROaIXQ1iAM"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: 85ea5f3a24e28838db65455884591b24
timing-allow-origin: *, *
content-length: 61991
expires: Tue, 07 Sep 2021 22:37:30 GMT

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=13184767&ns__t=1631039850294&ns_c=UTF-8&cv=3.5&c8=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&c7=https%3A%2F%2Fforums.comment...
https://sb.scorecardresearch.com/b2?c1=2&c2=13184767&ns__t=1631039850294&ns_c=UTF-8&cv=3.5&c8=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&c7=https%3A%2F%2Fforums.commen...

64 B
330 B

47ms
46ms

Image
image/gif

13.225.25.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=13184767&ns__t=1631039850294&ns_c=UTF-8&cv=3.5&c8=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&c7=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&c9=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.25.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-25-74.cdg3.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 ae3d49939dec29dad9a36d45f67300d1.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: KgsSWiBvQynEW_Nj2cFBdM2jE-SLLDY4GGW44HnHvCLyFrlldPOHLg==

Redirect headers

date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 ae3d49939dec29dad9a36d45f67300d1.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=13184767&ns__t=1631039850294&ns_c=UTF-8&cv=3.5&c8=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&c7=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&c9=
content-length: 280
x-amz-cf-id: _EPHyM4U0WVBxiyouJYSWKC_bVVVYxGNjirRppWOjBwpFmLChGYmyA==

GET
H2 200 learn
fr-gmtdmp.mookie1.com/t/v2/ 43 B
609 B 63ms
27ms Image
image/gif 35.186.238.175
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fr-gmtdmp.mookie1.com/t/v2/learn?tagid=V2_677986&src.rand=%5Btimestamp%5D&depp=6.3.2-7
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.238.175 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 175.238.186.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ 259 KB
83 KB 20ms
20ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag?confid=KVJRsGaL
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
age: 3133194
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 1287284
content-length: 84509
x-served-by: cache-fra19141-FRA
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1631039850.305737,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

POST
H3-29 204 AGSKWxViHT7g-iOUPuRY81daQ5U0ef7YW0x1Z3FJODSTIy3YhhWO9AZV8q2Qg6Cy2m5MlgiUuYd8gskmPv45Tpkqsbg= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 45ms
31ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHT7g-iOUPuRY81daQ5U0ef7YW0x1Z3FJODSTIy3YhhWO9AZV8q2Qg6Cy2m5MlgiUuYd8gskmPv45Tpkqsbg=?pvid=F6507DE8-19B1-43BD-894C-84117153AEF1&anonid=1DF9E02A-6037-406C-8B5B-EBABA2CDC894

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.CRPl7cMoOK8.es5.O/d=1/rs=AJlcJMzb_F0mAR5NsX9C4rTyvYc95oDEiA/m=loader_js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qbXTfPZY/2j9Umeo9vhhYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-qbXTfPZY/2j9Umeo9vhhYA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-qbXTfPZY/2j9Umeo9vhhYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-qbXTfPZY/2j9Umeo9vhhYA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxViHT7g-iOUPuRY81daQ5U0ef7YW0x1Z3FJODSTIy3YhhWO9AZV8q2Qg6Cy2m5MlgiUuYd8gskmPv45Tpkqsbg= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 34ms
21ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.CRPl7cMoOK8.es5.O/d=1/rs=AJlcJMzb_F0mAR5NsX9C4rTyvYc95oDEiA/m=loader_js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eBkTC980P0Xo17yOVuUK4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-eBkTC980P0Xo17yOVuUK4Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-eBkTC980P0Xo17yOVuUK4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-eBkTC980P0Xo17yOVuUK4Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxViHT7g-iOUPuRY81daQ5U0ef7YW0x1Z3FJODSTIy3YhhWO9AZV8q2Qg6Cy2m5MlgiUuYd8gskmPv45Tpkqsbg= Show response
fundingchoicesmessages.google.com/el/ 0
27 B 22ms
21ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.CRPl7cMoOK8.es5.O/d=1/rs=AJlcJMzb_F0mAR5NsX9C4rTyvYc95oDEiA/m=loader_js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-P9KNrWJAH9UGgSf4/pWUOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-P9KNrWJAH9UGgSf4/pWUOQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-P9KNrWJAH9UGgSf4/pWUOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-P9KNrWJAH9UGgSf4/pWUOQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 AGSKWxW1LuIoXFQATqlKbGKKyCqURVL9MLovI9kJHYIiAxhl99tFHoaxT8V640bzR0Oc45zr_pl7oSz2BolSuUFakhg= Show response
fundingchoicesmessages.google.com/f/ 85 KB
31 KB 70ms
55ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW1LuIoXFQATqlKbGKKyCqURVL9MLovI9kJHYIiAxhl99tFHoaxT8V640bzR0Oc45zr_pl7oSz2BolSuUFakhg=?fccs=W251bGwsW1tdLFtdXSxudWxsLG51bGwsbnVsbCwyLFsxNjMxMDM5ODUwLDM1MDAwMDAwMF0sIkY2NTA3REU4LTE5QjEtNDNCRC04OTRDLTg0MTE3MTUzQUVGMSIsIjFERjlFMDJBLTYwMzctNDA2Qy04QjVCLUVCQUJBMkNEQzg5NCIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlciJd

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.CRPl7cMoOK8.es5.O/d=1/rs=AJlcJMzb_F0mAR5NsX9C4rTyvYc95oDEiA/m=loader_js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f9bd2c169259d2b5f9b3bcc809f3bca03429142c842f1d76945ff47783101573

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HY0kzJNZ9Ja7U+7pJyp8Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-HY0kzJNZ9Ja7U+7pJyp8Aw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-HY0kzJNZ9Ja7U+7pJyp8Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-HY0kzJNZ9Ja7U+7pJyp8Aw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame EB58
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=commentcamarche.net&sn=ChromeSyncframe&so=0&topUrl=forums.commentcamarche.net&cw=1
https://mug.criteo.com/sid?cpp=QqU4sXxic2VZRHB1UkhDUU1NTHQ2SzRIL2RQeFdNMWhqZjVFZVZPb0E5NXBIeWUvM3lMZXJYMkZqM1BUcFY3YWFUbS9LcHRrSW50M010ZnJmbkFPN2VxdFF5dXhxWnhBRjBZWTZQVzBxMlIySDA2a3RSME9ZRW5ZeFppMT...

460 B
646 B

93ms
31ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=QqU4sXxic2VZRHB1UkhDUU1NTHQ2SzRIL2RQeFdNMWhqZjVFZVZPb0E5NXBIeWUvM3lMZXJYMkZqM1BUcFY3YWFUbS9LcHRrSW50M010ZnJmbkFPN2VxdFF5dXhxWnhBRjBZWTZQVzBxMlIySDA2a3RSME9ZRW5ZeFppMTlrRlYwby9wWmlxN0xYUUJ0NG5sMDRDR3RnVWZWMDJnSys5RnlpYWV5NDlNRGtZRVRSdTkrdzcwSjNIeGZ2MDZlWklMMllLSlR1NnBmcDJsc1gveG5UT3ZnNGo1VXBKaWZ6Z3FDWTY5ckhHVmlYekExK1pjb2k3bjhBVzVob3ZDUGorZjBpSmMzT2x5TXFSdmdtc3lTN08yeWkxN3hkZz09fA&cppv=2

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=forums.commentcamarche.net&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f8203458a8f6731e66cfc6a563a4804838881264d4c0dbf3b78b05a58b24ee3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 07 Sep 2021 18:37:30 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2649
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 07 Sep 2021 18:37:29 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=QqU4sXxic2VZRHB1UkhDUU1NTHQ2SzRIL2RQeFdNMWhqZjVFZVZPb0E5NXBIeWUvM3lMZXJYMkZqM1BUcFY3YWFUbS9LcHRrSW50M010ZnJmbkFPN2VxdFF5dXhxWnhBRjBZWTZQVzBxMlIySDA2a3RSME9ZRW5ZeFppMTlrRlYwby9wWmlxN0xYUUJ0NG5sMDRDR3RnVWZWMDJnSys5RnlpYWV5NDlNRGtZRVRSdTkrdzcwSjNIeGZ2MDZlWklMMllLSlR1NnBmcDJsc1gveG5UT3ZnNGo1VXBKaWZ6Z3FDWTY5ckhHVmlYekExK1pjb2k3bjhBVzVob3ZDUGorZjBpSmMzT2x5TXFSdmdtc3lTN08yeWkxN3hkZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1962
content-length: 541
expires: 0

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 250 KB
93 KB 45ms
31ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=pub-7217167928558291&plah=forums.commentcamarche.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d739f4e9502d3c672029d4580ddff6e52872660508cc4b3f5c2eb2735c66a466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95175
x-xss-protection: 0
server: cafe
etag: 18091442808060632251
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 07 Sep 2021 18:37:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210901/r20190131/ Frame 2E63 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210901/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210901/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 07 Sep 2021 04:03:18 GMT
expires: Tue, 21 Sep 2021 04:03:18 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 52452
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 hubvisor.js Show response
cdn.hubvisor.io/wrapper/01BYK28ENND8X5G8K0AJ2DPK9E/ 1 MB
266 KB 58ms
33ms Script
application/javascript 2606:4700::6813:b702
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hubvisor.io/wrapper/01BYK28ENND8X5G8K0AJ2DPK9E/hubvisor.js
Requested by: Host: astatic.ccmbg.com
URL: https://astatic.ccmbg.com/fc/js/core,lang.fr?v=20210128153237
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:b702 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 409cb94ac859590a6a6e1ab788d3b934189951e70b3c4267fef3b1e37a5adb31

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 36501
x-guploader-uploadid: ADPycdtyRaDZZiL0oPaC1zpVWrDsO_9oUQFJkEvmso0waiNIgeCuT52UXC3lKi4QuDYmeW3IeXOQqTqthZIZW8mCgGk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
last-modified: Tue, 07 Sep 2021 08:28:57 GMT
server: cloudflare
etag: W/"bf12c4b96cd18f7895a7a151a49d03a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=V/qUJg==, md5=vxLEuWzRj3iVp6FRpJ0DpA==
x-goog-generation: 1631003337026235
cache-control: public, max-age=3600, s-maxage=180, stale-while-revalidate=86400
x-goog-stored-content-length: 282889
cf-ray: 68b20c79b9514e8c-FRA
expires: Tue, 07 Sep 2021 08:32:09 GMT

GET
H/1.1 200
OK json2.js Show response
hades.srvtrck.com/static/ Frame 5877 3 KB
4 KB 44ms
44ms Script
application/javascript 34.248.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hades.srvtrck.com/static/json2.js
Requested by: Host: hades.srvtrck.com
URL: https://hades.srvtrck.com/v2/uuid.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.201.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-201-47.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: caba961cf71d7213df26fc8d5f11212204b5968f62698056ce768dada4656676

Request headers

Referer: https://hades.srvtrck.com/v2/uuid.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 18:37:29 GMT
Cache-Control: public, max-age=86400
Expires: Wed, 08 Sep 2021 18:37:30 GMT
Last-Modified: Tue, 07 Sep 2021 16:40:50 GMT
Server: Apache-Coyote/1.1
Content-Length: 3331
Content-Type: application/javascript;charset=UTF-8

GET
H/1.1 200
OK hades-server2.js Show response
hades.srvtrck.com/static/ Frame 5877 5 KB
5 KB 85ms
39ms Script
application/javascript 34.248.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hades.srvtrck.com/static/hades-server2.js
Requested by: Host: hades.srvtrck.com
URL: https://hades.srvtrck.com/v2/uuid.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.201.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-201-47.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3e8ec7865f2d8dffcd47b65e40efda889633cc02962596a6bf3d1be6d19a6dd

Request headers

Referer: https://hades.srvtrck.com/v2/uuid.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 18:37:29 GMT
Cache-Control: public, max-age=86400
Expires: Wed, 08 Sep 2021 18:37:30 GMT
Last-Modified: Tue, 07 Sep 2021 16:40:50 GMT
Server: Apache-Coyote/1.1
Content-Length: 5252
Content-Type: application/javascript;charset=UTF-8

GET
H/1.1 200
OK Zm9ydW1zLmNvbW1lbnRjYW1hcmNoZS5uZXQ= Show response
tcheck.outbrainimg.com/tcheck/check/ 16 B
464 B 86ms
30ms XHR
application/json 2.18.232.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/Zm9ydW1zLmNvbW1lbnRjYW1hcmNoZS5uZXQ=
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 18:37:30 GMT
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31208
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: d42e875dd41c4a7a24b8eb2126b60443
Content-Length: 16
Expires: Wed, 08 Sep 2021 03:17:38 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ 43 B
451 B 35ms
32ms Image
image/gif 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1&rn=2.040995533780455
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Thu, 07 Oct 2021 18:37:30 GMT

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 3B83
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t

259 B
945 B

204ms
204ms

Document
text/html

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 627ab660757098853a0247b6c9b0ef8d030339c83d733255d509c90facfe0c6c

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A488WofNRkyVvU2OJoPogmM|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

Server: Server
Date: Tue, 07 Sep 2021 18:37:30 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 208
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A488WofNRkyVvU2OJoPogmM; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 18:37:30 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Thu, 01-Oct-2026 18:37:30 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Tue, 07 Sep 2021 18:37:30 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t
Set-Cookie: ad-id=A488WofNRkyVvU2OJoPogmM|t; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 18:37:30 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2 200 2897a0e1-1f44-4f18-9361-1b730c6292bc Show response
consumer.krxd.net/consent/get/ 238 B
432 B 92ms
49ms Script
text/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/2897a0e1-1f44-4f18-9361-1b730c6292bc?idt=device&dt=kxcookie&callback=Krux.ns.lefigaro.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5735052ed7f0af961c6e5fe0dad5a414f7f3537e639b7d7113d8f8ebf6633978

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a004-dub-prod.krxd.net, cache-fra19182-FRA
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1631039851.615175,VS0,VE25
content-length: 193
x-cache-hits: 0, 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 209 B
660 B 76ms
31ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=forums.commentcamarche.net&callback=_gfp_s_&client=ca-pub-7217167928558291

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=pub-7217167928558291&plah=forums.commentcamarche.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

32134b4b1ad66aba9f2e2137b2cac5bba9782378448012e97df0021212a007ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 113ms
52ms Script
application/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=forums.commentcamarche.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 35ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=forums.commentcamarche.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2C48 101 KB
31 KB 912ms
912ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dabc9fc0fab5c1142abeb43a4751a3575ce2c80e9b2816433129b529e54e4e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 07 Sep 2021 18:37:31 GMT
server: cafe
content-length: 31897
x-xss-protection: 0
set-cookie: IDE=AHWqTUkO6UMiAo6fb2GOcjDkY4r2PQ5S5eKSpjqQ3EHMOSGaBMXRKJcOTuGQ5yPyxzM; expires=Sun, 02-Oct-2022 18:37:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: private

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 32ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:30 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1A08 97 KB
30 KB 736ms
735ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd4d0ecd15c3a141134c1e0da7ca823d28dfab1f6182b8ce76cda34093491bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 07 Sep 2021 18:37:31 GMT
server: cafe
content-length: 30856
x-xss-protection: 0
set-cookie: IDE=AHWqTUlZ3wR7MNPiO04TS3LR7flgtNH0wENsCQL3J93hNXY-e1y1gCPnaNf_PRm1b1E; expires=Sun, 02-Oct-2022 18:37:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: private

GET
H/1.1 200
OK profile
hades.srvtrck.com/v1/ Frame 5877 1 KB
1 KB 41ms
40ms Image
image/gif 34.248.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hades.srvtrck.com/v1/profile?action=create&ykuid=g9mkm18d2fsen4wtjrq8e
Requested by: Host: hades.srvtrck.com
URL: https://hades.srvtrck.com/v2/uuid.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.201.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-201-47.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 10fe36278af5ec590acb10c83ed5f99e70a4f07943cd465402d24d42c4392153

Request headers

Referer: https://hades.srvtrck.com/v2/uuid.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 18:37:29 GMT
Cache-Control: public, max-age=86400
Expires: Wed, 08 Sep 2021 18:37:30 GMT
Server: Apache-Coyote/1.1
p3p: CP="CAO PSA OUR"
Content-Length: 1095
Content-Type: image/gif

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 402ms
96ms XHR
application/json 70.42.32.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1631039850632&sessionId=cff78c04-0280-16c2-fc33-e307e0efb980&url=forums.commentcamarche.net&cheqSource=1&cheqEvent=0&exitReason=2
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:30 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 7cbf686f43ecd1371cdd580c173ea5f1
Content-Length: 4
Expires: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7E3A 0
20 B 17ms
17ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&adk=1812271804&adf=3025194257&lmt=1627048205&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850478&bpp=7&bdt=833&idt=154&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280%2C580x280&nras=1&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=163

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&adk=1812271804&adf=3025194257&lmt=1627048205&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850478&bpp=7&bdt=833&idt=154&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280%2C580x280&nras=1&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=163
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 07 Sep 2021 18:37:30 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUmsZsFK_CJRIre5T9mLE2Ul-S54gD95Y521lmhY_Aqub-19Ck-7IIMsN6i3; expires=Sun, 02-Oct-2022 18:37:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 07 Sep 2021 18:37:30 GMT
cache-control: private

