community.norton.com Open in urlscan Pro
151.101.112.214 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Submission: On April 16 via manual (April 16th 2018, 11:19:36 pm UTC) from US

Summary HTTP 79 Redirects Links 47 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 27 domains to perform 79 HTTP transactions. The main IP is 151.101.112.214, located in San Francisco, United States and belongs to FASTLY - Fastly, US. The main domain is community.norton.com.
TLS certificate: Issued by Symantec Class 3 EV SSL CA - G3 on July 4th 2017. Valid for: a year.

This is the only time community.norton.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 28	151.101.112.214 151.101.112.214	54113 (FASTLY) (FASTLY - Fastly)
2	52.85.173.245 52.85.173.245	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	35.157.8.66 35.157.8.66	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 5	34.210.106.222 34.210.106.222	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	185.60.216.15 185.60.216.15	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	185.63.145.1 185.63.145.1	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	35.156.237.78 35.156.237.78	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	216.58.214.98 216.58.214.98	15169 (GOOGLE) (GOOGLE - Google LLC)
1	152.163.50.2 152.163.50.2	1668 (AOL-ATDN) (AOL-ATDN - AOL Transit Data Network)
2	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	104.244.43.112 104.244.43.112	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	52.85.173.78 52.85.173.78	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	216.58.214.100 216.58.214.100	15169 (GOOGLE) (GOOGLE - Google LLC)
1	216.58.214.99 216.58.214.99	15169 (GOOGLE) (GOOGLE - Google LLC)
2	185.60.216.35 185.60.216.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	63.140.40.91 63.140.40.91	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	104.40.62.153 104.40.62.153	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	2.18.232.65 2.18.232.65	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY - Fastly)
2	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	52.85.177.95 52.85.177.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	216.58.210.14 216.58.210.14	15169 (GOOGLE) (GOOGLE - Google LLC)
3 8	52.202.159.105 52.202.159.105	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	185.33.223.220 185.33.223.220	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 4	2.20.20.209 2.20.20.209	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	162.247.242.18 162.247.242.18	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
1	18.233.14.232 18.233.14.232	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2 2	35.172.251.27 35.172.251.27	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	80.252.91.52 80.252.91.52	15830 (TELECITY-LON) (TELECITY-LON)
79	31

28 151.101.112.214 (San Francisco, United States) 1 redirects

ASN54113 (FASTLY - Fastly, US)

community.norton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.173.245 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-173-245.fra6.r.cloudfront.net

cdn.ckeditor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.157.8.66 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.210.106.222 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-210-106-222.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.15 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.63.145.1 (United States)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.237.78 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-237-78.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.214.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.163.50.2 (United States)

ASN1668 (AOL-ATDN - AOL Transit Data Network, US)
PTR: m-prd-pxl-shared-mr1-blue-a.evip.aol.com

secure.leadback.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.19 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.43.112 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.173.78 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-173-78.fra6.r.cloudfront.net

d2vxvnufz8f5c5.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.226 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.214.100 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.214.99 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f99.1e100.net

www.google.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.35 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.40.91 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: symantec.com.ssl.d1.sc.omtrdc.net

oms.symantec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (Lehi, United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.40.62.153 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

login.norton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.65 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

static.nortoncdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.79.197.200 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.177.95 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-177-95.fra6.r.cloudfront.net

d346whrrklhco7.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.210.14 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.202.159.105 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-202-159-105.compute-1.amazonaws.com

t1.os-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.os-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.220 (European Union) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.20.20.209 (European Union) 1 redirects

ASN20940 (AKAMAI-ASN1, US)

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.18 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.233.14.232 (Cambridge, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-233-14-232.compute-1.amazonaws.com

t1.os-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.172.251.27 (Seattle, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-172-251-27.compute-1.amazonaws.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.252.91.52 (Leerdam, Netherlands)

ASN15830 (TELECITY-LON, GB)

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	norton.com 1 redirects community.norton.com login.norton.com	384 KB
9	os-data.com 3 redirects t1.os-data.com sync.os-data.com	4 KB
9	ensighten.com nexus.ensighten.com	62 KB
5	serving-sys.com 1 redirects secure-ds.serving-sys.com bs.serving-sys.com	15 KB
5	demdex.net 2 redirects dpm.demdex.net	4 KB
4	facebook.com graph.facebook.com www.facebook.com	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com	2 KB
2	adnxs.com 1 redirects secure.adnxs.com	2 KB
2	google-analytics.com www.google-analytics.com	14 KB
2	bing.com bat.bing.com	5 KB
2	symantec.com oms.symantec.com	1020 B
2	cloudfront.net d2vxvnufz8f5c5.cloudfront.net d346whrrklhco7.cloudfront.net	76 KB
2	facebook.net connect.facebook.net	28 KB
2	ckeditor.com cdn.ckeditor.com	14 KB
1	nr-data.net bam.nr-data.net	261 B
1	twitter.com analytics.twitter.com	329 B
1	newrelic.com js-agent.newrelic.com	9 KB
1	nortoncdn.com static.nortoncdn.com	6 KB
1	everesttech.net 1 redirects cm.everesttech.net	527 B
1	google.com.ua www.google.com.ua	107 B
1	google.com www.google.com	107 B
1	t.co t.co	166 B
1	doubleclick.net googleads.g.doubleclick.net	1 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	advertising.com secure.leadback.advertising.com	860 B
1	googleadservices.com www.googleadservices.com	6 KB
1	linkedin.com www.linkedin.com	1 KB
79	27

	Domain	Requested by
28	community.norton.com	1 redirects community.norton.com login.norton.com
9	nexus.ensighten.com	community.norton.com nexus.ensighten.com
5	t1.os-data.com	2 redirects community.norton.com
5	dpm.demdex.net	2 redirects community.norton.com
4	sync.os-data.com	1 redirects
4	secure-ds.serving-sys.com	1 redirects nexus.ensighten.com
2	id.rlcdn.com	2 redirects
2	secure.adnxs.com	1 redirects
2	www.google-analytics.com	d2vxvnufz8f5c5.cloudfront.net
2	bat.bing.com	nexus.ensighten.com
2	oms.symantec.com	community.norton.com
2	www.facebook.com	community.norton.com
2	connect.facebook.net	nexus.ensighten.com connect.facebook.net
2	graph.facebook.com	community.norton.com d2vxvnufz8f5c5.cloudfront.net
2	cdn.ckeditor.com	community.norton.com
1	bs.serving-sys.com	secure-ds.serving-sys.com
1	bam.nr-data.net	js-agent.newrelic.com
1	d346whrrklhco7.cloudfront.net	d2vxvnufz8f5c5.cloudfront.net
1	analytics.twitter.com	static.ads-twitter.com
1	js-agent.newrelic.com	community.norton.com
1	static.nortoncdn.com	login.norton.com
1	login.norton.com	community.norton.com
1	cm.everesttech.net	1 redirects
1	www.google.com.ua	community.norton.com
1	www.google.com	community.norton.com
1	t.co	community.norton.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	d2vxvnufz8f5c5.cloudfront.net	nexus.ensighten.com
1	static.ads-twitter.com	nexus.ensighten.com
1	secure.leadback.advertising.com	community.norton.com
1	www.googleadservices.com	nexus.ensighten.com
1	www.linkedin.com	community.norton.com
79	32

This site contains links to these domains. Also see Links.