GET
H2 200 get Show response
odb.outbrain.com/utils/ 22 KB
8 KB 331ms
292ms Script
text/javascript 151.101.14.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2F&idx=0&rand=27373&key=NANOWDGT01&widgetJSId=AR_2&va=true&et=true&format=html&pdobuid=-1&adblck=false&abwl=false&px=320&py=7323&vpd=6123&cw=620&settings=true&recs=true&version=2000439&sig=JmiJMlHk&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=1&ccpaStat=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: fe7ca2675ca9a6a115ee963cb767af657fc69ac60f52f54d904debcab00b8743

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
traffic-path: CHIDC2, MDW, FRA, Europe2
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
backend-ip: 157.52.75.35
x-cache-hits: 0, 0
x-traceid: 1d963045498c3679321e6fb44d3ab441
content-length: 7234
x-served-by: cache-mdw17335-MDW, cache-fra19172-FRA
pragma: no-cache
x-timer: S1631039851.910700,VS0,VE270
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
client-context.hubvisor.io/ 404 B
309 B 58ms
31ms XHR
application/json 2606:4700::6813:b702
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://client-context.hubvisor.io/
Requested by: Host: cdn.hubvisor.io
URL: https://cdn.hubvisor.io/wrapper/01BYK28ENND8X5G8K0AJ2DPK9E/hubvisor.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:b702 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 644e41c8362fd4fcaaeb79e714addb5d937770ebfc2646390a5b9781e494c774

Request headers

Accept: application/json, text/plain, */*
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 68b20c7c1ac62c4e-FRA
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
content-encoding: br

GET
H2 200 configuration Show response
client-context.hubvisor.io/ 3 KB
2 KB 54ms
28ms XHR
application/json 2606:4700::6813:b702
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://client-context.hubvisor.io/configuration
Requested by: Host: cdn.hubvisor.io
URL: https://cdn.hubvisor.io/wrapper/01BYK28ENND8X5G8K0AJ2DPK9E/hubvisor.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:b702 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb590807cdcb75bb2b266d6918d70b25dc27a84e1cb5089d1fd0a44d0108e7fb

Request headers

Accept: application/json, text/plain, */*
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 68b20c7c1acc2c4e-FRA
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
content-encoding: br

GET
H/1.1 200
OK pr Show response
aax-eu.amazon-adsystem.com/s/v3/ Frame A3A7 1 KB
761 B 44ms
43ms Document
text/html 52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 5c1cf08027d3b12b661d39c56def906c8775f42eaf8a054aee9c6bbaebb9fb23

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A488WofNRkyVvU2OJoPogmM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-index_rbd_smrt_sovrn_3lift&dcc=t

Response headers

Server: Server
Date: Tue, 07 Sep 2021 18:37:30 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 400
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

GET
H2 200 prebid Show response
sac.ayads.co/sublime/3688/ 415 KB
98 KB 46ms
21ms Script
application/javascript 2606:4700:10::6814:b25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sac.ayads.co/sublime/3688/prebid
Requested by: Host: cdn.hubvisor.io
URL: https://cdn.hubvisor.io/wrapper/01BYK28ENND8X5G8K0AJ2DPK9E/hubvisor.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:b25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba70f46769d8ad250bffaab5831b086effb4793d0aa215fae2a817279af9d8e8

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: public
date: Tue, 07 Sep 2021 18:37:30 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 1462
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
cf-ray: 68b20c7c8a69d729-FRA
expires: Tue, 07 Sep 2021 19:37:30 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 8529
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1

1 KB
3 KB

39ms
39ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a587c09c3890705a4cca275680a74233c1a1731e87d331df23c11e0f236a06a6

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YTexag1i2IoJZUe3L-Km9wAA; CMPS=5222
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|230|241|45|190|64|57|152
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1533
Expires: Tue, 07 Sep 2021 18:37:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Connection: keep-alive
Set-Cookie: CMID=YTexag1i2IoJZUe3L-Km9wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 07 Sep 2022 18:37:31 GMT CMPS=5222;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 06 Dec 2021 18:37:31 GMT CMPRO=1211;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 06 Dec 2021 18:37:31 GMT CMRUM3=406137b16b05a0&276137b16b0b40&396137b16b05a0&f16137b16b05a0&e66137b16b2760&2d6137b16b05a0&986137b16b05a00&be6137b16b05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 07 Sep 2022 18:37:31 GMT CMST=YTexa2E3sWsA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 08 Sep 2021 18:37:31 GMT

Redirect headers

Server: Apache
Content-Length: 344
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Tue, 07 Sep 2021 18:37:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:30 GMT
Connection: keep-alive
Set-Cookie: CMID=YTexag1i2IoJZUe3L-Km9wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 07 Sep 2022 18:37:30 GMT CMPS=5222;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 06 Dec 2021 18:37:30 GMT

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame A9CB
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=2&gdpr=0
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=5738244644631199065&gdpr=0&gdpr_consent=

43 B
344 B

110ms
45ms

Document
image/gif

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=5738244644631199065&gdpr=0&gdpr_consent=
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A488WofNRkyVvU2OJoPogmM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: Server
Date: Tue, 07 Sep 2021 18:37:31 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

date: Tue, 07 Sep 2021 18:37:30 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=5738244644631199065&gdpr=0&gdpr_consent=
set-cookie: pid=5738244644631199065; expires=Sat, 08 Oct 2022 18:36:31 GMT; domain=smartadserver.com; path=/; samesite=None; secure; samesite=none

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 12B0 281 B
554 B 65ms
21ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 07 Sep 2021 18:37:31 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set amazon Show response
ap.lijit.com/beacon/ Frame 8B6C
Redirect Chain

https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1

1 KB
1 KB

38ms
38ms

Document
text/html

72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1d57f55219e1f4b3bbafe18969122c3135aca2e52b54b779a9dc9a9c453c5f3

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=a591bafb94604ae3798a71ed
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: nginx
Date: Tue, 07 Sep 2021 18:37:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJyrVrIwUbIyNDM2MjKxNDE11FGyMEXlGxmj8k3NUPmGBqgqagG5AxCn;Path=/;Domain=.lijit.com;Expires=Wed, 07-Sep-2022 18:37:31 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=a591bafb94604ae3798a71ed;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap1ams1

Redirect headers

Server: nginx
Date: Tue, 07 Sep 2021 18:37:31 GMT
Content-Length: 0
Set-Cookie: ljt_reader=a591bafb94604ae3798a71ed;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1

200
OK

ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame E77F
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=4850219588407231541

43 B
344 B

85ms
45ms

Document
image/gif

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=4850219588407231541
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-index_smrt_rbd_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A488WofNRkyVvU2OJoPogmM; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: Server
Date: Tue, 07 Sep 2021 18:37:31 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

Redirect headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=4850219588407231541
set-cookie: tluid=4850219588407231541; Max-Age=7776000; Expires=Mon, 06 Dec 2021 18:37:31 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 /
antenna.ayads.co/ 0
40 B 370ms
39ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=0&ga=0&gs=0&e=l&tse=1631039851020&et=1587&tfz=18&sqid=1&bw=1600&bh=1200
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
server: nginx

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 12B0 31 KB
10 KB 22ms
21ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 544c81d7b5f8cb9d5525b679b4d5a3b0c84a036e89a1a68ccd6e87b19cac8ad8

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 18:37:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Aug 2021 22:28:41 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=16277
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9360
Expires: Tue, 07 Sep 2021 23:08:48 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 8529 70 B
265 B 144ms
46ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 8529
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEL-0j0tY2hmBbAN-WtL5KYQ&google_cver=1

43 B
315 B

33ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEL-0j0tY2hmBbAN-WtL5KYQ&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 07 Sep 2021 18:37:31 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEL-0j0tY2hmBbAN-WtL5KYQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame 8529 43 B
932 B 117ms
115ms Image
image/gif 209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: A1P7DV9BMXB2TSSMAKWH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 8529
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTexag1i2IoJZUe3L-Km9wAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHultYtMS9o37zHwAQTxR_o&google_cver=1

43 B
1000 B

33ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHultYtMS9o37zHwAQTxR_o&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 18:37:31 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHultYtMS9o37zHwAQTxR_o&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum.casalemedia.com/ Frame 8529
Redirect Chain

https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=37618539627193540

43 B
1 KB

1199ms
31ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=37618539627193540
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 18:37:32 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 88834afd-7b3e-4f49-b6f2-5022679eeb9a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=37618539627193540
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8529
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=48
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&partner_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_i...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&expiration=1633631851

43 B
1 KB

34ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&expiration=1633631851
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 18:37:31 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=f9ca63c8-347a-4ba0-9c6a-68689a2299d9-6137b16b-4348&expiration=1633631851
date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 8529
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871597498062715497

43 B
992 B

48ms
31ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871597498062715497
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 18:37:31 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871597498062715497
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 8529
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=19c3e422-5562-4227-b7a2-53f92c550a83
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=19c3e422-5562-4227-b7a2-53f92c550a83&C=1

43 B
1023 B

36ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=19c3e422-5562-4227-b7a2-53f92c550a83&C=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 18:37:33 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=19c3e422-5562-4227-b7a2-53f92c550a83&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 301
Expires: Tue, 07 Sep 2021 18:37:32 GMT

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame 8529 43 B
344 B 45ms
44ms Image
image/gif 52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 12B0 284 B
931 B 102ms
33ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame 8B6C 43 B
344 B 107ms
48ms Image
image/gif 52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=a591bafb94604ae3798a71ed&ex=sovrn.com&gdpr=0&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 8B6C
Redirect Chain

https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1
https://ce.lijit.com/merge?pid=85&3pid=AAA_3k7Cb2MAADtFMcnrVg&gdpr=0

43 B
842 B

106ms
35ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=85&3pid=AAA_3k7Cb2MAADtFMcnrVg&gdpr=0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=85&3pid=AAA_3k7Cb2MAADtFMcnrVg&gdpr=0
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 8B6C
Redirect Chain

https://aorta.clickagy.com/pixel.gif?ch=185&cm=a591bafb94604ae3798a71ed&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=84&3pid=c:2a4c86391b75e72d2516cf1f5f2f819e
https://ce.lijit.com/merge?pid=84&3pid=c%3A2a4c86391b75e72d2516cf1f5f2f819e&dnr=1

0
433 B

33ms
32ms

Image
text/plain

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=84&3pid=c%3A2a4c86391b75e72d2516cf1f5f2f819e&dnr=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=84&3pid=c%3A2a4c86391b75e72d2516cf1f5f2f819e&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8B6C
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTU5MWJhZmI5NDYwNGFlMzc5OGE3MWVk&gdpr=0

170 B
188 B

27ms
26ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTU5MWJhZmI5NDYwNGFlMzc5OGE3MWVk&gdpr=0

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=YTU5MWJhZmI5NDYwNGFlMzc5OGE3MWVk&gdpr=0
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame 8B6C 45 B
371 B 3162ms
83ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=a591bafb94604ae3798a71ed&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=0&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Tue, 07 Sep 2021 18:37:34 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 07 Sep 2021 18:37:34 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 8B6C
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=145931775
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=145931775
https://sync.1rx.io/usersync/tradedesk/cc0f5bb0-0219-4211-87f5-4b17418d7b08
https://sync.targeting.unrulymedia.com/csync/RX-371a622c-9ca8-422f-a2d1-70c69115d592-003?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-371a622c-9ca8-422f-a2d1-70c69115d592-003
https://ce.lijit.com/merge?pid=56&3pid=RX-371a622c-9ca8-422f-a2d1-70c69115d592-003

43 B
682 B

33ms
32ms

Image
image/gif

216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=56&3pid=RX-371a622c-9ca8-422f-a2d1-70c69115d592-003
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:35 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=56&3pid=RX-371a622c-9ca8-422f-a2d1-70c69115d592-003
date: Tue, 07 Sep 2021 18:37:35 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX371a622c9ca8422fa2d170c69115d592003
content-type: text/html

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 12B0
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu&gdpr=0&gdpr=0
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KTAF0JNP-T-L04H&ex=d-rubiconproject.com&status=ok&gdpr=0

43 B
344 B

50ms
50ms

Image
image/gif

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KTAF0JNP-T-L04H&ex=d-rubiconproject.com&status=ok&gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:31 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=KTAF0JNP-T-L04H&ex=d-rubiconproject.com&status=ok&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/obUserFrame/ Frame 3E98 2 KB
1 KB 29ms
29ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=9121290a-aba9-4b3e-99cc-906734024cf1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/obUserFrame/test.html?lsd=9121290a-aba9-4b3e-99cc-906734024cf1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: obuid=9121290a-aba9-4b3e-99cc-906734024cf1; recs_8218bb94b8e038c3f3acaba2102ad714=0B3173307931ACD1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

accept-ranges: bytes
content-type: text/html
etag: "1e015194a0e596827cb8971f884eb43c:1630590499.756474"
last-modified: Thu, 02 Sep 2021 13:13:15 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=345600
date: Tue, 07 Sep 2021 18:37:31 GMT
content-length: 686
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1631039851~rv=50~id=35c559e1ae769e8615f88cf555383602; path=/; Expires=Tue, 07 Sep 2021 18:37:31 GMT; Secure; SameSite=None

GET
H2 200 put.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame A0FB 416 B
799 B 40ms
39ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/put.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: obuid=9121290a-aba9-4b3e-99cc-906734024cf1; recs_8218bb94b8e038c3f3acaba2102ad714=0B3173307931ACD1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

accept-ranges: bytes
content-type: text/html
etag: "c0311cf15c21ddda054005e92fad3f9e:1630590496.783815"
last-modified: Thu, 02 Sep 2021 13:13:15 GMT
server: AkamaiNetStorage
content-length: 416
cache-control: max-age=345600
date: Tue, 07 Sep 2021 18:37:31 GMT
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1631039851~rv=55~id=bfc5b3b7400e528c94d865c3349629ce; path=/; Expires=Tue, 07 Sep 2021 18:37:31 GMT; Secure; SameSite=None

GET
H2 200 ob_smartFeedLogo.min.svg
widgets.outbrain.com/images/widgetIcons/ 7 KB
7 KB 42ms
41ms Image
image/svg+xml 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_smartFeedLogo.min.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8050f05c230d74be333b63cef230e786094e9100f55fa19c6c0831e95870768d

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
last-modified: Thu, 24 Jun 2021 14:35:21 GMT
server: AkamaiNetStorage
etag: "f370d19306add072a726e7f4ade8dc57:1624546051.286567"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 7090
expires: Thu, 07 Oct 2021 18:37:31 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 3 KB
3 KB 43ms
43ms Image
image/svg+xml 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
last-modified: Thu, 24 Jun 2021 14:35:21 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1624546014.914244"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Thu, 07 Oct 2021 18:37:31 GMT

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
292 B 744ms
124ms Fetch
text/plain 50.31.142.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=cb41fc3d5f1f16a7daba4243dea689f6_9934_1631039851115&tm=674&eT=0&widgetWidth=620&widgetHeight=515&widgetX=320&widgetY=7324&wRV=2000439&pVis=1&lsd=9121290a-aba9-4b3e-99cc-906734024cf1&eIdx=&cheq=0&rtt=334&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 50.31.142.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
X-TraceId: e22ab65c48935ba94aa6ac0f19ec8422
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H2 200 obUserSync.html Show response
widgets.outbrain.com/widgetOBUserSync/ Frame 697F 17 KB
6 KB 37ms
37ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1514982f8f2e9840ad91fddb743f5c175bb0133fa90d424e155ac5c548cbbc5e

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /widgetOBUserSync/obUserSync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: obuid=9121290a-aba9-4b3e-99cc-906734024cf1; recs_8218bb94b8e038c3f3acaba2102ad714=0B3173307931ACD1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

accept-ranges: bytes
content-type: text/html
etag: "65806a7a1555cefa741fb91581a47e6d:1630403162.377565"
last-modified: Tue, 31 Aug 2021 09:40:40 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=86400
expires: Wed, 08 Sep 2021 18:37:31 GMT
date: Tue, 07 Sep 2021 18:37:31 GMT
content-length: 5919
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1631039851~rv=7~id=91dee1869da382c98770e84fd800fe24; path=/; Expires=Tue, 07 Sep 2021 18:37:31 GMT; Secure; SameSite=None

GET
H2 200 streamFeed.js Show response
widgets.outbrain.com/nanoWidget/2000439/module/ 56 KB
18 KB 41ms
41ms Script
application/x-javascript 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/2000439/module/streamFeed.js?e=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cad55443960809f7df97103f4817417757a5fa1a9e16e0214fc9e9bf60e43918

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 13:13:15 GMT
server: AkamaiNetStorage
etag: "cba5077094fb507bc33ac2e33f892a6e:1630590413.610844"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=345600
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 18446

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame A0FB 610 B
992 B 29ms
29ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/test.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: thirdparty=yes; obuid=9121290a-aba9-4b3e-99cc-906734024cf1; recs_8218bb94b8e038c3f3acaba2102ad714=0B3173307931ACD1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html