Domain
www.norton.com
www.virustotal.com
submit.symantec.com
www.imgburn.com
www.majorgeeks.com
www.surveymonkey.com
us.norton.com
norton.com
twitter.com
buy.norton.com
security.symantec.com
safeweb.norton.com
identitysafe.norton.com
onlinefamily.norton.com
support.norton.com
updatecenter.norton.com
www.facebook.com
www.youtube.com
plus.google.com
www.symantec.com

Subject Issuer	Validity	Valid
community.norton.com Symantec Class 3 EV SSL CA - G3	`2017-07-04` - `2018-08-02`	a year	crt.sh
login.norton.com Symantec Class 3 EV SSL CA - G3	`2017-04-18` - `2018-05-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Frame ID: 50AC5DA7EF2F9FE25973D702CC7AAC4
Requests: 76 HTTP requests in this frame

Frame: https://community.norton.com/sso-norton
Frame ID: 7D1311590DAC641AEBF79468984A8A7B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+sites\/(?:default|all)\/(?:themes|modules)\//i
meta generator /Drupal(?:\s([\d.]+))?/i
headers expires /19 Nov 1978/i
env /^Drupal$/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+sites\/(?:default|all)\/(?:themes|modules)\//i
meta generator /Drupal(?:\s([\d.]+))?/i
headers expires /19 Nov 1978/i
env /^Drupal$/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

New Relic (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^NREUM/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^s_(?:account|objectID|code|INST)$/i

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /[^\/]*\/\/[^\/]*serving-sys\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

79
Requests

35 %
HTTPS

0 %
IPv6

27
Domains

32
Subdomains

31
IPs

5
Countries

630 kB
Transfer

1406 kB
Size

15
Cookies

47 Outgoing links

These are links going to different origins than the main page.

URL: http://www.norton.com/
Title: Norton.com

Search URL Search Domain Scan URL

URL: http://www.virustotal.com/
Title: www.virustotal.com (link is external)

Search URL Search Domain Scan URL

URL: https://submit.symantec.com/false_positive/
Title: https://submit.symantec.com/false_positive/

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/b0d8aa5d5a4b7b58ba4516812a82a8c1e2385353347b701d19dc3f89fdb7f4b1/analysis/
Title: 5 / 60 (link is external)

Search URL Search Domain Scan URL

URL: http://www.imgburn.com/index.php?act=Download
Title: http://www.imgburn.com/index.php?act=Download (link is external)

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/49aa06eaffe431f05687109fee25f66781abbe1108f3f8ca78c79bdec8753420/analysis/
Title: 1 / 61 (link is external)

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/02c74678128a9dfef58eab5abe269382c6b4862440c26c22cde7b83868f478f1/analysis/
Title: 0 / 61 (link is external)

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/363f61889adaf3ee4bb95bda5f6d7cb1d7c906b61c310c8e98ad02717c5203f9/analysis/
Title: 0 / 61 (link is external)

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/53779ea5077d9ec3676e7e692d57f10885cfab043643607881b05c690b22c45a/analysis/
Title: 0 / 59 (link is external)

Search URL Search Domain Scan URL

URL: http://www.majorgeeks.com/files/details/imgburn.html
Title: http://www.majorgeeks.com/files/details/imgburn.html (link is external)

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.com/r/norton_popup_survey

Search URL Search Domain Scan URL

URL: http://us.norton.com/core?inid=hho_forum_buy_core

Search URL Search Domain Scan URL

URL: http://norton.com/chat
Title: Chat with Norton Support

Search URL Search Domain Scan URL

URL: http://twitter.com/nortonsupport
Title: @NortonSupport on Twitter

Search URL Search Domain Scan URL

URL: http://us.norton.com/products
Title: Products

Search URL Search Domain Scan URL

URL: http://us.norton.com/norton-security-for-one-device
Title: Norton Security Standard

Search URL Search Domain Scan URL

URL: http://us.norton.com/norton-security-antivirus
Title: Norton Security Deluxe

Search URL Search Domain Scan URL

URL: http://us.norton.com/norton-security-with-backup
Title: Norton Security Premium

Search URL Search Domain Scan URL

URL: http://us.norton.com/norton-family-premier
Title: Norton Family Premier

Search URL Search Domain Scan URL

URL: http://us.norton.com/norton-mobile-security
Title: Norton Mobile Security

Search URL Search Domain Scan URL

URL: http://us.norton.com/online-backup
Title: Norton Online Backup

Search URL Search Domain Scan URL

URL: http://us.norton.com/norton-utilities
Title: Norton Utilities

Search URL Search Domain Scan URL

URL: http://us.norton.com/ultimate-help-desk-ultimate
Title: Norton Ultimate Help Desk

Search URL Search Domain Scan URL

URL: http://buy.norton.com/en-us/norton-small-business/MggKMjMxOTg1A4==/
Title: Norton Small Businesses

Search URL Search Domain Scan URL

URL: https://www.norton.com/
Title: Services

Search URL Search Domain Scan URL

URL: https://security.symantec.com/
Title: Free Virus Scan

Search URL Search Domain Scan URL

URL: http://safeweb.norton.com/
Title: Norton Safe Web

Search URL Search Domain Scan URL

URL: https://identitysafe.norton.com/
Title: Password Manager

Search URL Search Domain Scan URL

URL: https://identitysafe.norton.com/password-generator/
Title: Password Generator

Search URL Search Domain Scan URL

URL: https://onlinefamily.norton.com/familysafety/loginStart.fs
Title: Parental Control Software

Search URL Search Domain Scan URL

URL: http://us.norton.com/support
Title: Support

Search URL Search Domain Scan URL

URL: https://support.norton.com/sp/en/us/home/current/info
Title: Norton Support

Search URL Search Domain Scan URL

URL: http://updatecenter.norton.com/
Title: Norton Update Center

Search URL Search Domain Scan URL

URL: http://us.norton.com/support/DIY/
Title: Virus Removal

Search URL Search Domain Scan URL

URL: http://us.norton.com/security_response/definitions.jsp
Title: Virus Definitions & Security Updates

Search URL Search Domain Scan URL

URL: http://us.norton.com/security_response/spyware.jsp
Title: Spyware

Search URL Search Domain Scan URL

URL: http://www.norton.com/downloads
Title: Downloads

Search URL Search Domain Scan URL

URL: http://us.norton.com/downloads/
Title: Free Antivirus

Search URL Search Domain Scan URL

URL: https://security.symantec.com/nbrt/npe.aspx
Title: Malware Removal

Search URL Search Domain Scan URL

URL: http://us.norton.com/cybercrimereport/
Title: Norton Cybercrime Report

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Norton
Title: Norton on Facebook

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/norton
Title: Norton on YouTube

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/102869856465354589684/posts
Title: Norton on Google+

Search URL Search Domain Scan URL

URL: http://www.symantec.com/about/profile/policies/legal.jsp
Title: Legal Notice

Search URL Search Domain Scan URL

URL: http://www.symantec.com/about/profile/privacypolicy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.symantec.com/about/profile/policies/eulas/
Title: License Agreement

Search URL Search Domain Scan URL

URL: http://www.symantec.com/about/profile/policies/privacy.jsp#about_cookies
Title: Cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610

Request Chain 52

https://cm.everesttech.net/cm/dd?d_uuid=35556756328370207131147803906437053230 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=WtUvfQAAAjeCnRKk

Request Chain 54

https://community.norton.com/en/sso-get-norton-passive-url HTTP 302
https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D

Request Chain 62

https://t1.os-data.com/i?tna=pixel&aid=symantec&e=se&se_ca=pixel&se_ac=page-view&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%5D%7D HTTP 302
https://t1.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22data%22:%7B%22company_id%22:52,%22site_id%22:59%7D%7D%5D%7D&aid=symantec&tna=pixel&se_ac=page-view&se_ca=pixel&n3pc=true

Request Chain 67

https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/6/1806 HTTP 302
https://secure-ds.serving-sys.com/BurstingCachedScripts/OneTagDefaultConfig.json

Request Chain 69

https://t1.os-data.com/r/tp2?u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D145576%26dpuuid%3D%24%7BSP_UUID%7D%26redir%3Dhttps%253A%252F%252Fsync.os-data.com%252Fi%253Ftna%253Dpixel%2526aid%253Daam-sync%2526e%253Dse%2526se_ca%253Duuid%2526se_ac%253Dsync%2526se_la%253D%2524%257BDD_UUID%257D%2526se_pr%253Daam%2526co%253D%25257B%252522schema%252522%25253A%252522iglu%25253Acom.snowplowanalytics.snowplow%25252Fcontexts%25252Fjsonschema%25252F1-0-0%252522%25252C%252522data%252522%25253A%25255B%25257B%252522schema%252522%25253A%252522iglu%25253Acom.onespot%25252Fclient%25252Fjsonschema%25252F1-0-0%252522%25252C%252522data%252522%25253A%25257B%252522company_id%252522%25253A52%25252C%252522site_id%252522%25253A59%25257D%25257D%25252C%25257B%252522schema%252522%25253A%252522iglu%25253Acom.snowplowanalytics.snowplow%25252Fweb_page%25252Fjsonschema%25252F1-0-0%252522%25252C%252522data%252522%25253A%25257B%252522id%252522%25253A%25252211b00aca-f2d4-433c-b3c2-7c2de23ef95f%252522%25257D%25257D%25255D%25257D HTTP 302
https://dpm.demdex.net/ibs:dpid=145576&dpuuid=bc8938e6-a408-45f6-b779-909f37426cd5&redir=https%3A%2F%2Fsync.os-data.com%2Fi%3Ftna%3Dpixel%26aid%3Daam-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_la%3D%24%7BDD_UUID%7D%26se_pr%3Daam%26co%3D%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fcontexts%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%255B%257B%2522schema%2522%253A%2522iglu%253Acom.onespot%252Fclient%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522company_id%2522%253A52%252C%2522site_id%2522%253A59%257D%257D%252C%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fweb_page%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522id%2522%253A%252211b00aca-f2d4-433c-b3c2-7c2de23ef95f%2522%257D%257D%255D%257D HTTP 302
https://sync.os-data.com/i?tna=pixel&aid=aam-sync&e=se&se_ca=uuid&se_ac=sync&se_la=35556756328370207131147803906437053230&se_pr=aam&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D

Request Chain 70

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.os-data.com%2Fi%3Ftna%3Dpixel%26aid%3Dan-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_la%3D%24UID%26se_pr%3Dan%26co%3D%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fcontexts%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%255B%257B%2522schema%2522%253A%2522iglu%253Acom.onespot%252Fclient%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522company_id%2522%253A52%252C%2522site_id%2522%253A59%257D%257D%252C%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fweb_page%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522id%2522%253A%252211b00aca-f2d4-433c-b3c2-7c2de23ef95f%2522%257D%257D%255D%257D HTTP 302
https://sync.os-data.com/i?tna=pixel&aid=an-sync&e=se&se_ca=uuid&se_ac=sync&se_la=303428788319361933&se_pr=an&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D HTTP 302
https://sync.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22data%22:%7B%22company_id%22:52,%22site_id%22:59%7D%7D,%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/web_page/jsonschema/1-0-0%22,%22data%22:%7B%22id%22:%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D&se_pr=an&aid=an-sync&tna=pixel&se_ac=sync&se_la=303428788319361933&se_ca=uuid&n3pc=true