Response headers

accept-ranges: bytes
content-type: text/html
etag: "48053d50141031b1511dbd30f9a31288:1630590497.524437"
last-modified: Thu, 02 Sep 2021 13:13:15 GMT
server: AkamaiNetStorage
content-length: 610
cache-control: max-age=345600
date: Tue, 07 Sep 2021 18:37:31 GMT
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1631039851~rv=48~id=c8e315d6684ce40a6fb97be25e7a0c90; path=/; Expires=Tue, 07 Sep 2021 18:37:31 GMT; Secure; SameSite=None

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ Frame 697F 1 KB
1 KB 30ms
30ms Script
application/javascript 13.225.25.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.25.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-25-74.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 14:16:12 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 18812
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ae3d49939dec29dad9a36d45f67300d1.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-amz-cf-id: IUVaJNzMF_sii0qCziNoJCH4DI1-umQpnZbHrncK_x5MrK98dgdAXw==

GET
H2 200 get Show response
mv.outbrain.com/Multivac/api/ 61 KB
19 KB 817ms
816ms Script
text/javascript 151.101.14.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2F&settings=true&recs=true&widgetJSId=AR_2&key=NANOWDGT01&version=2000439&apv=true&sig=JmiJMlHk&format=html&rand=10766&lsd=9121290a-aba9-4b3e-99cc-906734024cf1&lsdt=1631039851199&pdobuid=0&osLang=en-US&va=true&et=true&cmpStat=1&ccpaStat=0&scrW=1600&scrH=1200&t=Y2I0MWZjM2Q1ZjFmMTZhN2RhYmE0MjQzZGVhNjg5ZjY=&winW=1600&winH=1200&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=11523-77045&layeredTestInfo=11523-77045-&pcer=p%3DTPGCKDvmSuDgzwCVuXMITxdhXPjP91sOCjkPJ6GoKDI%26c%3D5480e6e2%26v%3D3&dpr=1&cw=620
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/2000439/module/streamFeed.js?e=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.14.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: df562993642e0b5935f3abf136d8bb0e3278879ffad2c86a6a8aa4b8479db6ee

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:32 GMT
content-encoding: gzip
traffic-path: CHIDC2, MDW, FRA, Europe2
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
backend-ip: 157.52.75.60
x-cache-hits: 0, 0
x-traceid: aa09e961fbc0a70f72cb9ee0be19fe75
content-length: 19048
x-served-by: cache-mdw17360-MDW, cache-fra19172-FRA
pragma: no-cache
x-timer: S1631039851.277165,VS0,VE799
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 12B0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0&_test=YTexawAEWaeoiAAC
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YTexawAEWaeoiAAC&gdpr=0&_test=YTexawAEWaeoiAAC

42 B
688 B

820ms
42ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YTexawAEWaeoiAAC&gdpr=0&_test=YTexawAEWaeoiAAC
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1631039852.732370,VS0,VE0
x-served-by: cache-fra19129-FRA
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YTexawAEWaeoiAAC&gdpr=0&_test=YTexawAEWaeoiAAC
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 12B0
Redirect Chain

https://token.rubiconproject.com/token?pid=26594&gdpr=0
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTAF0JNP-T-L04H&sigv=1&esig=2~694c3e87c0ecbe77d6d7967c4ce3a4e2af33eae2&gdpr=0

0
445 B

21ms
7ms

Image
text/plain

2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTAF0JNP-T-L04H&sigv=1&esig=2~694c3e87c0ecbe77d6d7967c4ce3a4e2af33eae2&gdpr=0

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTAF0JNP-T-L04H&sigv=1&esig=2~694c3e87c0ecbe77d6d7967c4ce3a4e2af33eae2&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 12B0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=65376137-b16b-4900-b2ea-676666159297&gdpr=0&gdpr_consent=

42 B
688 B

244ms
32ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=65376137-b16b-4900-b2ea-676666159297&gdpr=0&gdpr_consent=
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

Date: Tue, 07 Sep 2021 18:37:32 GMT
Server: MT3 3905 f19d76c master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=65376137-b16b-4900-b2ea-676666159297&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 07 Sep 2021 18:37:31 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 12B0
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&gdpr=0

170 B
188 B

28ms
27ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&gdpr=0

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 12B0 70 B
264 B 50ms
46ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 12B0 0
42 B 28ms
25ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif?gdpr=0
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 12B0
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
https://pr-bh.ybp.yahoo.com/sync/rubicon/1OvMrU6NDSAsNRxhWf2uVg?csrc=&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7422479549414016566

42 B
688 B

974ms
21ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7422479549414016566
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

date: Tue, 07 Sep 2021 18:37:31 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7422479549414016566
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 12B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEJWYt4k45JFV5At1gBgR5rw&google_cver=1

42 B
688 B

1157ms
34ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEJWYt4k45JFV5At1gBgR5rw&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEJWYt4k45JFV5At1gBgR5rw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adscluster. Show response
fundingchoicesmessages.google.com/f/AGSKWxWj-R2aBbSzb6KG0CAz0L6UTrNUXjQwAH684nz28p66-KBBytu0N6Vl5E5buBpKeUw4vvQiBpcRtYDYU05SVKOoCGn8Euj5X87AAOVKt07COBPABaJ6foBPWtmz7yE3CLnTKPj2HM-2WloVsMQxp58rrGr3r... 54 B
107 B 25ms
23ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWj-R2aBbSzb6KG0CAz0L6UTrNUXjQwAH684nz28p66-KBBytu0N6Vl5E5buBpKeUw4vvQiBpcRtYDYU05SVKOoCGn8Euj5X87AAOVKt07COBPABaJ6foBPWtmz7yE3CLnTKPj2HM-2WloVsMQxp58rrGr3rGssGOA1PIcH7UpSVVn1YUmMalzu-DF0yKLdJHJn5D0Dkz_edmSz5kiYpMO2g3ihtBCqAEwevW3QGWa5Eng=/_/adrequest.=banners_ad&/banner_ad./adfootleft./adscluster.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_US.qzCY-thK4qw.es5.O/d=1/rs=AJlcJMzVgQ-lmMbCBswym44STiZXIbCd0Q/m=detection

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e9ce91654a85304976d78e201ce33ebbdc60e6fc28a2a6ac312cc6bfdf78ef46

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qbSm6HCXevpHhkf8j9nd+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-qbSm6HCXevpHhkf8j9nd+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-qbSm6HCXevpHhkf8j9nd+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-qbSm6HCXevpHhkf8j9nd+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxVIUTLq08Mek8JP4oGVG-R47R8H1H9GJkN8pXyXYuXRv3vifRPSI14DHinMUcn5ftebIR5SPqAY2qDUBNrF6nv8-DkVdYQmqbFujvMaH19EkKm_CnEaogS-QO0PIQ4yhwWcxde4HqBlDRBPbrNLixMOCXlugF3C8fCf2V742YqRahO-_GIHktx-QEKr Show response
fundingchoicesmessages.google.com/el/ 0
26 B 20ms
20ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVIUTLq08Mek8JP4oGVG-R47R8H1H9GJkN8pXyXYuXRv3vifRPSI14DHinMUcn5ftebIR5SPqAY2qDUBNrF6nv8-DkVdYQmqbFujvMaH19EkKm_CnEaogS-QO0PIQ4yhwWcxde4HqBlDRBPbrNLixMOCXlugF3C8fCf2V742YqRahO-_GIHktx-QEKr

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PQjYxihZaxdBSqNWPnNCGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-PQjYxihZaxdBSqNWPnNCGw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-PQjYxihZaxdBSqNWPnNCGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-PQjYxihZaxdBSqNWPnNCGw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxVIUTLq08Mek8JP4oGVG-R47R8H1H9GJkN8pXyXYuXRv3vifRPSI14DHinMUcn5ftebIR5SPqAY2qDUBNrF6nv8-DkVdYQmqbFujvMaH19EkKm_CnEaogS-QO0PIQ4yhwWcxde4HqBlDRBPbrNLixMOCXlugF3C8fCf2V742YqRahO-_GIHktx-QEKr Show response
fundingchoicesmessages.google.com/el/ 0
27 B 22ms
22ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AM5XLcEoh5XCU1VsYxaQ9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AM5XLcEoh5XCU1VsYxaQ9Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-AM5XLcEoh5XCU1VsYxaQ9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AM5XLcEoh5XCU1VsYxaQ9Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 b
sb.scorecardresearch.com/ Frame 697F 0
337 B 38ms
37ms Image
text/plain 13.225.25.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=7&c2=14320224&c3=9934&cs_ucfr=1&ns__t=1631039851313&ns_c=UTF-8&ns_if=1&cv=3.5&c8=OB%20user%20sync&c7=https%3A%2F%2Fwidgets.outbrain.com%2FwidgetOBUserSync%2FobUserSync.html%23pid%3D9934%26dmpenabled%3Dtrue%26filterDMP%3D%26csenabled%3Dtrue%26d%3DnmlNX3o5MVlox97s9WJulJg0t5ekZW1Dnz33PzctcM6fBkPmby-EyPSuTdAGSgJ2%26gdpr%3D0%26cmpNeeded%3Dfalse%26gdprVer%3D2%26ccpa%3D1---%26country%3DCH%26obRecsAbtestAndVars%3D386-2483%2C902-2790%2C841-2598%2C811-2475%2C909-2803%2C784-2396%2C912-2808%2C822-2522%2C792-2426%2C954-2944%2C859-2649%2C699-2183%2C923-2958%2C958-2962%2C927-2858&c9=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.25.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-25-74.cdg3.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://widgets.outbrain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 ae3d49939dec29dad9a36d45f67300d1.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: Kl7HRsQbay7KxP4xkuO4J9RxWgtMzsO_RwVsI1qMmes5mz_W4l3g0Q==
x-cache: Miss from cloudfront

POST
H3-29 204 AGSKWxVIUTLq08Mek8JP4oGVG-R47R8H1H9GJkN8pXyXYuXRv3vifRPSI14DHinMUcn5ftebIR5SPqAY2qDUBNrF6nv8-DkVdYQmqbFujvMaH19EkKm_CnEaogS-QO0PIQ4yhwWcxde4HqBlDRBPbrNLixMOCXlugF3C8fCf2V742YqRahO-_GIHktx-QEKr Show response
fundingchoicesmessages.google.com/el/ 0
26 B 19ms
19ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CybPvqvDbC2Rrv6d4E+CJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-CybPvqvDbC2Rrv6d4E+CJg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-CybPvqvDbC2Rrv6d4E+CJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-CybPvqvDbC2Rrv6d4E+CJg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 AGSKWxWBtEcu-2NgPLa9Lgw3u8tGLqb1Xft5MmBIJQzM13vWXUEDUhZ_v44ejNPv8iy0gEhWjMdto5-d7Ll8kCT29iir9uftfRdfgJSTcjtANa19A22sWflYeybJt2h8XpK3ZDg8fDHc5YnSpCJoHBOPkbEZZNGJ4Ry3Mp-U2tPzpUkW-UQRCyAw8S32aYud Show response
fundingchoicesmessages.google.com/f/ 69 KB
25 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWBtEcu-2NgPLa9Lgw3u8tGLqb1Xft5MmBIJQzM13vWXUEDUhZ_v44ejNPv8iy0gEhWjMdto5-d7Ll8kCT29iir9uftfRdfgJSTcjtANa19A22sWflYeybJt2h8XpK3ZDg8fDHc5YnSpCJoHBOPkbEZZNGJ4Ry3Mp-U2tPzpUkW-UQRCyAw8S32aYud?fccs=W251bGwsW1tdLFtdXSxudWxsLG51bGwsbnVsbCwyLFsxNjMxMDM5ODUxLDMzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsWzEsWzcsNl1dLCJodHRwczovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlciJd

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

28bc3510054d601b10041e2e2e6b5f9289d5bf135282af829c5121b4a6716947

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Zz2+ufevVJhpwzLFdOwfZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Zz2+ufevVJhpwzLFdOwfZw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-Zz2+ufevVJhpwzLFdOwfZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Zz2+ufevVJhpwzLFdOwfZw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxVIUTLq08Mek8JP4oGVG-R47R8H1H9GJkN8pXyXYuXRv3vifRPSI14DHinMUcn5ftebIR5SPqAY2qDUBNrF6nv8-DkVdYQmqbFujvMaH19EkKm_CnEaogS-QO0PIQ4yhwWcxde4HqBlDRBPbrNLixMOCXlugF3C8fCf2V742YqRahO-_GIHktx-QEKr Show response
fundingchoicesmessages.google.com/el/ 0
27 B 24ms
23ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-P8knFsdRx5c9xMsThBwuBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-P8knFsdRx5c9xMsThBwuBA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-P8knFsdRx5c9xMsThBwuBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-P8knFsdRx5c9xMsThBwuBA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 7410860497963476965
tpc.googlesyndication.com/daca_images/simgad/ Frame 1A08 48 KB
48 KB 29ms
6ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/7410860497963476965

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e308d3b9df0f9c2657e8d34b7908d14096ce33ee495e83c116ea56cf5ac280c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 04:26:48 GMT
x-content-type-options: nosniff
age: 137443
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48699
x-xss-protection: 0
last-modified: Sun, 22 Aug 2021 11:09:33 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Sep 2022 04:26:48 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/ Frame 1A08 18 KB
8 KB 28ms
5ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:29:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:29:37 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1A08 0
0 18ms
18ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWqOHarE3YeqGJ4nhzAae_p2oD8rJlv9kqI6U_NQOloLNhYgWEAEgr7KMGGCVAqABg8CulQLIAQKoAwHIA8kEqgSPAk_QNF2HuJZcGI-JxTRoJqKuw0FLr4L-i6NZ6Hs6hNP2iB00VMaYnM2MPwhsPXD-hRZ1UrcW3pau2jBTZJHzT4t33eEzT6yx5jo_96UsWLWih9OhC7fmEBhisHbX72aZYMCjPj6MUyc9amgLBSTtBIdNfnkEFqKDaAIni4IpHwF-1PaWr5ErDhhvn3BjZW_X8xMMVmwMgaMsf5wl8FjNW6w0cWPGmuWPM0eCoHaCQgESmwqPaZgYrqSQj1vrCK8lz6d2Ihz9hvmI4CQv1DXlE7zbURXbcbeVqRxceFFKiInpy37k1yLvPbNUq5ubMpVOTLhBCscGbRBdyk4jM_rTv6w-oVIt6Qm2ms7PaGrYuCnABImUq7PRA5IFBAgEGAGSBQQIBRgEoAYCgAflv9HqAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwHyBwQQrbcK0ggHCIBhEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi03MjE3MTY3OTI4NTU4MjkxGAA&sigh=Myc2voPXDcY

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 07 Sep 2021 18:37:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 1A08 2 KB
1 KB 34ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:33:16 GMT

GET
H2 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 1A08 67 B
187 B 35ms
20ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 16:19:04 GMT
x-content-type-options: nosniff
server: cafe
age: 8307
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Wed, 08 Sep 2021 16:19:04 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1A08 122 KB
37 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:31 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 1A08 14 KB
6 KB 33ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:34:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:34:48 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 1A08 26 KB
11 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 20:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78526
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10845
x-xss-protection: 0
server: cafe
etag: 14737611871312058204
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 20:48:45 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A84C 143 B
163 B 11ms
11ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlZ3wR7MNPiO04TS3LR7flgtNH0wENsCQL3J93hNXY-e1y1gCPnaNf_PRm1b1E
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 07 Sep 2021 18:00:06 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2245
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DCD1 1 KB
749 B 10ms
10ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 06 Sep 2021 21:06:15 GMT
expires: Tue, 07 Sep 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77476
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 AGSKWxWiFedb1VnoS8FGJYdn66_NbqePG_AFAjZgzj_kF85FUloc2rmK0b3IIvRGpeje8volObglwTxKSEw8XmqdYrzCYsiC0WCogk5Vmr5GfjHeoyX8k2iGPH8vWjBa88iCD09_qQsLpO2_Ex7myMm-SvRLjhvs4oJL1JeULWPFcq843C4DKwobYtjqRHyA Show response
fundingchoicesmessages.google.com/el/ 0
27 B 22ms
21ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWiFedb1VnoS8FGJYdn66_NbqePG_AFAjZgzj_kF85FUloc2rmK0b3IIvRGpeje8volObglwTxKSEw8XmqdYrzCYsiC0WCogk5Vmr5GfjHeoyX8k2iGPH8vWjBa88iCD09_qQsLpO2_Ex7myMm-SvRLjhvs4oJL1JeULWPFcq843C4DKwobYtjqRHyA

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.en_US.REUggAFxFkw.es5.O/d=1/rs=AJlcJMz9bPjokSYtdKu4kZ2sD9oWAjurWA/m=cookie_refresh