Request Chain 71

https://id.rlcdn.com/467946.gif?cparams=tna%3Dpixel%26aid%3Dliveramp-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_pr%3Dliveramp%26duid%3Dd12e2dd6-a9b0-4959-a0cc-b17a622c24cd%26co%3D%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fcontexts%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%255B%257B%2522schema%2522%253A%2522iglu%253Acom.onespot%252Fclient%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522company_id%2522%253A52%252C%2522site_id%2522%253A59%257D%257D%252C%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fweb_page%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522id%2522%253A%252211b00aca-f2d4-433c-b3c2-7c2de23ef95f%2522%257D%257D%255D%257D HTTP 302
https://id.rlcdn.com/467946.gif?cparams=tna%3Dpixel%26aid%3Dliveramp-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_pr%3Dliveramp%26duid%3Dd12e2dd6-a9b0-4959-a0cc-b17a622c24cd%26co%3D%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fcontexts%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%255B%257B%2522schema%2522%253A%2522iglu%253Acom.onespot%252Fclient%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522company_id%2522%253A52%252C%2522site_id%2522%253A59%257D%257D%252C%257B%2522schema%2522%253A%2522iglu%253Acom.snowplowanalytics.snowplow%252Fweb_page%252Fjsonschema%252F1-0-0%2522%252C%2522data%2522%253A%257B%2522id%2522%253A%252211b00aca-f2d4-433c-b3c2-7c2de23ef95f%2522%257D%257D%255D%257D&redirect=1 HTTP 302
https://sync.os-data.com/com.snowplowanalytics.snowplow/tp2?se_la=Xc1379g0hnwCcaXaMMbRWt72sA-X17DAVz0BsXfb8WgtrDSfg&tna=pixel&aid=liveramp-sync&e=se&se_ca=uuid&se_ac=sync&se_pr=liveramp&duid=d12e2dd6-a9b0-4959-a0cc-b17a622c24cd&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D

79 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request imgburn-all-sudden-been-identified-potential-malicious Show response
community.norton.com/en/forums/ 77 KB
19 KB 630ms
605ms Document
text/html 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

45faf539c81409b11c3c700eb1f9f6af48ea7b60e5ec3fff1e737c71e1431155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 52
X-Cache: MISS
Connection: keep-alive
Content-Length: 18443
X-UA-Compatible: IE=edge
X-Varnish-Hits: 1
Last-Modified: Mon, 16 Apr 2018 23:18:30 GMT
Server: Apache
X-Timer: S1523920763.439983,VS0,VE600
X-Frame-Options: SAMEORIGIN
Etag: "1523920710-1"
X-Served-By: cache-hhn1540-HHN
Vary: Cookie,Accept-Encoding
Content-Language: en
Via: 1.1 varnish-v4 1.1 varnish
X-Generator: Drupal 7 (http://drupal.org)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Link: </en/forums/imgburn-all-sudden-been-identified-potential-malicious>; rel="canonical",</en/node/1439481>; rel="shortlink"
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK css_ejsSqUiuAnyU3g11JQXiJ6iMk8csEmGGto82soMgaKI.css
community.norton.com/sites/default/files/css/ 8 KB
2 KB 537ms
535ms Stylesheet
text/css 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/css/css_ejsSqUiuAnyU3g11JQXiJ6iMk8csEmGGto82soMgaKI.css
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: 7a3b12a948ae027c94de0d752505e227a88c93c72c126186b68f36b2832068a2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1480118
X-Cache: MISS
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1941
X-Served-By: cache-hhn1540-HHN
Accept-Ranges: bytes
Last-Modified: Fri, 30 Mar 2018 20:10:38 GMT
Server: Apache
X-Timer: S1523920764.051746,VS0,VE529
ETag: "1e45-568a6d572ec02-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Fri, 13 Apr 2018 20:10:46 GMT
Cache-Control: max-age=1209600
X-Varnish-Hits: 30549
X-Cache-Hits: 0

GET
H/1.1 200
OK css_0lql_bFzziJib9enTsqBmKYPe3Jjy3nZp6OiF-BhXzQ.css
community.norton.com/sites/default/files/css/ 766 B
934 B 21ms
8ms Stylesheet
text/css 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/css/css_0lql_bFzziJib9enTsqBmKYPe3Jjy3nZp6OiF-BhXzQ.css
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: d25aa5fdb173ce22626fd7a74eca8198a60f7b7263cb79d9a7a3a217e0615f34

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 2407696
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 379
X-Served-By: cache-hhn1539-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 16:55:28 GMT
Server: Apache
X-Timer: S1523920764.062880,VS0,VE2
ETag: "2fe-567c6d332bbb9-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Thu, 19 Apr 2018 02:31:08 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 18
X-Cache-Hits: 4

GET
S 200 default.css
cdn.ckeditor.com/4.4.0/full-all/plugins/codesnippet/lib/highlight/styles/ 3 KB
1 KB 105ms
33ms Stylesheet
text/css 52.85.173.245
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ckeditor.com/4.4.0/full-all/plugins/codesnippet/lib/highlight/styles/default.css
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: SPDY
Server: 52.85.173.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-173-245.fra6.r.cloudfront.net
Software: Apache /
Resource Hash: 95c0f2b05e6b146b94e9fda88f892725138ca515f379627be7c30d47b9f00fe7

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Fri, 02 Feb 2018 21:32:25 GMT
content-encoding: gzip
last-modified: Thu, 24 Apr 2014 13:07:36 GMT
server: Apache
age: 6313619
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: max-age=31536000
x-amz-cf-id: hYuJ1AdsxUNTYK5EhGslWWGRhezv30RqX6OS2VTpxwLYwIPBTO3JJQ==
via: 1.1 c438f26ccd08e3dcd1f5cc4a61417fde.cloudfront.net (CloudFront)
expires: Sat, 02 Feb 2019 21:32:25 GMT

GET
H/1.1 200
OK css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
community.norton.com/sites/default/files/css/ 149 KB
25 KB 19ms
5ms Stylesheet
text/css 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: cf592688cc4d145d9591397944e2c1f54cefd8d00174f408ead8b6460db1e66d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1832683
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 25122
X-Served-By: cache-hhn1547-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 26 Mar 2018 18:14:35 GMT
Server: Apache
X-Timer: S1523920764.062722,VS0,VE0
ETag: "25201-56854bf143c4a-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Wed, 25 Apr 2018 18:14:40 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 4
X-Cache-Hits: 337

GET
H/1.1 200
OK picture-default.png
community.norton.com/en/system/files/styles/avatar-default/private/pictures/ 3 KB
3 KB 6ms
5ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/styles/avatar-default/private/pictures/picture-default.png?itok=c9tNyzOb

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

4ff7d54dd5fb4aeaa57e6fc45b74a4b604da08a308b3b8bf75d1773551540bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 10034
X-Cache: HIT
Connection: keep-alive
Content-Length: 2974
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Server: Apache
X-Timer: S1523920764.287029,VS0,VE0
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=3600
X-Varnish-Hits: 2
X-Drupal-Cache: MISS
X-Cache-Hits: 2

GET
H/1.1 200
OK picture-lithium-user-avatar-620.jpg
community.norton.com/en/system/files/styles/avatar-default/private/pictures/ 3 KB
4 KB 8ms
8ms Image
image/jpeg 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/styles/avatar-default/private/pictures/picture-lithium-user-avatar-620.jpg?itok=hzblsfZZ