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-podrJ0PfdctQHD/f4t/Yew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-podrJ0PfdctQHD/f4t/Yew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-podrJ0PfdctQHD/f4t/Yew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-podrJ0PfdctQHD/f4t/Yew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxWiFedb1VnoS8FGJYdn66_NbqePG_AFAjZgzj_kF85FUloc2rmK0b3IIvRGpeje8volObglwTxKSEw8XmqdYrzCYsiC0WCogk5Vmr5GfjHeoyX8k2iGPH8vWjBa88iCD09_qQsLpO2_Ex7myMm-SvRLjhvs4oJL1JeULWPFcq843C4DKwobYtjqRHyA Show response
fundingchoicesmessages.google.com/el/ 0
26 B 27ms
27ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0h9iS3rmCA8R0ienkwPuEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-0h9iS3rmCA8R0ienkwPuEA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-0h9iS3rmCA8R0ienkwPuEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-0h9iS3rmCA8R0ienkwPuEA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxWiFedb1VnoS8FGJYdn66_NbqePG_AFAjZgzj_kF85FUloc2rmK0b3IIvRGpeje8volObglwTxKSEw8XmqdYrzCYsiC0WCogk5Vmr5GfjHeoyX8k2iGPH8vWjBa88iCD09_qQsLpO2_Ex7myMm-SvRLjhvs4oJL1JeULWPFcq843C4DKwobYtjqRHyA Show response
fundingchoicesmessages.google.com/el/ 0
26 B 28ms
27ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yoQzPlYXd6fWNTktv8kyLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-yoQzPlYXd6fWNTktv8kyLA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-yoQzPlYXd6fWNTktv8kyLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-yoQzPlYXd6fWNTktv8kyLA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxWiFedb1VnoS8FGJYdn66_NbqePG_AFAjZgzj_kF85FUloc2rmK0b3IIvRGpeje8volObglwTxKSEw8XmqdYrzCYsiC0WCogk5Vmr5GfjHeoyX8k2iGPH8vWjBa88iCD09_qQsLpO2_Ex7myMm-SvRLjhvs4oJL1JeULWPFcq843C4DKwobYtjqRHyA Show response
fundingchoicesmessages.google.com/el/ 0
27 B 30ms
29ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cy6AwJ+vdUgewhAov720Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-cy6AwJ+vdUgewhAov720Bw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-cy6AwJ+vdUgewhAov720Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-cy6AwJ+vdUgewhAov720Bw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 AGSKWxWiFedb1VnoS8FGJYdn66_NbqePG_AFAjZgzj_kF85FUloc2rmK0b3IIvRGpeje8volObglwTxKSEw8XmqdYrzCYsiC0WCogk5Vmr5GfjHeoyX8k2iGPH8vWjBa88iCD09_qQsLpO2_Ex7myMm-SvRLjhvs4oJL1JeULWPFcq843C4DKwobYtjqRHyA Show response
fundingchoicesmessages.google.com/el/ 0
26 B 28ms
28ms XHR
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-D1/2OOy+Es5x1troXySLEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-D1/2OOy+Es5x1troXySLEQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-D1/2OOy+Es5x1troXySLEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-D1/2OOy+Es5x1troXySLEQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 1A08 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c29fb1caf4d1cab1b39ba84516eaf760c734c96dcf3acdef74411be8a400303e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DCD1
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIGEPYcUOUGjafeOcODHAxLCz885EqeNrhwBpRHmuF5zb5twDZ3-xfcHiuCXA-ZkKuIKpLj_kNXJVcUddXkH36HC8AJbajJ5_SAwGGnQKUCVkRxBSK9U7G-EzWvuYJ02rWFGLQmdt0...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwd2MxU1hYaGJLdTl4R3FmLTR3Y0tLVm1GdWk3dmFqNEg4M2tDRWtVTE93MA==&google_push

170 B
188 B

28ms
27ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwd2MxU1hYaGJLdTl4R3FmLTR3Y0tLVm1GdWk3dmFqNEg4M2tDRWtVTE93MA==&google_push

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwd2MxU1hYaGJLdTl4R3FmLTR3Y0tLVm1GdWk3dmFqNEg4M2tDRWtVTE93MA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DCD1
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLRzqO0...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLRzqO0...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MDcxODM3MzMwMDAzNzIyMTA4NTQzOA%3D%3D&google_push=AYg5qPLRzqO0Dx6bQmBs_hUfvl7aTdDVqf11r2n7kCE8z6HJkcWzz9kqL6HM3nT0x2trvJ...

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MDcxODM3MzMwMDAzNzIyMTA4NTQzOA%3D%3D&google_push=AYg5qPLRzqO0Dx6bQmBs_hUfvl7aTdDVqf11r2n7kCE8z6HJkcWzz9kqL6HM3nT0x2trvJuyh_PlP8FTNdAjnTvGyLJPV1u6xTuoyzgtplDszXJpvm42RrmLc1Iq1Js4K4lLwfMcJC-gy5Vh

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MDcxODM3MzMwMDAzNzIyMTA4NTQzOA%3D%3D&google_push=AYg5qPLRzqO0Dx6bQmBs_hUfvl7aTdDVqf11r2n7kCE8z6HJkcWzz9kqL6HM3nT0x2trvJuyh_PlP8FTNdAjnTvGyLJPV1u6xTuoyzgtplDszXJpvm42RrmLc1Iq1Js4K4lLwfMcJC-gy5Vh
pragma: no-cache
date: Tue, 07 Sep 2021 18:37:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Tue, 07 Sep 2021 18:37:33 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame DCD1 43 B
412 B 34ms
32ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEFN1qj5AYJhEBsF8lj6LqS8&google_cver=1&google_push=AYg5qPLN0y67X_ioWKIfCTSdiDmPy0k49uJMmAbk7I-LY9zUHjO9kml_X-e9EGrHl5jGhYWlpKiyHJPuEN0Wq-eZRqm4bpYrn7OK2y5I6g0Kk_CDU3dgjdVug2ZBO_0jdlSWjuaYRhbPXmJB
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DCD1
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKiJ0cOaFSazqsBe5RlVvV8&google_cver=1&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzD...
https://rtb.openx.net/sync/dds?google_gid=CAESEKiJ0cOaFSazqsBe5RlVvV8&google_cver=1&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzD...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzDL_OBsuWr9kK7i1nzki-uAXCCGzRE7XcoL...

170 B
188 B

27ms
26ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzDL_OBsuWr9kK7i1nzki-uAXCCGzRE7XcoLYhsteRIZU-&google_hm=9HQiCEDvxkkoMOJYT8Jfpg==

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLI_7lI_ZiirpVPEa8hLaefAWzchxFTy5iE8udvONe9NdL4n39785GOlicULbbifVEz9Oe0YVr9RanpY7DYnoPNwGoFWsdzDL_OBsuWr9kK7i1nzki-uAXCCGzRE7XcoLYhsteRIZU-&google_hm=9HQiCEDvxkkoMOJYT8Jfpg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: p32gcvaj5hf783gbeofr0btg2rhcjvpo

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DCD1
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
30ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI2EYqHvqOBM6kWFC2HeskOg1E-WHamOlvaS1RlwjqdvbMH1QkSdAQwlWHXrZFTC5qDBtfSfGB88SW1iQ_NAmbAPu2At3VYi0KC-W77Kzc40C-EUl5YUF9cUVFoqIERRtQ7uPMk0CA

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI2EYqHvqOBM6kWFC2HeskOg1E-WHamOlvaS1RlwjqdvbMH1QkSdAQwlWHXrZFTC5qDBtfSfGB88SW1iQ_NAmbAPu2At3VYi0KC-W77Kzc40C-EUl5YUF9cUVFoqIERRtQ7uPMk0CA
date: Tue, 07 Sep 2021 18:37:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame DCD1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TSc...

0
0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame DCD1 0
44 B 4267ms
509ms Image
text/plain 18.182.119.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEKOLJ1GfJNnYuoCuKEa9lSE&google_cver=1&google_push=AYg5qPLc0yTrqjrrPNdOfVUCglFyTxVJKEz_L-2JJxGutCUDUUIfz-RI2n-oBgTHNxuushMiVrfJWunOnlDa2DvZqNskDMa5zluLkmHIPmD9OfCYpwzlObuhWEiQuKONYYzcVB2F6JeOp4wz
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=3605422169&adf=2476343043&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850454&bpp=3&bdt=808&idt=153&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=580x280&correlator=6958864961906&frm=20&pv=1&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=2889&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=oXt9fyEytW&p=https%3A//forums.commentcamarche.net&dtd=161
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.182.119.142 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-182-119-142.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:35 GMT
server: awselb/2.0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame DCD1 0
12 B 32ms
30ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JzgvV5zM2wG47rESZcE0tfcnN4uxYXO79UWGa6HzP0n7-lubTM5s5liRK_n5VkYm2IG48o

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A84C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkO6UMiAo6fb2GOcjDkY4r2PQ5S5eKSpjqQ3EHMOSGaBMXRKJcOTuGQ5yPyxzM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 07 Sep 2021 18:37:31 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 07-Sep-2021 19:37:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 07 Sep 2021 18:37:31 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js Show response
pagead2.googlesyndication.com/bg/ Frame 36FD 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad694c05f6bd32953ca1d52060ed974be8d02bf28ef5a27237326f8e08f3c7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 14:32:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13326
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 14:32:33 GMT

GET
H3-29 200 5286763676304281139
tpc.googlesyndication.com/simgad/ Frame 2C48 32 KB
32 KB 27ms
11ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5286763676304281139?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm_1Ws0SPRHJs3ASHqqU-Ya2AaZAA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c17defd12a8dbf98aeea4043b34398f7ab77beb8291a32265097a1e601189fcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 08:48:17 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Aug 2018 16:18:04 GMT
server: sffe
age: 35354
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32770
x-xss-protection: 0
expires: Wed, 07 Sep 2022 08:48:17 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/ Frame 2C48 18 KB
7 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:29:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:29:37 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2C48 0
0 20ms
19ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNTFiarE3YcC5JYic-wbejr7AA-SKt5Rk5fe72YkOqtu_oNQBEAEgr7KMGGCVAqAB_7CkowPIAQKpAt4zzT26Jbc-qAMByAPJBKoEhwJP0DSH9pVwVCZXHIWVD5A89GOafu5croBtc6HXtcbBYda7znr0AQ3Tb5glCT0KHPeRrAv_zFzlu-FCy7qKzyfRr2t5EJcrKGEZO0sK61rrODCzNs3-itOa6lsB3NpSmg2LqXMBHl4PhVSIRqwpWOU4ZvtnJlwC0Wvelk1YIgM3auhmhC520dCzPK0HIhSMK4lTSsdcy-7TtOprfheWknFYXM3kFHiN6fVpvzKDDAJFbKj__-sfcWoLSEMbN6SXT4-vQhJeOw3XeaT2BZXut6rxwYpYZ225cPeM6IxZwMlc6lZRmkRK83R557rIZ1N1s9CRYzVwPkjI7R2N5RQ1Krp5kL4OeIP8qcAEnpvS1t8DkgUECAQYAZIFBAgFGASgBgKAB73XhCyoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEJWrB9IIBwiAYRABGB-ACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNzIxNzE2NzkyODU1ODI5MRgA&sigh=NS6lkJBQ8HU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 07 Sep 2021 18:37:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 2C48 2 KB
1 KB 21ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:33:16 GMT

GET
H3-29 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 2C48 67 B
91 B 13ms
6ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 16:19:04 GMT
x-content-type-options: nosniff
server: cafe
age: 8307
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Wed, 08 Sep 2021 16:19:04 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C48 122 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:31 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 2C48 14 KB
6 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:34:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:34:48 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 2C48 0
0 17ms
16ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSmG_-JMhWdzodF_LM843Mt-fzwgB9DiSE1Cbf9XrF-nTDfoRqpUQ1Pm3d0oAfvx34X4pQvaKc56GsGDvg3dnR6LhIM1A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 2C48 26 KB
11 KB 21ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 20:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78526
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10845
x-xss-protection: 0
server: cafe
etag: 14737611871312058204
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 20:48:45 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F361 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkO6UMiAo6fb2GOcjDkY4r2PQ5S5eKSpjqQ3EHMOSGaBMXRKJcOTuGQ5yPyxzM; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 07 Sep 2021 18:00:06 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2245
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame D47D 247 B
806 B 110ms
26ms Document
text/html 172.217.18.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f99.1e100.net

Software

sffe /

Resource Hash

bb66173ab312666885614031e0db7dbe055e43dd155f5be8fc311bb647a2d415

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/redir.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-TtiFa2RK5e4NfL-_Aewb6Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 205
date: Tue, 07 Sep 2021 18:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9BB2 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 06 Sep 2021 21:06:15 GMT
expires: Tue, 07 Sep 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77476
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2C48 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf118d8ae32e6dcfcb7fb77ea4c1ac9cf71d82bb00467f61c986904f8588a821

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9BB2 35 B
464 B 29ms
9ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKgNkjflpbyboJAs1OnuO-Y&google_cver=1&google_push=AYg5qPL1n7UB2abHtwcl-yLV7m0QZH4yXMPrwPtYFjTVkFEQs7oXzxLT6qy9YXOa5_tqIPuafyu4poo6WlijpLu02W7MsDOfAvYCmS2CV9_8g3OoeBRZ2EFQnEEL1k7aYnkwyVoNzRQdxFHL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9BB2
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEI_7vvdhp86L7bjqvv2tEAs&google_cver=1&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKW...
https://rtb.openx.net/sync/dds?google_gid=CAESEI_7vvdhp86L7bjqvv2tEAs&google_cver=1&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKW...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKWLwp20Colo8QIDOurz0y_rxld6sBTjMTIB...

170 B
188 B

27ms
27ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKWLwp20Colo8QIDOurz0y_rxld6sBTjMTIB7a0Vh_vC4q&google_hm=9HQiCEDvxkkoMOJYT8Jfpg==

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:30 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJof4l2InwcniHS6AO8n2wBrgHie9COkcR8tZAPVC69zAlQOo-PKS48VNMwm9N0LoIgkzoujMQzif_uEEJoPVjFg55jeVhKWLwp20Colo8QIDOurz0y_rxld6sBTjMTIB7a0Vh_vC4q&google_hm=9HQiCEDvxkkoMOJYT8Jfpg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: g9g4lm6dqfjembkjtfp2923h9r5h2boa

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9BB2
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

27ms
27ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ_iH4bqc-mz9lno3JR8TdLxFth8ePWOYzVqWClR4DQ-Ny6x-AtEQ-CC6tjxVVA9hFzCIi6gtKK8w3aYOyMSg0mC452W-xUhJ5oSckkw99uv4B4sEIU2P-t1VkKbDZDvBQ9uz70XODL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8IY_Q_rHSBKON0iYX4Dlag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ_iH4bqc-mz9lno3JR8TdLxFth8ePWOYzVqWClR4DQ-Ny6x-AtEQ-CC6tjxVVA9hFzCIi6gtKK8w3aYOyMSg0mC452W-xUhJ5oSckkw99uv4B4sEIU2P-t1VkKbDZDvBQ9uz70XODL
date: Tue, 07 Sep 2021 18:37:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9BB2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHJ8AQQbLSgwcm3_OGXpV6I&google_cver=1&google_push=AYg5qPLoprselshUcDzVFx0x4PqK36MHsT10fUe241ak80p6a1fhAC3EqgwHWSegMf_-AJafuZI...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&google_push=AYg5qPLoprselshUcDzVFx0x4PqK36MHsT10fUe241ak80p6a1fhAC3EqgwHWSegMf_-AJafuZIhHJGmBzmTG_YpGn3cXjrI6Au4rkWHV...

170 B
188 B

39ms
38ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&google_push=AYg5qPLoprselshUcDzVFx0x4PqK36MHsT10fUe241ak80p6a1fhAC3EqgwHWSegMf_-AJafuZIhHJGmBzmTG_YpGn3cXjrI6Au4rkWHVjuiY-8WYZUf7YUN9ckBUY97ks0Khp3Xh8ete7PF

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RBRjBKTlAtVC1MMDRI&google_push=AYg5qPLoprselshUcDzVFx0x4PqK36MHsT10fUe241ak80p6a1fhAC3EqgwHWSegMf_-AJafuZIhHJGmBzmTG_YpGn3cXjrI6Au4rkWHVjuiY-8WYZUf7YUN9ckBUY97ks0Khp3Xh8ete7PF
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9BB2
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQ...