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

080a1a7cebef19af6721f6f6c1876187dae1ac0816be406a36720ea8792bbfd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 505
X-Cache: HIT
Connection: keep-alive
Content-Length: 3104
X-Served-By: cache-hhn1531-HHN
Server: Apache
X-Timer: S1523920764.294432,VS0,VE2
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/jpeg
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 1

GET
H/1.1 200
OK picture-52403-1484491030.png
community.norton.com/en/system/files/styles/avatar-default/private/pictures/ 3 KB
3 KB 6ms
6ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/styles/avatar-default/private/pictures/picture-52403-1484491030.png?itok=numR2Cs8

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

208e392f0bba9e4585d38daed4e4646d60ec3a486a8ac4894c95973f0b3a9f92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 14262
X-Cache: HIT
Connection: keep-alive
Content-Length: 2671
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Server: Apache
X-Timer: S1523920764.302715,VS0,VE0
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=3600
X-Varnish-Hits: 5
X-Drupal-Cache: MISS
X-Cache-Hits: 1

GET
H/1.1 200
OK text-plain.png
community.norton.com/modules/file/icons/ 220 B
723 B 7ms
7ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://community.norton.com/modules/file/icons/text-plain.png
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: aa3b190ee7a1ce174966f20d0d0f914e6f9f1f05ded06b154747dfca4096e3c7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 2419031
X-Cache: HIT
Connection: keep-alive
Content-Length: 220
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 17:36:09 GMT
Server: Apache
X-Timer: S1523920764.309203,VS0,VE0
ETag: "dc-567c764bf35ff"
Content-Type: image/png
Expires: Wed, 18 Apr 2018 23:22:13 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 12
X-Cache-Hits: 1

GET
H/1.1 200
OK 135.png
community.norton.com/en/system/files/u52403/ 25 KB
26 KB 799ms
799ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u52403/135.png

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

42232630f67c8e9161f375c218fd40de48906c687d7e096acadb10765877d623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 25892
X-Served-By: cache-hhn1531-HHN
Server: Apache
X-Timer: S1523920764.316561,VS0,VE793
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK picture-689203-1514581409.jpg
community.norton.com/en/system/files/styles/avatar-default/private/pictures/ 2 KB
3 KB 10ms
9ms Image
image/jpeg 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/styles/avatar-default/private/pictures/picture-689203-1514581409.jpg?itok=Vf9Ma6yP

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

aa9e0d094d5262f518235b3ad03fd23e4bca736153ebf5b0fe38aa33823e02ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 7108
X-Cache: HIT
Connection: keep-alive
Content-Length: 2297
X-Served-By: cache-hhn1540-HHN
Accept-Ranges: bytes
Server: Apache
X-Timer: S1523920765.587183,VS0,VE4
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/jpeg
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=3600
X-Varnish-Hits: 4
X-Drupal-Cache: MISS
X-Cache-Hits: 1

GET
H/1.1 200
OK 141.png
community.norton.com/en/system/files/u52403/ 34 KB
35 KB 700ms
700ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u52403/141.png

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

d34190e5902eff0f244854e071748aaa03102d09053fc3b15ee875c3186aa01a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 35266
X-Served-By: cache-hhn1547-HHN
Server: Apache
X-Timer: S1523920765.586570,VS0,VE687
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK 144.png
community.norton.com/en/system/files/u52403/ 36 KB
36 KB 899ms
898ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u52403/144.png

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

30f294f672fc6f9d7b74d716ed1d7f11deecca1bce021fbe0402383ad4da508f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 36382
X-Served-By: cache-hhn1539-HHN
Server: Apache
X-Timer: S1523920765.587302,VS0,VE893
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK 142.png
community.norton.com/en/system/files/u52403/ 38 KB
38 KB 898ms
887ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u52403/142.png

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

dc4a7925c4f0cfedd61d241c752828e7f00ef175b51157711b6e0e64e5158a45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 38518
X-Served-By: cache-hhn1540-HHN
Server: Apache
X-Timer: S1523920765.596942,VS0,VE882
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK 143.png
community.norton.com/en/system/files/u52403/ 39 KB
40 KB 849ms
837ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u52403/143.png

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

064bb4f22884305f6a00103a40e866c56b4d71d396b0773bd41c255328388608

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 40409
X-Served-By: cache-hhn1524-HHN
Server: Apache
X-Timer: S1523920765.599237,VS0,VE831
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK NortonPopupSurvey_0.png
community.norton.com/en/system/files/u1933/ 25 KB
26 KB 8ms
5ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u1933/NortonPopupSurvey_0.png

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

430825fa4fe65e02d63e4684c59d0609f73202a71dd12dca90105ff768c64075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 5818
X-Cache: HIT
Connection: keep-alive
Content-Length: 26035
X-Served-By: cache-hhn1535-HHN
Server: Apache
X-Timer: S1523920765.599155,VS0,VE0
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/png
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 2

GET
H/1.1 200
OK 300x600_NortonCore_Dog.jpg
community.norton.com/en/system/files/u1933/ 25 KB
26 KB 7ms
6ms Image
image/jpeg 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://community.norton.com/en/system/files/u1933/300x600_NortonCore_Dog.jpg

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

9ca5918e618a453a212d15d9c1e6c1b5ac2b47c5cf5b10b972231b8eb0cd720c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Cookie: has_js=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CvVersion%7C2.1.0
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 2132
X-Cache: HIT
Connection: keep-alive
Content-Length: 25675
X-Served-By: cache-hhn1535-HHN
Server: Apache
X-Timer: S1523920765.611187,VS0,VE1
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Type: image/jpeg
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 1

GET
H/1.1 200
OK js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js Show response
community.norton.com/sites/default/files/js/ 115 KB
41 KB 6ms
5ms Script
application/javascript 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: bfbcffb9e362f4422b6573c8f12a3b024bb3c97b8a7a4af68db743a6db0ce4e7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1055259
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 41239
X-Served-By: cache-hhn1531-HHN
Last-Modified: Thu, 29 Mar 2018 19:22:26 GMT
Server: Apache
X-Timer: S1523920764.064223,VS0,VE0
ETag: "1cd18-568920b3a1b61-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Expires: Wed, 18 Apr 2018 18:11:45 GMT
Cache-Control: max-age=1209600
Accept-Ranges: bytes
X-Cache-Hits: 2

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/symantec/community/ 80 KB
25 KB 54ms
22ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6dd4493c04e8c3d650168bf9f65e01b46aff860070fddb345c679863367bd4fc

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Apr 2018 23:33:40 GMT
Server: nginx
ETag: W/"5ac6b254-141fa"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK js_uiF75tUtWsZIPud4DMk7FvzKr_zA8oqdtm3l-SnQKJ0.js Show response
community.norton.com/sites/default/files/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/js/js_uiF75tUtWsZIPud4DMk7FvzKr_zA8oqdtm3l-SnQKJ0.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: ba217be6d52d5ac6483ee7780cc93b16fccaaffcc0f28a9db66de5f929d0289d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 2376890
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2335
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 16:55:28 GMT
Server: Apache
X-Timer: S1523920764.209894,VS0,VE0
ETag: "1a59-567c6d3339e40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Expires: Thu, 19 Apr 2018 11:04:34 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 23
X-Cache-Hits: 1

GET
H/1.1 200
OK om_code_min.js Show response
nexus.ensighten.com/symantec/scode/ 1 KB
1 KB 11ms
11ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/scode/om_code_min.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ec96e0b16c87910af4640fa6125252c0e14f553a750a32769fa3ffa978812bb9

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Last-Modified: Tue, 29 Sep 2015 17:02:07 GMT
Server: nginx
ETag: W/"560ac40f-5e8"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK s_code.js Show response
nexus.ensighten.com/symantec/scode/ 74 KB
26 KB 13ms
13ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/scode/s_code.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3d4b82704acee8b2d9b51a6967864de483a55dbf4201e2be1ff948a03d3e11aa

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Apr 2018 18:09:37 GMT
Server: nginx
ETag: W/"5acfa0e1-128ed"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK js_tEZMmAP4t-BMppO5SuK2IwN4byWzurBZqJKX9GT3GIo.js Show response
community.norton.com/sites/default/files/js/ 2 KB
2 KB 6ms
5ms Script
application/javascript 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/js/js_tEZMmAP4t-BMppO5SuK2IwN4byWzurBZqJKX9GT3GIo.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: b4464c9803f8b7e04ca693b94ae2b62303786f25b3bab059a89297f464f7188a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 2410711
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 984
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 16:55:28 GMT
Server: Apache
X-Timer: S1523920764.241175,VS0,VE0
ETag: "8cc-567c6d3346d3b-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Expires: Thu, 19 Apr 2018 01:40:53 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 11
X-Cache-Hits: 2

GET
H/1.1 200
OK js_pYO_CYWVr1Ct_c9CoG68ONmpb48T8LzjPIauy4Bl9Kc.js Show response
community.norton.com/sites/default/files/js/ 33 KB
9 KB 6ms
6ms Script
application/javascript 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/js/js_pYO_CYWVr1Ct_c9CoG68ONmpb48T8LzjPIauy4Bl9Kc.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: a583bf098595af50adfdcf42a06ebc38d9a96f8f13f0bce33c86aecb8065f4a7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1707180
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 8671
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 16:55:28 GMT
Server: Apache
X-Timer: S1523920764.247408,VS0,VE0
ETag: "8438-567c6d335058c-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Expires: Fri, 27 Apr 2018 05:06:23 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 5
X-Cache-Hits: 213

GET
S 200 highlight.pack.js Show response
cdn.ckeditor.com/4.4.0/full-all/plugins/codesnippet/lib/highlight/ 29 KB
12 KB 32ms
32ms Script
application/javascript 52.85.173.245
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ckeditor.com/4.4.0/full-all/plugins/codesnippet/lib/highlight/highlight.pack.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: SPDY
Server: 52.85.173.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-173-245.fra6.r.cloudfront.net
Software: Apache /
Resource Hash: c9a8d3684a43c3c40685f5327817aaa737ffc5c47f1c6c59393c5f2b4a08228a

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Sat, 04 Nov 2017 16:04:50 GMT
content-encoding: gzip
last-modified: Thu, 24 Apr 2014 13:07:36 GMT
server: Apache
age: 14109274
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000
x-amz-cf-id: 523Ks_52gy2P41xkeJA78sR1iVCcTN8y8_qloPEC606jWA9bmPB8bQ==
via: 1.1 c438f26ccd08e3dcd1f5cc4a61417fde.cloudfront.net (CloudFront)
expires: Sun, 04 Nov 2018 16:04:50 GMT

GET
H/1.1 200
OK js_4Hq00IqPpuckT7fdiX-Y_avKxur4vRvlUPqi6pnMxIw.js Show response
community.norton.com/sites/default/files/js/ 44 KB
10 KB 6ms
6ms Script
application/javascript 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/default/files/js/js_4Hq00IqPpuckT7fdiX-Y_avKxur4vRvlUPqi6pnMxIw.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: e07ab4d08a8fa6e7244fb7dd897f98fdabcac6eaf8bd1be550faa2ea99ccc48c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1581989
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 10071
X-Served-By: cache-hhn1531-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 16:55:28 GMT
Server: Apache
X-Timer: S1523920764.279924,VS0,VE0
ETag: "af00-567c6d3353476-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Expires: Sat, 28 Apr 2018 15:52:55 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 1
X-Cache-Hits: 254

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610

0
-1 B

733ms
185ms

XHR

34.210.106.222
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 34.210.106.222 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-210-106-222.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:25 GMT
Access-Control-Allow-Origin: https://community.norton.com
X-TID: +qgZmCoJR3E=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:25 GMT
Access-Control-Allow-Origin: https://community.norton.com
X-TID: +qgZmCoJR3E=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 2009 00:00:00 GMT

GET
H/1.1 200
OK auto-complete-throbber.gif
community.norton.com/sites/all/themes/norton/images/ 1 KB
2 KB 6ms
6ms Image
image/gif 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://community.norton.com/sites/all/themes/norton/images/auto-complete-throbber.gif
Requested by: Host: community.norton.com
URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: fc6812d7f97a63c5cbf955a840294e0b60400f35dfe8871206471897f25f767e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
Cookie: has_js=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CvVersion%7C2.1.0
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1038158
X-Cache: HIT
Connection: keep-alive
Content-Length: 1328
X-Served-By: cache-hhn1535-HHN
Accept-Ranges: bytes
Last-Modified: Thu, 29 Mar 2018 19:20:19 GMT
Server: Apache
X-Timer: S1523920765.630991,VS0,VE0
ETag: "530-5689203a5df6b"
Content-Type: image/gif
Expires: Wed, 18 Apr 2018 22:56:47 GMT
Cache-Control: max-age=1209600
X-Varnish-Hits: 8
X-Cache-Hits: 1