0
0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 9BB2 0
43 B 4060ms
509ms Image
text/plain 18.182.119.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEL43VduUHw7c-ifaJsLx2K8&google_cver=1&google_push=AYg5qPL8f2F9jAQMRrEXUyXI4tPJjCyCuccbsfu9K4xskYTsCba9sj5a5lmkTkaFMe59MdQN65FSp1l7wIYgibGbIXuwLeHlC6wr4M8HnbLuWmUHIlCrGtwYMkbE4NOXwRX8tzl53Or6koqZ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.182.119.142 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-182-119-142.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:35 GMT
server: awselb/2.0

GET
H2

200

dot.gif
googlecm.hit.gemius.pl/ Frame 9BB2
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEAYgRbZb8CjypNmF1xUWnNY&google_cver=1&google_push=AYg5qPKN0ScggGvENoi30Hk5...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKN0ScggGvENoi30Hk5XhYNkUbX17lkLL3f0kTn48rs0Y7mkVlwmb9wMv89T4ySBcDOXmu_mllUeeCSUzzUawDYMa6YE5YYp2ZsYAq5JUiXNnRI0B0Zel&googl...
https://googlecm.hit.gemius.pl/dot.gif?id=pyM1l.MgAY658jQJ4ykHpoYhP_hR_2_qZ3eEDY6uHMX.C7&google_error=5

43 B
189 B

38ms
37ms

Image
image/gif

217.182.200.29
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googlecm.hit.gemius.pl/dot.gif?id=pyM1l.MgAY658jQJ4ykHpoYhP_hR_2_qZ3eEDY6uHMX.C7&google_error=5
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 217.182.200.29 , France, ASN16276 (OVH, FR),
Reverse DNS: gcm7.host.hit.gemius.pl
Software: GHC /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:32 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: image/gif
content-length: 43
expires: Mon, 06 Sep 2021 18:37:32 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://googlecm.hit.gemius.pl/dot.gif?id=pyM1l.MgAY658jQJ4ykHpoYhP_hR_2_qZ3eEDY6uHMX.C7&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 9BB2 0
12 B 30ms
26ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LR0-_zpwd3kk28blktihhTQ5ctFfnJCCTwhXbZ_ewCv0cA_amh4C7lwu6OqMF7yoVwpzngug

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F361
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

40ms
40ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkO6UMiAo6fb2GOcjDkY4r2PQ5S5eKSpjqQ3EHMOSGaBMXRKJcOTuGQ5yPyxzM; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 07 Sep 2021 18:37:31 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Tue, 07-Sep-2021 19:37:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 07 Sep 2021 18:37:31 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 07 Sep 2021 18:37:31 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 iframe.html Show response
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame D47D 4 KB
2 KB 53ms
26ms Document
text/html 172.217.18.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f99.1e100.net

Software

sffe /

Resource Hash

1a2730c261532f93466c1c09bffefea5d569aa69e1349dc5317c5185c6b9f932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-VtHGhPRrtCZ_5G5UpyUQrg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 1863
date: Tue, 07 Sep 2021 18:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js Show response
pagead2.googlesyndication.com/bg/ Frame 4066 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-7217167928558291&output=html&h=280&slotname=5476191628&adk=922265401&adf=961544257&pi=t.ma~as.5476191628&w=580&fwrn=4&fwrnh=100&lmt=1627048205&rafmt=1&psa=0&format=580x280&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&flash=0&hl=fr&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1631039850447&bpp=7&bdt=802&idt=124&shv=r20210901&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=6958864961906&frm=20&pv=2&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=340&ady=1559&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062297&oid=3&pvsid=4276518262259531&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=gmTQPh70ka&p=https%3A//forums.commentcamarche.net&dtd=148

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad694c05f6bd32953ca1d52060ed974be8d02bf28ef5a27237326f8e08f3c7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 14:32:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13326
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 14:32:33 GMT

GET
H2 200 / Show response
geoworker.ayads.co/ 1 B
243 B 44ms
17ms XHR
text/plain 2606:4700:10::6814:b25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://geoworker.ayads.co/
Requested by: Host: sac.ayads.co
URL: https://sac.ayads.co/sublime/3688/prebid
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:b25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:32 GMT
server: cloudflare
sublime-worker: true
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cf-ray: 68b20c833e4d4ddc-FRA
content-length: 1

GET
H/1.1 200
OK / Show response
optchk.ayads.co/ 16 B
279 B 1222ms
42ms Script
application/javascript 52.48.181.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://optchk.ayads.co/?callback=sublimeOptchk
Requested by: Host: sac.ayads.co
URL: https://sac.ayads.co/sublime/3688/prebid
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.181.137 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-181-137.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 49120de5d47bd735b7fe51736fde6bfd75dcdadbe3862c7eff507f27214ad6c2

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:33 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 16
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H/1.1 200
OK ac Show response
www8.smartadserver.com/ 0
342 B 511ms
231ms XHR
application/json 185.86.137.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://www8.smartadserver.com/ac?siteid=149017&pgid=836200&fmtid=42281&visit=M&tmstp=1631039852058&tgt=json%3Bvskinz%3Dtrue%3Bgm%3D0%3Bscreen%3Dlarge%3Blarge_screen%3DTRUE%3Btag%3Dpb%3Bpage_height%3Dlarge%3Bpage_home%3Dfalse%3Bskinz%3Dtrue%3Bpage_height_num%3D16000%3Bpage_weight%3D380000%3Buser_bandwidth%3D9.6%3Bpage_loading_speed%3D320%3Bskinz-d%3D300%3B%7Cpage_height_num%3D16000%3Bpage_weight%3D380000%3Buser_bandwidth%3D9.6%3Bpage_loading_speed%3D320%3Bskinz-d%3D300&out=json&gdpr=1&pgDomain=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader
Requested by: Host: sac.ayads.co
URL: https://sac.ayads.co/sublime/3688/prebid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:32 GMT
x-smrt-d: 3%3b10%3b99
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
865 B 44ms
44ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: sac.ayads.co
URL: https://sac.ayads.co/sublime/3688/prebid

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 18:37:32 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5db2e095-ce67-43d6-8b12-7db450d0fa4d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://forums.commentcamarche.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 /
antenna.ayads.co/ 0
40 B 39ms
39ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=1&ga=1&gs=2&gv=2&e=p&gd&gdv&tse=1631039852065&et=2631&tfz=1063&sqid=2&bw=1600&bh=1200&ph=15949
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:32 GMT
server: nginx

GET
H2 204 /
antenna.ayads.co/ 0
40 B 40ms
39ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=1&ga=1&gs=2&gv=2&a=105870&e=sspc&sspname=sspv3-smartadserver&isssp=1&sspplid=149017%7C836200%7C42281&tse=1631039852065&et=2632&tfz=1063&sqid=3
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:32 GMT
server: nginx

GET
H2 204 /
antenna.ayads.co/ 0
40 B 40ms
39ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=1&ga=1&gs=2&gv=2&a=105869&e=sspc&sspname=sspv3-appnexus&isssp=1&sspplid=12858867&tse=1631039852065&et=2632&tfz=1063&sqid=4
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:32 GMT
server: nginx

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
292 B 127ms
126ms Fetch
text/plain 50.31.142.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=a2be7eff87c04d8a910b4da95780a0d5_9934_1631039851656&tm=1565&eT=0&widgetWidth=620&widgetHeight=549&widgetX=320&widgetY=7884&tpcs=0&wRV=2000439&pVis=1&lsd=9121290a-aba9-4b3e-99cc-906734024cf1&eIdx=&rtt=824&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 50.31.142.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Tue, 07 Sep 2021 18:37:32 GMT
content-encoding: gzip
X-TraceId: b9e72c80c1cb86eed70f416e2e421820
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
292 B 250ms
123ms Fetch
text/plain 50.31.142.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=18697889e3f6d94107c67993fb1c6a18_9934_1631039851836&tm=1577&eT=0&widgetWidth=620&widgetHeight=429&widgetX=320&widgetY=8448&wRV=2000439&pVis=1&lsd=9121290a-aba9-4b3e-99cc-906734024cf1&eIdx=&rtt=824&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 50.31.142.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Tue, 07 Sep 2021 18:37:32 GMT
content-encoding: gzip
X-TraceId: 594560d65673256fc74a4d0106db565f
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
292 B 376ms
127ms Fetch
text/plain 50.31.142.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=ad8dccf5cce04ce8b92902219aeb2636_9934_1631039851977&tm=1578&eT=0&widgetWidth=620&widgetHeight=569&widgetX=320&widgetY=8892&wRV=2000439&pVis=1&lsd=9121290a-aba9-4b3e-99cc-906734024cf1&eIdx=&rtt=824&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 50.31.142.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Tue, 07 Sep 2021 18:37:32 GMT
content-encoding: gzip
X-TraceId: 53f65e02171097eab8b791a18b95437d
Content-Type: text/plain; charset=UTF-8
Content-Length: 28
access-control-expose-headers: content-range

POST
H2 200 notify Show response
pbjs.sskzlabs.com/ 143 B
357 B 1133ms
40ms XHR
application/json 52.210.224.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.sskzlabs.com/notify
Requested by: Host: sac.ayads.co
URL: https://sac.ayads.co/sublime/3688/prebid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.224.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-224-224.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 677eef1f36732e2be104ac780bd71b8c641f022654cf22fcb123be809dcad64f

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://forums.commentcamarche.net
date: Tue, 07 Sep 2021 18:37:33 GMT
access-control-allow-credentials: true
etag: W/"8f-MuzxTqrBLoxR266JopaoCXX0r34"
content-length: 143
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 optout_check Show response
beacon.krxd.net/ 62 B
222 B 130ms
38ms Script
text/javascript 34.255.105.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.lefigaro.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.105.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-105-163.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2fd95a5a705b98925e1092616373d1e2d3bafbe515c8909da8677747b4bd2f2b

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:33 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=29 t=1631039853
x-served-by: beacon-n024-dub-prod.krxd.net
content-type: text/javascript

GET
H2 200 get Show response
cdn.krxd.net/userdata/ 311 B
468 B 114ms
111ms Script
text/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=2897a0e1-1f44-4f18-9361-1b730c6292bc&technographics=1&callback=Krux.ns.lefigaro.kxjsonp_userdata
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a2ce356a84292dfa7dbe4dc9d929fe9fef8d93e3f9245b63841584dce0c929f7

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date: Tue, 07 Sep 2021 18:37:33 GMT
content-encoding: gzip
age: 0
x-served-by: userdata-a002-ash-prod.krxd.net, cache-fra19141-FRA
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript
via: 1.1 varnish
cache-control: private, max-age=3600
x-age: 0
accept-ranges: bytes
x-timer: S1631039854.758382,VS0,VE90
content-length: 239
x-cache-hits: 0, 0

GET
H2 204 /
antenna.ayads.co/ 0
40 B 42ms
38ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=1&ga=1&gs=2&gv=2&e=notifynoad&notid=9e12418a-f56e-4b5f-aca5-18f9f6da827d&tse=1631039853773&et=4339&tfz=2771&sqid=5
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:33 GMT
server: nginx

GET
H2 204 /
antenna.ayads.co/ 0
40 B 42ms
38ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=1&ga=1&gs=2&gv=2&a=105870&e=sspko&sspname=sspv3-smartadserver&isssp=1&sspplid=149017%7C836200%7C42281&sspr=1&rt=4283&tse=1631039853834&et=4401&tfz=2832&sqid=6
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:33 GMT
server: nginx

GET
H2 204 /
antenna.ayads.co/ 0
40 B 42ms
39ms Image
text/plain 18.200.182.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://antenna.ayads.co/?src=pb&t=1631039849434.1&ver=20210825085632&device=d&puid=p8174406912396971778&suid=s10066521397192564773&z=3688&gc=0&gm=1&ga=1&gs=2&gv=2&a=105869&e=sspko&sspname=sspv3-appnexus&isssp=1&sspplid=12858867&sspr=1&rt=4284&tse=1631039853834&et=4401&tfz=2832&sqid=7
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 18.200.182.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-182-178.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:33 GMT
server: nginx

GET
H2 204 pixel.gif
beacon.krxd.net/ 0
337 B 39ms
39ms Image
text/plain 34.255.105.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/pixel.gif?source=smarttag&fired=user_data_timeout&confid=KVJRsGaL&_kpid=2897a0e1-1f44-4f18-9361-1b730c6292bc&_kcp_s=CommentCaMarche&_kcp_d=commentcamarche.net&_knifr=14&_kua_kx_tz=-120&_kua_kx_lang=en-us&_kua_kx_tech_browser_language=en-us&_kpa_url_words=forum%2Caffich%2Ctrojan%2Cdownloader&_kpa_url_path_1=forum&_kpa_url_path_2=affich-34031474-trojan-downloader&_kpa_domain=commentcamarche.net&_kpa_day_of_week=Tue&_kpa_hour_of_day=20&_kpa_url_cleaned=forums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&_kpa_full_domain=forums.commentcamarche.net&_kpa_page_title=Trojan%20downloader%20%5BR%C3%A9solu%5D%20-%20Comment%20%C3%87a%20Marche&_kpa_sourcesite=CommentCaMarche-undefined&_kpa_ctnt_qual=parallaxeinfeed%2Cvirus-securite%2Cforum-34031474&_kpa_shield=CommentCaMarche-false&_kpa_browser_name=Chrome&_kpa_ccm_site=forums.commentcamarche.net%2Ccommentcamarche&_kpa_ccm_environnement=production&_kpa_ccm_page_type_screen_type=classique&_kpa_ccm_session_type=nonConnectee&_kpa_ccm_user_status=Anonyme&_kpa_ccm_level1=Forum%20d%27assistance%20informatique&_kpa_ccm_level2=Virus%20%2F%20S%C3%A9curit%C3%A9&_kpa_ccm_page_category=Sujet%20Forum&_kpa_ccm_theme=Virus%20%2F%20S%C3%A9curit%C3%A9%2Chightech&_kpa_app_config.partners.krux.id=KVJRsGaL&_kpa_app_config.partners.zbo.id=678&_kpa_app_config.internals.whitelist_subscriber.options.list.id=lists.commentcamarche.net&_kpa_app_config.asl.positions.top.mapping.tablet.name=mban_atf&_kpa_app_config.asl.positions.top.mapping.desktop.name=mban_atf&_kpa_app_config.asl.positions.right.mapping.desktop.name=pave_atf&_kpa_app_config.asl.positions.position2.mapping.tablet.name=pave_mtf&_kpa_app_config.asl.positions.position2.mapping.desktop.name=pave_mtf&_kpa_app_config.asl.positions.position3.mapping.mobile.name=pave_btf&_kpa_app_config.asl.positions.x02.mapping.mobile.name=special&_kpa_app_config.asl.positions.x02.mapping.tablet.name=habillage_atf&_kpa_app_config.asl.positions.x02.mapping.desktop.name=habillage_atf&_kpa_app_config.asl.positions.top_left.mapping.tablet.name=special&_kpa_app_config.asl.positions.top_left.mapping.desktop.name=special&_kpa_app_config.asl.positions.middle.mapping.desktop.name=native_atf&_kpa_app_config.positions.conf_pub.x02.mapping.mobile.name=special&_kpa_app_config.positions.conf_pub.x02.mapping.tablet.name=special&_kpa_app_config.positions.conf_pub.x02.mapping.desktop.name=special&_kpa_app_config.positions.conf_pub.top.mapping.mobile.name=mban_atf&_kpa_app_config.positions.conf_pub.top.mapping.tablet.name=mban_atf&_kpa_app_config.positions.conf_pub.top.mapping.desktop.name=mban_atf&_kpa_app_config.positions.conf_pub.right.mapping.desktop.name=pave_atf&_kpa_app_config.positions.conf_pub.position2.mapping.tablet.name=pave_mtf&_kpa_app_config.positions.conf_pub.position2.mapping.desktop.name=pave_mtf&_kpa_app_config.positions.conf_pub.infeed.mapping.mobile.name=pave_atf&_kpa_app_config.positions.conf_pub.infeed.mapping.tablet.name=pave_atf&_kpa_app_config.positions.conf_pub.infeed.mapping.desktop.name=inarticle&_kpa_app_config.vendors_positions.vendors.outbrain.positions.position=append&_kpa_app_config.vendors_positions.vendors.adsense.positions.position=append&t_navigation_type=0&t_dns=2&t_tcp=85&t_http_request=-1&t_http_response=25&t_content_ready=720&t_window_load=0&t_redirect=0&interchange_ran=false&userdata_was_requested=true&userdata_did_respond=false&sview=1&kplt0=26958&kplt1=29408&kplt2=44826&kplt3=26874&kplt4=26875&kplt5=26963&kplt6=26995&kplt7=27613&kplt8=30562&kplt9=42674&kplt10=42675&kplt11=45103&kplt12=45119&jsonp_requests=https%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F2897a0e1-1f44-4f18-9361-1b730c6292bc%2C231%2Chttps%3A%2F%2Fbeacon.krxd.net%2Foptout_check%2C190%2Chttps%3A%2F%2Fcdn.krxd.net%2Fuserdata%2Fget%2C189
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.105.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-105-163.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:34 GMT
cache-control: private, no-cache, no-store
x-request-time: D=64 t=1631039854
x-served-by: beacon-n010-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 57ms
57ms Script
application/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=forums.commentcamarche.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=forums.commentcamarche.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
11 KB 76ms
74ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4276518262259531&correlator=1720090339066854&output=ldjh&impl=fifs&eid=31061814%2C31062351%2C31060889%2C31062297&vrg=2021090201&ptt=17&gdpr=0&sc=1&sfv=1-0-38&ecs=20210907&iu_parts=31695825%2Ccommentcamarche%2Cweb_desktop_nos%2Cdesktop_fr_ccm_hightech_forum-virus-securite_forum_special%2Cdesktop_fr_ccm_hightech_forum-virus-securite_forum_mban_atf%2Cdesktop_fr_ccm_hightech_forum-virus-securite_forum_pave_atf&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F4%2C%2F0%2F1%2F2%2F5&prev_iu_szs=2x1%7C2x2%7C1800x1000%2C1x1%7C5x5%7C728x90%7C970x250%7C1000x90%7C1000x200%7C1000x260%7C1000x300%2C300x250%7C300x600&prev_scp=Pos%3Dspecial%7CPos%3Dmban_atf%26amznbid%3D2%26amznp%3D2%7CPos%3Dpave_atf%26amznbid%3D2%26amznp%3D2&cust_params=Langue%3Dfr%26Section%3Dparallaxeinfeed%252Cvirus-securite%252Cforum-34031474%26Sitepage%3Dfr_ccm_hightech_forum-virus-securite_forum%26Theme%3Dhightech%26mots-cles%3Dparallaxeinfeed%252Cvirus-securite%252Cforum-34031474%26ads_category%3Dsujet_forum%261plusX%3D%26ctx1plusx%3D%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_UNSCORED_PG%26fr%3Dfalse%26test_UID%3Doui&cookie_enabled=1&bc=31&abxe=1&lmt=1627048205&dt=1631039854514&dlt=1631039849646&idt=568&frm=20&biw=1600&bih=1200&oid=3&adxs=799%2C798%2C980&adys=0%2C179%2C388&adks=2989415382%2C3762287342%2C3896495808&ucis=1%7C2%7C3&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&flash=0&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0%7C1000x0%7C300x0&msz=1600x0%7C1000x0%7C300x0&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=false&fws=0%2C0%2C512&ohw=0%2C0%2C0&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

f0b76f4e67eef388763f41adb8326106bac366b9c5406c708f79be4899e4ecff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10309
x-xss-protection: 0
google-lineitem-id: 5747232197,5747232197,5747232197
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138357194843,138357196742,138357574600
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3636 6 KB
3 KB 47ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 07 Sep 2021 18:37:34 GMT
expires: Wed, 07 Sep 2022 18:37:34 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 44EE 0
0 81ms
52ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9KmzjvZSYrZOU5VS7rHUq5rsHaDIpJcmrpr3jvnj6nbH81tohOWzMQurwrYbxTAz9qVykJBTqUGMr8uUgZjI-WYW11XtoVjE-a4PmXKu2LFvw-oLL56ooqidyvpv_CfWcdijZMe-d6RrwgSx2A8YQjy7zDoMx0mIaXzy96W-IOOYUrH7vRFrQxNkuul7J2FKaXU694Pshe80EKNHekAHm-SoeIOV9OL3FkHLiyuQVOaff_FIR1oePQ4xMkX6e-Y-LlwsndiZG6oUrInMh97rG2SoqEqqlyoNXgobN25X3dEjq-sJoubmxP7MeAztBcliKFZYjjIGcYA8mKy_MRBt6pNHQIpJKOStRR-gPyX0jWKGpqNk2_hA6jAlwrYicMBHhDJcpLawYonOU5lFpcRlLEMOw507NlYmw677VSW_N&sig=Cg0ArKJSzI51hUKiZk3mEAE&urlfix=1&adurl=

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 44EE 46 KB
13 KB 178ms
86ms Fetch
application/javascript 52.19.5.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925755&campId=${CREATIVE_SIZE}&pubId=${ADV_ID}&chanId=${TAG_ID}&placementId=${CPG_ID}&pubCreative=${CREATIVE_ID}&pubOrder=${IO_ID}&cb=${CACHEBUSTER}&custom=${SITE_ID}&adsafe_par&uId=${USER_ID}&bidurl=${AUCTION_ID}&impId=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.5.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-5-220.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bcdfc23156d6951beb74e2c1b8548a863ca76cc9eb7dc48ff93a29c1ba169efa

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-server-name: app09.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK ac Show response
www6.smartadserver.com/ Frame 44EE 16 B
320 B 357ms
37ms Script
application/javascript 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://www6.smartadserver.com/ac?out=js&nwid=886&siteid=218855&pgname=ros&fmtid=21473&tgt=[sas_target]&visit=M&tmstp=5527339403&clcturl=[countgo]&gdpr=${GDPR_APPLIES}&gdpr_consent=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: efded6408c7e64cd48c00b10bdd63b79539c5bb13a396b9f3773f71fe2d5a606

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 44EE 122 KB
37 KB 234ms
233ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:34 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8904 0
0 78ms
55ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstO1RFEHtknSOFEzTjv-MItdoadZ-5Er7nSa5DYtW4kwM4lg4o6JLeS1pELMgq2llifxcLo6Hfl8h01xd1mSTUyzpwVtF8p-8qtWPnq67LY0y9jrim-mzSWSs54roD6myapVntc12XDKidVh-mcJA0873er2Ux-IdrI5icdnO-cAicl9-sicOtHqkjCSFAfRFokd2HFJwHI3CV1MRzjGjv8Q7DjZM6r8ey-_Q8cCP0by8gdeZq5EmTIAsnV70mURAxc4KcvC5HXYQobFkjwQ-AnubH1f-b5_uIQKQW7mWtmvU5q1EQBFJNDUXOJv6Z7LT-hYG7a79vWj1wrII1gDBNBHbvg98tBJkpRnrO_vbzOGP6JsLrIRv9cFoBMVC8wpgN7biOXfMuzCS7hNZKTS6YU2eG3D15kuF9rpuDsb1HmsA&sig=Cg0ArKJSzMZSkMwxjasjEAE&urlfix=1&adurl=

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 8904 46 KB
13 KB 170ms
83ms Fetch
application/javascript 52.19.5.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925755&campId=${CREATIVE_SIZE}&pubId=${ADV_ID}&chanId=${TAG_ID}&placementId=${CPG_ID}&pubCreative=${CREATIVE_ID}&pubOrder=${IO_ID}&cb=${CACHEBUSTER}&custom=${SITE_ID}&adsafe_par&uId=${USER_ID}&bidurl=${AUCTION_ID}&impId=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.5.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-5-220.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7318827058b57620f6daed7521e2be0b9f030046cfc071365aa36e93497517d9

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-server-name: app02.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK ac Show response
www6.smartadserver.com/ Frame 8904 16 B
320 B 390ms
37ms Script
application/javascript 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://www6.smartadserver.com/ac?out=js&nwid=886&siteid=218855&pgname=ros&fmtid=20810&tgt=[sas_target]&visit=M&tmstp=7562653679&clcturl=[countgo]&gdpr=${GDPR_APPLIES}&gdpr_consent=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: efded6408c7e64cd48c00b10bdd63b79539c5bb13a396b9f3773f71fe2d5a606

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8904 122 KB
37 KB 230ms
230ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:34 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame F431 0
0 70ms
53ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuuHS_RJ8u5VApwfFvuR7XLwe9IQ9YJ0i4Ml9f35EpII89lJFslD9-T7tmUnjwWz0kOl1MB25JJaoeXK_YGw845ksk2wGsTOpR6i0iflVTQM1GZD0KB-OzRFq8cYXek2ObG-iIHbgsJx4gLlIB3vHK2sb9E88MojAguQ4z98YZdsZMFiNblM5fVdBkx9ute5t4mUik3gALvfXG2SnM5vj6QmsLhQHJW-99-84pOG7UUd2UcK1BqBjlCemYfdOlS14XkJKhWUbaNji9viQ-e0UKCHGlbWldaMaQESJJcGL6q2Cax-YxFrFrjHSf3ydZFmNPl1VnnrDS0WCHoxGDyJIa8vhRyBlsrmY3c0sYvLkbJOHZ3hgNJxNSmx6oXYVHCwEbzf0dMcK4WVVz2VRs0DvupMtyhZKYqdu4Dd2TA87rO3Q&sig=Cg0ArKJSzEviXpTFL7lNEAE&urlfix=1&adurl=

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame F431 46 KB
13 KB 206ms
126ms Fetch
application/javascript 52.19.5.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925755&campId=${CREATIVE_SIZE}&pubId=${ADV_ID}&chanId=${TAG_ID}&placementId=${CPG_ID}&pubCreative=${CREATIVE_ID}&pubOrder=${IO_ID}&cb=${CACHEBUSTER}&custom=${SITE_ID}&adsafe_par&uId=${USER_ID}&bidurl=${AUCTION_ID}&impId=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.5.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-5-220.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6a49da8fcadcfa6639105875755c64e460902d61d5614cc888650e8a8762142e

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-server-name: app16.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK ac Show response
www6.smartadserver.com/ Frame F431 16 B
320 B 424ms
39ms Script
application/javascript 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://www6.smartadserver.com/ac?out=js&nwid=886&siteid=218855&pgname=ros&fmtid=20809&tgt=[sas_target]&visit=M&tmstp=4422694745&clcturl=[countgo]&gdpr=${GDPR_APPLIES}&gdpr_consent=
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: efded6408c7e64cd48c00b10bdd63b79539c5bb13a396b9f3773f71fe2d5a606

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F431 122 KB
37 KB 225ms
224ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:34 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=forums.commentcamarche.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=forums.commentcamarche.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
11 KB 376ms
375ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4276518262259531&correlator=1720090339066854&output=ldjh&impl=fifs&eid=31061814%2C31062351%2C31060889%2C31062297&vrg=2021090201&ptt=17&gdpr=0&sc=1&sfv=1-0-38&ecs=20210907&iu_parts=31695825%2Ccommentcamarche%2Cweb_desktop_nos%2Cdesktop_fr_ccm_hightech_forum-virus-securite_forum_inarticle&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C1x1%7C3x3%7C640x360&fluid=height&prev_scp=Pos%3Dinarticle&cust_params=Langue%3Dfr%26Section%3Dparallaxeinfeed%252Cvirus-securite%252Cforum-34031474%26Sitepage%3Dfr_ccm_hightech_forum-virus-securite_forum%26Theme%3Dhightech%26mots-cles%3Dparallaxeinfeed%252Cvirus-securite%252Cforum-34031474%26ads_category%3Dsujet_forum%261plusX%3D%26ctx1plusx%3D%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_UNSCORED_PG%26fr%3Dfalse%26test_UID%3Doui&cookie=ID%3Da1baaece8f957e13%3AT%3D1631039854%3AS%3DALNI_Mbcac3ToBnP9fp_lCefwktCsnv7OQ&bc=31&abxe=1&lmt=1627048205&dt=1631039854659&dlt=1631039849646&idt=568&frm=20&biw=1600&bih=1200&oid=3&adxs=629&adys=1090&adks=1143041984&ucis=4&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&flash=0&url=https%3A%2F%2Fforums.commentcamarche.net%2Fforum%2Faffich-34031474-trojan-downloader&vis=1&dmc=8&scr_x=0&scr_y=0&psz=620x375&msz=620x10&psts=AGkb-H_ZpiP1ho7j4fLh7ZNP9M8Bie2h4-B8lq7xUuOTvzKABLtWu6EurKUvihkGbItlJtG1O_m0C3s28ffhu2bDHnmXBWGYSgEJN2M%2CAGkb-H8a3Pm_j8POp9TKvh1_OQ3h6CYyLI_ZnfJSV9SDK3wzW0BNDTx0H87m24KBJL_QPgaVhI_YQ2tOHQk7P1v8_F9GKRdPpnuQ-7s%2CAGkb-H9pNvOa-CThWf-mTe6XJnVWHyP7Zc0LrqcBO6UlU3izKrL_FLJYHWOeJ_xA_lQl-V6_YGUJmrf9w_CaWxf4OfwtSX0JZTt6DoY&ga_vid=312521241.1631039850&ga_sid=1631039851&ga_hid=2072733453&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

f54c9645ab152362ae009e93dd511a44fb3ae223fee47e9544a933b6dfda4cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:35 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10807
x-xss-protection: 0
google-lineitem-id: 5782035775
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138362245991
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 44EE 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf284ca5566c8ef29e2d98fbe8b0fc66d5949c9cc18dcf1e597afab0a11123a7

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 44EE 0
0 80ms
52ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvcey_MTfqSAckoa-c5PfJ25b2WeqY9FHvogvjkJSG18fK6PrTSzk_a57-pNCxzQS7KrXUAiXzbwlb8J2PftfHW2ykhbP8QnLVR1XpvNiToXFvqDszlA9PAZKH1yg-xYqP6obvMZosuRTy2mh7qaiKdtDHcvL2bbGhuUWGmPJZ-rAmKhPKM9kabpGEeP_dSNZGfqJg_n-ggPbN0C_BQe_qo0c-w4ph6LJ9QNDtlPw3VrUivQD3ONLG93Yn8UaActyIhkkHNuMt4Wm7Xg1n0fc_yTmop6M8dF86t789jaUMi0K4oeeOP4ok77yqCEbuqs_q7VsLDF6nynOUTs7rp-ZcLxq5h666rl4pdOZCCD-9jKg8uk_xdHP3worKKS60VldQL7Y6zAjT9BJ_TGC63ozXdrvJc4mguGVPwUkbd78QuR5M&sig=Cg0ArKJSzJFwjIo7hHBUEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 07 Sep 2021 18:37:35 GMT

GET
DATA 200
OK truncated
/ Frame 8904 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 791affb68d13b5b2f2b4a9f5b22dafd1c48a5f53f82e5be4dc2f2dd33398e2ce

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8904 0
0 54ms
54ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnAyp_uC1_RZ2xOp1uOKaP8aNnYf-JxQI6GiiMiufWDei4fBoUfTDkuQaUejjgjVCBt7iq9ZsG49n5K7qK0VqnltSjKT3qtfLAKQ-gOu3Nk33uaf3i87_9iM7npmCzzjhDVZexc99jBCVYA217RXGyx0vmgxqAxKwGjb9O2Sj1olG3w09ih8oeF-gYGAI45wiurEGAShpOIP6QlwBZxYZFInavBizcpVVY9iCctjcfFdFBnMqWaQiIfhIbdVJjwij5yoouDWC4EehkxuTjNM0_r9nIHsy7hcF4XUmIEz5lBVoJ4CNBe8gbZE9RoCRefAoqTOVpexjTdiPQfs_3bCyW9daFXKbUVJr3RsRLEfXJkdcum5h7aHfgd2iS6O-NN8MmJgbTMX93gaBMpc6V4dv1M_vZiDJsdQiBNRrTyx7Int17&sig=Cg0ArKJSzOTtaew5aW_TEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 07 Sep 2021 18:37:35 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 357B 8 KB
713 B 23ms
21ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

398b4849b670aa5659a8fe1d8a925591d3c581176db6313a9ef7208d77310ede

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 16:55:33 GMT
server: ESF
date: Tue, 07 Sep 2021 18:37:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Sep 2021 18:37:35 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210830a_RC00/ Frame 357B 14 KB
3 KB 9ms
7ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210830a_RC00/outstream.min.css

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 16:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 17:37:01 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Sep 2022 16:15:11 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210830a_RC00/ Frame 357B 357 KB
124 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210830a_RC00/outstream.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c0e184ae49c8e5336a5ef1b4cad11a1af437ab88dd9bb9a7368d9496a1346d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 16:15:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126581
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 17:37:01 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Sep 2022 16:15:11 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/ Frame 357B 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210901/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:34:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Sep 2021 18:34:48 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 357B 0
0 15ms
14ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT743_Oyp_UUgvbnIcIOUO2PBLSeZj_J3assezq0lzufwKc7MgWLt-SFB2dqNAkuIXYu125fWERH649KPBdZgEnMO8rIg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame F431 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f84cc25fd4559730a73b374691d463ab8e7783e5b06987022801e029b55e21a9