GET
H/1.1 200
OK ui-sce327bfe3a.png
community.norton.com/sites/all/themes/norton/images/sprites/ 5 KB
6 KB 6ms
6ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://community.norton.com/sites/all/themes/norton/images/sprites/ui-sce327bfe3a.png
Requested by: Host: community.norton.com
URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: 309af58d086cd71e543b431cfb70ab9dcdaec751d9be7f1adf6cc717f7ae6777

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
Cookie: has_js=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CvVersion%7C2.1.0
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 1680930
X-Cache: HIT
Connection: keep-alive
Content-Length: 5460
X-Served-By: cache-hhn1535-HHN
Accept-Ranges: bytes
Last-Modified: Tue, 27 Mar 2018 21:55:46 GMT
Server: Apache
X-Timer: S1523920765.643380,VS0,VE1
ETag: "1554-5686bf3ed24f3"
Content-Type: image/png
Expires: Fri, 27 Apr 2018 12:23:53 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 7
X-Cache-Hits: 1

GET
H/1.1 200
OK norton.woff
community.norton.com/sites/all/themes/norton/css/font-icons/font/ 17 KB
17 KB 11ms
6ms Font
application/font-woff 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/all/themes/norton/css/font-icons/font/norton.woff?92384234
Requested by: Host: community.norton.com
URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: d9d1e0fdfbc1d9b360081b8f101b1e1bc39a137a05cda0705d596848b4147941

Request headers

Pragma: no-cache
Origin: https://community.norton.com
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: */*
Referer: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
Cookie: has_js=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CvVersion%7C2.1.0
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://community.norton.com/sites/default/files/css/css_z1kmiMxNFF2VkTl5ROLB9Uzv2NABdPQI6ti2Rg2x5m0.css
Origin: https://community.norton.com

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 2393995
X-Cache: HIT
Connection: keep-alive
Content-Length: 16976
X-Served-By: cache-hhn1535-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 17:36:10 GMT
Server: Apache
X-Timer: S1523920765.636929,VS0,VE0
ETag: "4250-567c764c50e13"
Content-Type: application/font-woff
Expires: Thu, 19 Apr 2018 06:19:29 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 13
X-Cache-Hits: 1

GET
H/1.1 200
OK extlink_s.png
community.norton.com/sites/all/modules/contrib/extlink/ 153 B
659 B 6ms
5ms Image
image/png 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://community.norton.com/sites/all/modules/contrib/extlink/extlink_s.png
Requested by: Host: community.norton.com
URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: 36e06adf8ae9795e359eee78d24e09452454d9b960b88e40a0695b0181270247

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://community.norton.com/sites/default/files/css/css_ejsSqUiuAnyU3g11JQXiJ6iMk8csEmGGto82soMgaKI.css
Cookie: has_js=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CvVersion%7C2.1.0
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/sites/default/files/css/css_ejsSqUiuAnyU3g11JQXiJ6iMk8csEmGGto82soMgaKI.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-Varnish-Cache: HIT
Date: Mon, 16 Apr 2018 23:19:24 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 2423113
X-Cache: HIT
Connection: keep-alive
Content-Length: 153
X-Served-By: cache-hhn1535-HHN
Accept-Ranges: bytes
Last-Modified: Mon, 19 Mar 2018 17:36:10 GMT
Server: Apache
X-Timer: S1523920765.686127,VS0,VE0
ETag: "99-567c764c1687e"
Content-Type: image/png
Expires: Wed, 18 Apr 2018 22:14:11 GMT
Cache-Control: max-age=2592000
X-Varnish-Hits: 333
X-Cache-Hits: 121

GET
S 200 fql Show response
graph.facebook.com/ 226 B
578 B 57ms
43ms Script
text/javascript 185.60.216.15
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/fql?q=SELECT%20url,%20normalized_url,%20share_count,%20like_count,%20comment_count,%20total_count,commentsbox_count,%20comments_fbid,%20click_count%20FROM%20link_stat%20WHERE%20url=%27http%3A%2F%2Fnr.tn%2F2mImB8p%27&callback=jQuery1720798421172441854_1523920764596&_=1523920764695

Requested by

Host: community.norton.com
URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js

Protocol

SPDY

Server

185.60.216.15 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

8afe8cffc8c1ddc35de8bdda7a7adfeb2970c9a195adac814ec9ba4f8620450d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#12) fql is deprecated for versions v2.1 and higher"
status: 200
x-fb-rev: 3817011
content-length: 196
pragma: no-cache
x-fb-debug: 4LpBqbOQXXzIWDNDyrU1thNt2LVv+qTvPHoujGYVCufj7AXmpVEsJauENTvfXHvDvTnbjLChP0HKTBSKDKxxjQ==
x-fb-trace-id: D/QOGCcTB88
date: Mon, 16 Apr 2018 23:19:24 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store
facebook-api-version: v2.6
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 share Show response
www.linkedin.com/countserv/count/ 114 B
1 KB 130ms
102ms Script
text/javascript 185.63.145.1
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin.com/countserv/count/share?format=jsonp&url=http%3A%2F%2Fnr.tn%2F2mImB8p&callback=jQuery1720798421172441854_1523920764597&_=1523920764696

Requested by

Host: community.norton.com
URL: https://community.norton.com/sites/default/files/js/js_v7z_ueNi9EIrZXPI8So7AkuzyXuKekr2jbdDptsM5Oc.js

Protocol

SPDY

Server

185.63.145.1 , United States, ASN14413 (LINKEDIN - LinkedIn Corporation, US),

Reverse DNS

Software

Apache-Coyote/1.1 /

Resource Hash

6182799a9818e74aaec22983151a50d32d758131cbadbff7aebe908b62b5010d

Security Headers

Name	Value
Content-Security-Policy	default-src ; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://.linkedin.com dms.licdn.com; img-src data: blob: ; font-src data: ; style-src 'unsafe-inline' 'self' static-src.linkedin.com .licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com .ads.linkedin.com .licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: ; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
x-li-uuid: SC2CQtUNJhUAcJKEFysAAA==
server: Apache-Coyote/1.1
pragma: no-cache
x-li-pop: prod-efr5
x-frame-options: sameorigin
strict-transport-security: max-age=2592000
content-type: text/javascript;charset=UTF-8
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
x-li-fabric: prod-lva1
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sharrre.php Show response
community.norton.com/sites/all/themes/norton/ 40 B
641 B 574ms
573ms XHR
application/json 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://community.norton.com/sites/all/themes/norton/sharrre.php?url=http%3A%2F%2Fnr.tn%2F2mImB8p&type=googlePlus
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache /
Resource Hash: 67ac532405dcf69ba39d1a3d6c6843518651373a64539d33001ca61c05a5f6e5