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame F431 0
0 54ms
54ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4p2UTKJVS1reYnRTiroIVUNZWuQxc0FzSQehCe75zJKQ4A30dTUuPV427-mE_RUgRgFcXPY_Lz9a3a2l019U5qagM-tfImcf6LdR55kFANZ0r_0OknKQREKd6YKtUDo2Yr1MqxvLB-klbRcTceC3AVwz9EukCC9u2kVI-73pxxZ8GozNRqe6CXI5cTpxGZtdYGKRxc9Pul_L0wyVcRcHyWHWc5ABkxl3CbnHHwRnyy8kao2m8qHL4u9m7vEHeVLiWVd4IQGghMqk7PzXKU9-FU1WlNWLH6lgCoNQ8zi-ExykOtcsrNd0su08GJxKTdYkxGy_OYKL7HgK-ZCHNzxcfvnx-gXDH9BgO6WsyduGJaAnJA0st3D-MUSLsqS_WYrq75J0d16kCeY3EDY4Cbd2YwK0qNSliXAmirJxIdG5FbBQ7&sig=Cg0ArKJSzDCDhEGfmD_QEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 07 Sep 2021 18:37:35 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 357B 0
348 B 46ms
26ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ktaf0mq3&c=6958864961906&slotId=3479432480953&qqid=CNjknPnA7fICFd2GgwcdH-kONQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210830a_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:35 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 357B 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 10:50:07 GMT
x-content-type-options: nosniff
age: 114448
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Sep 2022 10:50:07 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 357B 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://forums.commentcamarche.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:59:45 GMT
x-content-type-options: nosniff
age: 373070
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 10:59:45 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 357B 0
121 B 43ms
43ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=BVVGbbrE3Ydj1Kd2NjuwPn9K7qAOfsNOHRgAAABABIIGB9TE4AVjnpqG4gwRg9ZXOgeAEsgEaZm9ydW1zLmNvbW1lbnRjYW1hcmNoZS5uZXS6AQlnZnBfaW1hZ2XIAQXaAUpodHRwczovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcpgC8FupArldPWjr37M-wAIC4AIA6gJmLzMxNjk1ODI1L2NvbW1lbnRjYW1hcmNoZS93ZWJfZGVza3RvcF9ub3MvZGVza3RvcF9mcl9jY21faGlnaHRlY2hfZm9ydW0tdmlydXMtc2VjdXJpdGVfZm9ydW1faW5hcnRpY2xl-AKD0h6QA8gGmAPIBqgDAeAEAdIFBhC_uovFFZAGAaAGJKgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDgBx_SCAcIgGEQARgd2AgCgAoFmAsBgAwB0BUBgBcB&eventType=clickstring&clientTime=1631039855122&ai=BVVGbbrE3Ydj1Kd2NjuwPn9K7qAOfsNOHRgAAABABIIGB9TE4AVjnpqG4gwRg9ZXOgeAEsgEaZm9ydW1zLmNvbW1lbnRjYW1hcmNoZS5uZXS6AQlnZnBfaW1hZ2XIAQXaAUpodHRwczovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcpgC8FupArldPWjr37M-wAIC4AIA6gJmLzMxNjk1ODI1L2NvbW1lbnRjYW1hcmNoZS93ZWJfZGVza3RvcF9ub3MvZGVza3RvcF9mcl9jY21faGlnaHRlY2hfZm9ydW0tdmlydXMtc2VjdXJpdGVfZm9ydW1faW5hcnRpY2xl-AKD0h6QA8gGmAPIBqgDAeAEAdIFBhC_uovFFZAGAaAGJKgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDgBx_SCAcIgGEQARgd2AgCgAoFmAsBgAwB0BUBgBcB

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ac Show response
www6.smartadserver.com/ Frame 357B
Redirect Chain

https://www6.smartadserver.com/ac?siteid=338324&pgid=1454088&fmtid=33229&ab=1&tgt=&oc=1&out=vast3&ps=1&pb=0&visit=S&vcn=s&vph=[playerHeight]&vpw=[playerWidth]&vpmt=[playbackMethod]&tmstp=1941544269...
https://www6.smartadserver.com/ac?siteid=338324&pgid=1454088&fmtid=33229&ab=1&tgt=&oc=1&out=vast3&ps=1&pb=0&visit=S&vcn=s&vph=%5BplayerHeight%5D&vpw=%5BplayerWidth%5D&vpmt=%5BplaybackMethod%5D&tmst...

129 B
524 B

39ms
39ms

XHR
text/xml

185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://www6.smartadserver.com/ac?siteid=338324&pgid=1454088&fmtid=33229&ab=1&tgt=&oc=1&out=vast3&ps=1&pb=0&visit=S&vcn=s&vph=%5BplayerHeight%5D&vpw=%5BplayerWidth%5D&vpmt=%5BplaybackMethod%5D&tmstp=1941544269&gdpr=%5Bsas_gdpr_applies%5D&gdpr_consent=%5Bsas_gdpr_consent%5D&cklb=1
Requested by: Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 0d782e0d957a825f22dbac3cd223537a4b428d1bdd6118eb8f18007ba6fa4c76

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: text/xml; charset=UTF-8
transfer-encoding: chunked

Redirect headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:34 GMT
location: https://www6.smartadserver.com/ac?siteid=338324&pgid=1454088&fmtid=33229&ab=1&tgt=&oc=1&out=vast3&ps=1&pb=0&visit=S&vcn=s&vph=%5BplayerHeight%5D&vpw=%5BplayerWidth%5D&vpmt=%5BplaybackMethod%5D&tmstp=1941544269&gdpr=%5Bsas_gdpr_applies%5D&gdpr_consent=%5Bsas_gdpr_consent%5D&cklb=1
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://forums.commentcamarche.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-length: 0

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 357B 0
0 53ms
52ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuc-ahQyD8x3cxnXK7FEcIwE0tjDA27BbC3hXb2f5Dk6X1u6Urjpy8y_FwkxiMrT_AebOJ9jEWUt_UldVLPjyLlv_HNumWFUK_jL4TW-Z6xCmUlEMsc77RWxScgXmcCVDYXT9g-wk9MSi2MTNGa4eQEJSw9a92SzF_oJ1jfaZFoPpmbVgSQ0FYtQs67YMNqEuU88-FhvIrCBLIRmi6XI8iikpmNc2k6UJ6JcFcpdX9pGH5L-qN6GfjQu7RQFEP-jTn6k7-ofIDvOCYuJc4b86ZVAcvVUyQFXByxYcXS_UL-O_hAQe8wrUM4uExHfXX1aWbtOiV3NJhTDq9IfWZ14i_o-v5NXHwJHlkt0oWgs4HHRhUdOOGudrO2fl8S_9IFez3drl_DnSLgyme8FOf9W3sDik0XkZU23s0wjdHnsQJ2h_-VfmzDKA&sig=Cg0ArKJSzMuenMgyJP0EEAE&adurl=

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 357B 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d03567175cc4d78a15e92f9e65a6febd93e86f02063e0f5d626c9edc12b7032

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 /
pubads.g.doubleclick.net/pagead/interaction/ Frame 357B 42 B
121 B 30ms
29ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pubads.g.doubleclick.net/pagead/interaction/?ai=BVVGbbrE3Ydj1Kd2NjuwPn9K7qAOfsNOHRgAAABABIIGB9TE4AVjnpqG4gwRg9ZXOgeAEsgEaZm9ydW1zLmNvbW1lbnRjYW1hcmNoZS5uZXS6AQlnZnBfaW1hZ2XIAQXaAUpodHRwczovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcpgC8FupArldPWjr37M-wAIC4AIA6gJmLzMxNjk1ODI1L2NvbW1lbnRjYW1hcmNoZS93ZWJfZGVza3RvcF9ub3MvZGVza3RvcF9mcl9jY21faGlnaHRlY2hfZm9ydW0tdmlydXMtc2VjdXJpdGVfZm9ydW1faW5hcnRpY2xl-AKD0h6QA8gGmAPIBqgDAeAEAdIFBhC_uovFFZAGAaAGJKgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDgBx_SCAcIgGEQARgd2AgCgAoFmAsBgAwB0BUBgBcB&sigh=Jst_taKxvJk&label=videoplayfailed303

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 357B 0
20 B 39ms
38ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-error&message=lima_error_fetching_ad%3A%20Wrapper%20was%20followed%20but%20led%20to%20an%20empty%20ad%20response.&eventType=ima_sdk_error&clientTime=1631039855222&ai=BVVGbbrE3Ydj1Kd2NjuwPn9K7qAOfsNOHRgAAABABIIGB9TE4AVjnpqG4gwRg9ZXOgeAEsgEaZm9ydW1zLmNvbW1lbnRjYW1hcmNoZS5uZXS6AQlnZnBfaW1hZ2XIAQXaAUpodHRwczovL2ZvcnVtcy5jb21tZW50Y2FtYXJjaGUubmV0L2ZvcnVtL2FmZmljaC0zNDAzMTQ3NC10cm9qYW4tZG93bmxvYWRlcpgC8FupArldPWjr37M-wAIC4AIA6gJmLzMxNjk1ODI1L2NvbW1lbnRjYW1hcmNoZS93ZWJfZGVza3RvcF9ub3MvZGVza3RvcF9mcl9jY21faGlnaHRlY2hfZm9ydW0tdmlydXMtc2VjdXJpdGVfZm9ydW1faW5hcnRpY2xl-AKD0h6QA8gGmAPIBqgDAeAEAdIFBhC_uovFFZAGAaAGJKgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDgBx_SCAcIgGEQARgd2AgCgAoFmAsBgAwB0BUBgBcB

Requested by

Host: forums.commentcamarche.net
URL: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 32ms
19ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210901&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ccd95d9e7e7a8770ad1b2d4e3d004e95fc925259b8a9e63e4bf9f10aa917e821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Sep 2021 18:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8354
x-xss-protection: 0

GET country
ccm.net/esi/ 0
0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 18:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Tue, 07 Sep 2021 18:37:35 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 91F9 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Tue, 07 Sep 2021 16:24:50 GMT
expires: Wed, 07 Sep 2022 16:24:50 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 7965
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CF5E 783 B
533 B 31ms
30ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8e6ea44767543f8ea0316d36f8530b60d7c65a57e61ef8c8cd920cc15f6eec4a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sKi5hXfLCmpj/EL8NCtEsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 07 Sep 2021 18:37:35 GMT
date: Tue, 07 Sep 2021 18:37:35 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-sKi5hXfLCmpj/EL8NCtEsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js Show response
pagead2.googlesyndication.com/bg/ Frame 91F9 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad694c05f6bd32953ca1d52060ed974be8d02bf28ef5a27237326f8e08f3c7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 14:32:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13326
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 14:32:33 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 48ms
48ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210901&jk=4276518262259531&bg=!LS6lLmrNAAYJpm41CaY7ACkAdvg8WhgMzhGHRi0pTkHIJ5Y_6qVL_9-l3HTjlZPXCVk9UUka-mwcDQIAAAB-UgAAAApoAQeZAnvQBkUOdBCb9XYGNYprMh6JdVbsbTP6iuHT9Dg7dDJ4TLXVTHITs9FwGimrRJ2lo3KGxhLZhf9faTaKbtE6lzMmB7R-TXXc-i0tnV2jN2UcSRdq_ET8UcKTK8f5cVxKMHcg7T89kv-mhGRr3AYPdw1LMeDzVk-DvwZz88V1ymxHU3ei9VPYM6Erh9ZoNbRGN77wEDpXmuo8tKEE2_Stq8UalpP5MgwRkzSECy-ezbpdIXBKZQycvr4n7fhnWoaX3YCwgeu0XmdXPRAxJb4NGSDKsWzDHUSbNjWVT5hvgsmB6dj6P49Gul34BVwnM39zwXcqiol7m7OVyOzHk8-4BX3VI0Wd4AUDvstvBhMkuY5k3Pf5RCUdM0Q0_huCJrcm2My6CYzJPI6J3anv8qdQpUySQ2XA8gu95KboBqpL2cKwX3C3IcuMZSaC4YiolmBPbE8ZuWpJL7esa2hh-N8MdGIqa9Gps0zKKaP3NIMOaNXj_P6d3FMrFlVWSJ5e0Tngs1cgqUxZsX4SZFplQ4DySTUJFLunzjIOSWOGMZ71oHjQP0vYPuXi3-f3tk5zkVgfsH2Cr8jktUuKeeF-Z8_DCQJaVIxRrirq3SjfPtqUnwXN8N9_tilKDh8waB4wCNPQK68X-ZopHI-HS21q7OyrYafFXRE96eIx83oankzWH9fbHZXZITLOUyQ7Ca4z8wdhrSJEFzhlALI3YS0iTPNJp3NoNrXOpBZaEGyGChlHgN22zvRovsruFeWfhdwZNj9vol48u_dg8uHDZlniH8iVbiisDRP4E6Hd9ISnSV_E1Wm6Yrg8lkKVSIdiiLsgSZbnC5jwihKmaBCwnjbESA
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 44EE 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstGwG3-7jr71WudkPy1A5RR-JNdlCkw_31ZddjXHa7PgBEGgxP6P5BlbOymY2MnvwVmE6Mz-Nn3XBUM5v9tT75iPr21s7BjGKPWgc5OTOhRw6qWQIG1&sig=Cg0ArKJSzGxVd9AMae_MEAE&id=lidar2&mcvt=1001&p=0,0,2,2&asp=0,0,2,2&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210901&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=2989415382&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1631039854619&rpt=388&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8904 42 B
64 B 39ms
38ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvIDiHdqcEQybQDW7dKI_pIo4_YRdXZblKSJHxeceVaIu6gW1DIehahJjspQrlj3IL50ehyR2UqPzTSRgPQ4AYNogTE8iWkdbv3QsIsdZEGOKhbjiXg&sig=Cg0ArKJSzNwfl7VzexrQEAE&id=lidar2&mcvt=1000&p=181,436,271,1164&asp=181,436,271,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210901&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=3762287342&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1631039854627&rpt=418&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F431 42 B
64 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDkenJaJSagZRQd_dUe9JwQqjDmnDf-pwb1hAQwnKKR2e6Mh6AZ2YxynZuhe1Gd0cSradqMvg0LhXyRpirgNr_nAXDDJP4FEuWUKk29prUzisNv2mW&sig=Cg0ArKJSzKaigJlRBDdtEAE&id=lidar2&mcvt=1000&p=480,980,1080,1280&asp=480,980,1080,1280&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210901&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=3896495808&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1631039854633&rpt=458&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 csi
csi.gstatic.com/ Frame 357B 0
17 B 40ms
26ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ktaf0mqc&c=6958864961906&slotId=3479432480953&qqid=CNjknPnA7fICFd2GgwcdH-kONQ&fb=outstream-lima&ulv=1&cll=0&nlc=1&nlrh=0&nlri=0&nlrs=0&nlru=0&nlrhc=false
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210830a_RC00/outstream.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.commentcamarche.net/forum/affich-34031474-trojan-downloader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:36 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i1-v6exp3.v4.metric.gstatic.com/v6exp3/ Frame D47D 35 B
524 B 112ms
27ms Image
image/gif 142.250.186.114
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i1-v6exp3.v4.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.114 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f18.1e100.net

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i2-v6exp3.ds.metric.gstatic.com/v6exp3/ Frame D47D 35 B
427 B 64ms
16ms Image
image/gif 2a00:1450:4001:800::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i2-v6exp3.ds.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 18:37:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_gid=CAESELv0Ee8rhW3aSVd2s6UBRCI&google_cver=1&google_push=AYg5qPL8z5XyUHmYNYE-XSe2r0cFHOdxc_TScuWnEQuozD1xI59qTOz780YxunARuSLKklpilOQW6pRM4SGyPmQjR-JMtJ8Ch5WK8A_06n5UqMEzEiD5RX9FbAjODxZUWnyLkpj-W42PA2Af

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTexag1i2IoJZUe3L_Km9wAABLsAAAAB&google_push=AYg5qPICS6VA11O-55uSVfwdUhqKej0D10nBsDMe2dRo_HXkYPYdSfMQD-GINdvzR__NuKnv8zLcdN65-_zoovxOoQK6rTUTaYQT0o4QIaOd63lPE-p4eR23qWOQCk4xxMZx-zGRRypIU6Pi&google_cver=1&google_gid=CAESEDN3oxzHkwG5f_bCVdxPa-I

Domain: ccm.net
URL: https://ccm.net/esi/country

Verdicts & Comments Add Verdict or Comment

208 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lijit.com/	1970-01-20 05:49:35	Name: _ljtrtb_56 Value: RX-371a622c-9ca8-422f-a2d1-70c69115d592-003
.lijit.com/	1970-01-20 05:49:35	Name: ljt_reader Value: bf6dae095fd0797016c57443
.rubiconproject.com/	1970-01-20 05:49:35	Name: audit Value: 1\|EoYYMAm4utmB+kd4jTU5N2AOsklFL4+NDtcBNOE67tY5yPOpSyjwted9aMPcTY8rjYeZqTdSftoiZ07GJqnMnot63tN3ThSPmw99prDpy4E=
.rubiconproject.com/	1970-01-20 05:49:35	Name: khaos Value: KTAF0JNP-T-L04H
.casalemedia.com/	1970-01-20 05:49:35	Name: CMRUM3 Value: 986137b16d276019c3e422-5562-4227-b7a2-53f92c550a83
.casalemedia.com/	1970-01-19 23:13:35	Name: CMPRO Value: 1198
.casalemedia.com/	1970-01-20 05:49:35	Name: CMID Value: YTexbHNB7pXsmHVxs9OuRAAA
.casalemedia.com/	1970-01-19 23:13:35	Name: CMPS Value: 5222
.casalemedia.com/	1970-01-19 21:05:26	Name: CMST Value: YTexbWE3sW0A
.doubleclick.net/	1970-01-20 14:35:11	Name: IDE Value: AHWqTUmMZbPj5frEvVP7cm1aD_g65ULFbnugHvzgw4R0pb_et-QQOx5fHwe9e6RMHaY
.commentcamarche.net/	1970-01-20 06:25:35	Name: __gads Value: ID=a1baaece8f957e13:T=1631039854:S=ALNI_Mbcac3ToBnP9fp_lCefwktCsnv7OQ

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://astatic.ccmbg.com/fc/js/prebid?v=20210706164335(Line 8) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js(Line 6) Message: [GPT] Div ID passed to googletag.display() does not match any defined slots: ba_x02.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js(Line 6) Message: [GPT] Div ID passed to googletag.display() does not match any defined slots: ba_top.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js(Line 6) Message: [GPT] Div ID passed to googletag.display() does not match any defined slots: ba_right.
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js(Line 6) Message: [GPT] Invalid arguments: PubAdsService.setTargeting('pt5', 0).
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021090201.js(Line 6) Message: [GPT] Invalid arguments: PubAdsService.setTargeting('pt6', 1).
console-api	error	URL: https://c.amazon-adsystem.com/aax2/apstag.js(Line 2) Message: TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .commentcamarche.net .commentcamarche.com;
X-Content-Security-Policy	frame-ancestors 'self' .commentcamarche.net .commentcamarche.com;
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2e9c3f3a15f7c32af503b0e0cbef20a2.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
akm-static.ccmbg.com
antenna.ayads.co
aorta.clickagy.com
ap.lijit.com
astatic.ccmbg.com
beacon.krxd.net
c.amazon-adsystem.com
cc.adingo.jp
ccm.net
cdn.adsafeprotected.com
cdn.appconsent.io
cdn.hubvisor.io
cdn.krxd.net
cdn.mookie1.com
ce.lijit.com
client-context.hubvisor.io
cm.g.doubleclick.net
cms.quantserve.com
consumer.krxd.net
contextual.media.net
csi.gstatic.com
dnlgm0m0r44nl.cloudfront.net
dpm.zebestof.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.dlx.addthis.com
eb2.3lift.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
forums.commentcamarche.net
fr-gmtdmp.mookie1.com
fundingchoicesmessages.google.com
geoworker.ayads.co
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
gum.criteo.com
hades.srvtrck.com
i.srvtrck.com
ib.adnxs.com
id.rlcdn.com
idsync.rlcdn.com
image6.pubmatic.com
imasdk.googleapis.com
img-19.ccm2.net
js.srvtrck.com
loadm.exelator.com
log.outbrainimg.com
match.adsrvr.org
match.prod.bidr.io
mcdp-chidc2.outbrain.com
mug.criteo.com
mv.outbrain.com
odb.outbrain.com
odr.mookie1.com
optchk.ayads.co
p.rfihub.com
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i1-v6exp3.v4.metric.gstatic.com
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-492175-i2-v6exp3.ds.metric.gstatic.com
p4-hhcne6xktkdrw-dxq4ix563kedqgzz-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pbjs.sskzlabs.com
pghub.io
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.rubiconproject.com
pixel.tapad.com
pr-bh.ybp.yahoo.com
profiles.tagger.opecloud.com
pubads.g.doubleclick.net
rtb.openx.net
s.amazon-adsystem.com
sac.ayads.co
sb.scorecardresearch.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static-lists.linternaute.com
static.criteo.net
static.digidip.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.extend.tv
sync.mathtag.com
sync.targeting.unrulymedia.com
tagger.opecloud.com
tcheck.outbrainimg.com
token.rubiconproject.com
tpc.googlesyndication.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www6.smartadserver.com
www8.smartadserver.com
ccm.net
cm.g.doubleclick.net
104.109.78.125
104.111.215.191
104.111.237.122
104.111.237.235
104.89.44.127
104.89.44.87
13.225.25.61
13.225.25.74
13.225.35.62
13.248.242.197
13.248.245.213
13.36.52.215
142.250.181.226
142.250.186.114
143.204.228.65
151.101.14.132
151.101.14.133
151.101.14.49
172.217.18.98
172.217.18.99
172.217.23.98
178.250.0.157
18.182.119.142
18.193.140.39
18.200.182.178
18.66.92.200
185.29.132.241
185.33.220.244
185.64.190.78
185.86.137.114
185.86.137.32
185.86.139.93
193.0.160.128
2.18.232.28
2.18.234.190
2.18.234.21
2.18.235.93
2001:4860:4802:32::3
209.54.176.128
213.19.147.45
216.52.2.19
217.182.200.29
2606:4700:10::6814:b25
2606:4700::6813:a860
2606:4700::6813:b702
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1288:80:800::7000
2a00:1450:4001:800::2012
2a00:1450:4001:802::2003
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200a
2a00:1450:4001:811::200a
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2004
2a00:1450:400c:c04::9c
2a00:1450:400d:805::2002
2a02:2638:1::3
2a02:2638::1c
3.127.193.214
34.248.201.47
34.254.143.3
34.255.105.163
34.98.67.61
35.186.238.175
35.186.253.211
35.227.209.167
35.227.248.159
35.241.45.217
35.244.174.68
50.31.142.191
52.19.5.220
52.210.224.224
52.215.67.233
52.48.181.137
52.71.142.200
52.95.123.41
54.163.239.172
66.155.71.149
69.173.144.138
69.173.144.139
70.42.32.127
72.251.249.14
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
045a2c60320da605d5659ab94cede04476912ac183d2cc7c1bd398acae576927
05df810f275cf536ad44bdfefb5b4821072e4cca2909a72acd66244f6b0de52b
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0877e419c532f7a5819292363a023ddb5a05a3623518e91e54d7a53fe74904a0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0d782e0d957a825f22dbac3cd223537a4b428d1bdd6118eb8f18007ba6fa4c76
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1093721fd3d1b7475d09925296cc5986f52dcd8838cf5eca9c306387c34e0d53
10fe36278af5ec590acb10c83ed5f99e70a4f07943cd465402d24d42c4392153
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
1465ea73b9db4601cda29c323ea3eea1fc28337bd2c5193154c9ecbd7bf38bbb
1514982f8f2e9840ad91fddb743f5c175bb0133fa90d424e155ac5c548cbbc5e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a2730c261532f93466c1c09bffefea5d569aa69e1349dc5317c5185c6b9f932
1d03567175cc4d78a15e92f9e65a6febd93e86f02063e0f5d626c9edc12b7032
21f0cb8208ea2729469af02c2487a853a936b4bc12af310dcfbc98288005a439
24c6612de1da047a4a8b295ac292fc290e0b603d217a34f8527ac932a94530cb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28bc3510054d601b10041e2e2e6b5f9289d5bf135282af829c5121b4a6716947
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2d89038070161455a1fb23f32823ef8494fe7e6f11710301930250ef4e4fcd42
2f54339ab0a5c613e53825dc014687c96a4926bec9993d5b34eca269da942721
2fd95a5a705b98925e1092616373d1e2d3bafbe515c8909da8677747b4bd2f2b
32134b4b1ad66aba9f2e2137b2cac5bba9782378448012e97df0021212a007ac
331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc
3681bc26d95f8c778c6f70a8a5ef41f33f3c2ffd392b06290925e970efad3895
3982c942590876cf5a57ea212976927e47b081f65ead1a24e8d0c563e97e89b7
398b4849b670aa5659a8fe1d8a925591d3c581176db6313a9ef7208d77310ede
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
401e6eb62879b686f33b7aa6573ca259f7d4534cf0da85cb56ec5b96b1260ba3
409cb94ac859590a6a6e1ab788d3b934189951e70b3c4267fef3b1e37a5adb31
4210fcb7cfa530a22a3cc693d56ffa3914ea29ed38b9c29e60b88821c2bb2eb6
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259
45b181624cbe52f524739653c496bac6ad56d61da71c63c77b7eb06ce6f8cb31
45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330
47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
49120de5d47bd735b7fe51736fde6bfd75dcdadbe3862c7eff507f27214ad6c2
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4c6c7a5a3a2af0395efdfaf206443e3e490db47d6b6839f28a34f911daff80f1
4d9e83e3e3d08f9a8d567753deae5b2de7e51709a25adba8cb4525db28a22f4a
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
52fc20b9dff1443f82bd36d7269f969ac5b04e0295678d9d51d4c06acf47543f
544c81d7b5f8cb9d5525b679b4d5a3b0c84a036e89a1a68ccd6e87b19cac8ad8
5502669010ce8a02c74850a044e97fe8b38276d9e4de9fb49042c19ef4c22311
569db0bd476ed216140709fd498b915f54ed8ce1cf0f14085ed72822af31b88d
5735052ed7f0af961c6e5fe0dad5a414f7f3537e639b7d7113d8f8ebf6633978
57c2dd8141da2bbcfaa3ce98819609891d6466305d16b3b0dceb7709e2ff4d8b
585cebc3dc95f13d010bea414d005d1542b3aed2fdb8ff79591a29f4652406f7
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
58da6480fc50a14bd6f73842552e9bfbd623d883c9a81d68b7d27b52d0afe71c
59bf69bcb73a067dc5a15f87f4d1236bf10b7eb558ab5697286d3f4419b604fc
5c0e184ae49c8e5336a5ef1b4cad11a1af437ab88dd9bb9a7368d9496a1346d8
5c1cf08027d3b12b661d39c56def906c8775f42eaf8a054aee9c6bbaebb9fb23
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474
627ab660757098853a0247b6c9b0ef8d030339c83d733255d509c90facfe0c6c
644e41c8362fd4fcaaeb79e714addb5d937770ebfc2646390a5b9781e494c774
65ee5d200ac373724a7dd2f1193559bf84c567c2cd671d2467f5675189b2ea56
677eef1f36732e2be104ac780bd71b8c641f022654cf22fcb123be809dcad64f
69fb0bb86a5163aa78e0b9af683c88813f7642018c155fe358f95f5ec8401773
6a49da8fcadcfa6639105875755c64e460902d61d5614cc888650e8a8762142e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f8fe041ec034ce69773cf40c4024a873f0c4da93ae6e6d300c8533bc4d40a84
7027a15ff02eb8c8ff34da3a46aabcf135649f6b18a6ca956fe767d1d9b65028
7318827058b57620f6daed7521e2be0b9f030046cfc071365aa36e93497517d9
73d5b6e82699ae9fca072e291b1285483f89c47dcbd017c922f136f0973cb7d5
7516842ff556ff708e84893bf1006bf21e38f04a3374d64b64fb4db461b8c49c
755cf1befb3a4e534fd446e703d0de8a4c5ec88f7586eb64f131dc7f3813a2cc
7636ff4777a79c0ffecc8720cdcf21bad9d64147ca883730670dcdd55f7be83a
78ac02adf745a649a860da0da4439b6ea61d87f465856f57137c2f77e27b5478
791affb68d13b5b2f2b4a9f5b22dafd1c48a5f53f82e5be4dc2f2dd33398e2ce
7dabc9fc0fab5c1142abeb43a4751a3575ce2c80e9b2816433129b529e54e4e8
7ed2da3dc0d13695fab4e438e0d74c8edcfe6c24dcdfb6195cde00304bd5a498
8050f05c230d74be333b63cef230e786094e9100f55fa19c6c0831e95870768d
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84e3ab699e5b0d3c391a57913e1a840775f4eeb2610f1e2d124a1fd3e8475d11
8a5809af76692517558cd0a524ec42676179191702b05759c1afec7555ffe1e1
8be49f44baab6e5003972c8bc33123dd34257840a77a1d20b7365ae8b60a896c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e6ea44767543f8ea0316d36f8530b60d7c65a57e61ef8c8cd920cc15f6eec4a
8eb9708f332082f0bf87339c8c9b15b4961d18e164fe1f097e65fb678ad307ff
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
95ef5334eac7b0f5cbc0d66ddfd8ffa43f174abf9116da0ee608f1ae78d27403
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cc50100b6f633fb0d0d7771f8af025e5163e5913bd479d9a2734a517ec6d85e
9e308d3b9df0f9c2657e8d34b7908d14096ce33ee495e83c116ea56cf5ac280c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1502f7edb3b44cda512da293596ff9163b027d71c2572026145de46fc2ee4c2
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2ce356a84292dfa7dbe4dc9d929fe9fef8d93e3f9245b63841584dce0c929f7
a332079417cc3f5a266d718bdee81c22c78b2677ed75addbec5acc6b70107ede
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a587c09c3890705a4cca275680a74233c1a1731e87d331df23c11e0f236a06a6
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa4b73d8b826f378a9871dda3044cb71abbbcea8f0601beb257b7f417da64a68
ac383aef15736a1e1f8df9ce728d429368771f5906a14569edc5b0345e11d02e
ad491c66e29ec7591a82c2c91a8aaa20645f3449b4dd0f865ffdb3830770e651
ad694c05f6bd32953ca1d52060ed974be8d02bf28ef5a27237326f8e08f3c7ca
add3220d92f30d53f967caa8e95787e7f4543d1d7acdcf81d95923bb4de619f9
b1402b0b04f94c9ac7fb6689ec154949a62eeef52635a9b385c5649d3a7f26a4
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d57f55219e1f4b3bbafe18969122c3135aca2e52b54b779a9dc9a9c453c5f3
b59cb4602a4a520440f98b9867c1f612707a0965bc8494c91c7b6a67b0663865
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b9fe05b67e322f774aa406fe00df930649b758a928432a316e1b2a5efb4ab7fe
ba70f46769d8ad250bffaab5831b086effb4793d0aa215fae2a817279af9d8e8
bb66173ab312666885614031e0db7dbe055e43dd155f5be8fc311bb647a2d415
bc2d942829eb0b93ce1321a93f188bcc7356abbef19979ad0ea696c7bc7c75c2
bcd43da7df771c935253b7d469416fd9f4ab904f8cf1a12b1c8f0a9660fc46f4
bcdfc23156d6951beb74e2c1b8548a863ca76cc9eb7dc48ff93a29c1ba169efa
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bf284ca5566c8ef29e2d98fbe8b0fc66d5949c9cc18dcf1e597afab0a11123a7
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c089f1a7661e6c7474aef28aa4890524528bb6ba28fbfd1fdbb7d8650a46e030
c17defd12a8dbf98aeea4043b34398f7ab77beb8291a32265097a1e601189fcc
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c29fb1caf4d1cab1b39ba84516eaf760c734c96dcf3acdef74411be8a400303e
c3ebb06f58acc280e5d90bd8853be0f6e2344688322b11abe98e514fbfb80808
c9fac7ca6bdc959e4cdd01b685d75e11b68946524d285288a055cac62528db4e
caba961cf71d7213df26fc8d5f11212204b5968f62698056ce768dada4656676
cad55443960809f7df97103f4817417757a5fa1a9e16e0214fc9e9bf60e43918
cb590807cdcb75bb2b266d6918d70b25dc27a84e1cb5089d1fd0a44d0108e7fb
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccd95d9e7e7a8770ad1b2d4e3d004e95fc925259b8a9e63e4bf9f10aa917e821
cd45713beee6c2428f11ad6444c6e2a6bbe1bfad330e68002052e9832a5dcc03
cf118d8ae32e6dcfcb7fb77ea4c1ac9cf71d82bb00467f61c986904f8588a821
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d739f4e9502d3c672029d4580ddff6e52872660508cc4b3f5c2eb2735c66a466
da5956eb40499755436091829dc92f137f6a7d076a34df1aed00e74ca4689141
db1042fa1940eb82fcfad4779edaffea8f2dec93733854b6ad6b61623bb52411
db84e0affe9940aea29a57d9ce892795a41ecdbcccadb3da04060c76af25e22e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df562993642e0b5935f3abf136d8bb0e3278879ffad2c86a6a8aa4b8479db6ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e8ec7865f2d8dffcd47b65e40efda889633cc02962596a6bf3d1be6d19a6dd
e4cd2de1069cc1936a590429e5352a9367cd46094b08b3919f2c90ff0072073e
e9ce91654a85304976d78e201ce33ebbdc60e6fc28a2a6ac312cc6bfdf78ef46
ed1bf8a60cb5ffe8f35df41505840b1a46fb532a15c0f24ef0a8d7e499220126
eea60a66f1c1044419162cd5671a5adaffad94766ff931b5aeaa349909111e6e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efded6408c7e64cd48c00b10bdd63b79539c5bb13a396b9f3773f71fe2d5a606
f00c5784ddf9d97ff66a5811f764cff205d4881a5338d55d191785c3b9eb642a
f0b76f4e67eef388763f41adb8326106bac366b9c5406c708f79be4899e4ecff
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710
f54c9645ab152362ae009e93dd511a44fb3ae223fee47e9544a933b6dfda4cba
f8203458a8f6731e66cfc6a563a4804838881264d4c0dbf3b78b05a58b24ee3a
f84cc25fd4559730a73b374691d463ab8e7783e5b06987022801e029b55e21a9
f9bd2c169259d2b5f9b3bcc809f3bca03429142c842f1d76945ff47783101573
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fd4d0ecd15c3a141134c1e0da7ca823d28dfab1f6182b8ce76cda34093491bfb
fe7ca2675ca9a6a115ee963cb767af657fc69ac60f52f54d904debcab00b8743
ff967b438c73716ad8b146d82f8eab2703392999e2147c4645d8389bbf307159

forums.commentcamarche.net Open in urlscan Pro 104.111.237.235 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

270 Requests

97 %HTTPS

30 %IPv6

61 Domains

108 Subdomains

77 IPs

8 Countries

2554 kBTransfer

8109 kBSize

11 Cookies

87 Outgoing links

Redirected requests

270 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

forums.commentcamarche.net Open in urlscan Pro
104.111.237.235 Public Scan

Screenshot
Live screenshot

Full Image

270
Requests

97 %
HTTPS

30 %
IPv6

61
Domains

108
Subdomains

77
IPs

8
Countries

2554 kB
Transfer

8109 kB
Size

11
Cookies

270 HTTP transactions
13 data transactions