Request headers

Pragma: no-cache
X-NewRelic-ID: VwMBVVFACwsAUlZUAg==
Accept-Encoding: gzip, deflate
Host: community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Cookie: has_js=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CvVersion%7C2.1.0
Connection: keep-alive
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Accept: application/json, text/javascript, */*; q=0.01
X-NewRelic-ID: VwMBVVFACwsAUlZUAg==
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 60
X-Served-By: cache-hhn1535-HHN
X-NewRelic-App-Data: PxQEVFBXDxADXFFUAAcCREgTYVYAMhEDXhFZAUxRW1xvSmwTWD0cEQ1CUhI6TFlfXDhOFl9UWgMXbRldDRQXDV4+FxFQWUZAQQAXEVkREU5UGAdRVlMIHwBKUVQDCQBKSQAaEVVXUQFVVwlXClsFVgMHXVYTTVUDCEVSPA==
Server: Apache
X-Timer: S1523920765.698424,VS0,VE568
Vary: Accept-Encoding
Content-Type: application/json
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/symantec/community/ 955 B
710 B 8ms
8ms Script
text/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/serverComponent.php?r=26695750.218435444&ClientID=21&PageID=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious%3Fpage_name%3Dnorton.com%3Aus%3Acommunity%3Athreads%3Anorton%20products%3Anorton%20internet%20security%20%7C%20norton%20360%20%7C%20norton%20antivirus%3Aimgburn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious%26site_country%3Dus%26site_language%3Den%26site_section%3Dnorton.com%26visitor_segment%3Dmissing%26path%3D%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious%26siteCode%3Dcommunity
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c933cf8bbbf5ebf2c9f8cab2e88dc8ed1beef40a4639545cd72ee439d814eced

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: no-cache, no-store
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 16 Apr 2018 23:19:23 GMT

GET
H/1.1 200
OK aa9aa6597242e739933252f1c914ffba.js Show response
nexus.ensighten.com/symantec/community/code/ 2 KB
1 KB 6ms
6ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/code/aa9aa6597242e739933252f1c914ffba.js?conditionId0=381995
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9f82dee8bce6649e3a34aa96d14e03915ec18b66073d68f5af39958d2eb6825a

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Mar 2018 17:15:08 GMT
Server: nginx
ETag: W/"5aaff01c-7c0"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK 3ea98d1874d4440bd912bfc3fdf50c25.js Show response
nexus.ensighten.com/symantec/community/code/ 3 KB
1 KB 12ms
6ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/code/3ea98d1874d4440bd912bfc3fdf50c25.js?conditionId0=423130
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b4117b76bcecab61c75a6aca997f8708821ae41072c9f6833cfc4cf0f26c8c02

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Mar 2018 17:09:16 GMT
Server: nginx
ETag: W/"5ab3e33c-b2b"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK 805a89ca98add867d18b8a2aeff37ded.js Show response
nexus.ensighten.com/symantec/community/code/ 226 B
518 B 18ms
6ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/code/805a89ca98add867d18b8a2aeff37ded.js?conditionId0=483361
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b363dec7bae0c722b0564d5fcf7c7d14ca22281575ce9b2fd709ebdde295f058

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Last-Modified: Mon, 30 Jan 2017 22:03:13 GMT
Server: nginx
ETag: "588fb821-e2"
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 226

GET
H/1.1 200
OK 1b4b6994caf897cc2f9edcd429696557.js Show response
nexus.ensighten.com/symantec/community/code/ 17 KB
5 KB 25ms
7ms Script
application/javascript 35.157.8.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/code/1b4b6994caf897cc2f9edcd429696557.js?conditionId0=363347
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: HTTP/1.1
Server: 35.157.8.66 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-8-66.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bcc1e37d696d22ba7a1966747a4f1f083fb7919e88e4567dc55dc50e9f29d6f1

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Dec 2017 00:23:23 GMT
Server: nginx
ETag: W/"5a27387b-4569"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK ba8482fe6af45555a52d9392cb0371ef.js Show response
nexus.ensighten.com/symantec/community/code/ 623 B
916 B 22ms
6ms Script
application/javascript 35.156.237.78
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/symantec/community/code/ba8482fe6af45555a52d9392cb0371ef.js?conditionId0=368310
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: HTTP/1.1
Server: 35.156.237.78 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-156-237-78.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0906b66ca9c6e07279c1d7c05703c3c785f7a47baa622aa72adc3bafb4d34eb6

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Last-Modified: Mon, 19 Mar 2018 17:15:08 GMT
Server: nginx
ETag: "5aaff01c-26f"
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 623

GET
S 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 15 KB
6 KB 15ms
14ms Script
text/javascript 216.58.214.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js

Protocol

SPDY

Server

216.58.214.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f98.1e100.net

Software

cafe /

Resource Hash

6b84045e38c901e0405edd8a5d3a7c409c734220e70d1b0a468441f754f6dd6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 16 Apr 2018 23:19:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 6926662971860322445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="42,41,39,35",hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 5886
x-xss-protection: 1; mode=block
expires: Mon, 16 Apr 2018 23:19:24 GMT

GET
H/1.1 200
OK lb
secure.leadback.advertising.com/adcedge/ 49 B
860 B 372ms
93ms Image
image/gif 152.163.50.2
AOL Transit Data ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.leadback.advertising.com/adcedge/lb?site=695501&betr=sslbet_1475596982=ssprlb_1475596982[720]
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 152.163.50.2 , United States, ASN1668 (AOL-ATDN - AOL Transit Data Network, US),
Reverse DNS: m-prd-pxl-shared-mr1-blue-a.evip.aol.com
Software: Apache-Coyote/1.1 /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:24 GMT
Cache-Control: private, max-age=3600
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR LAW CUR DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.bt="Y"
Content-Length: 49
Content-Type: image/gif

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 39 KB
13 KB 18ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

29451fb716c05b025bfb8a468767f7112baad0112dbc512d1610f64dbbad4bc0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 12439
x-xss-protection: 0
pragma: public
x-fb-debug: wnxlbj2CrCEDP5otXhtPvaVGnpVG9J1kZuYMwLjm6G66+8sAe74lP5GzxJig0+KKBcvklFpdU9/JoPR8J0tQ9Q==
x-frame-options: DENY
date: Mon, 16 Apr 2018 23:19:24 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 6ms
6ms Script
application/javascript 104.244.43.112
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/code/3ea98d1874d4440bd912bfc3fdf50c25.js?conditionId0=423130
Protocol: SPDY
Server: 104.244.43.112 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:24 GMT
content-encoding: gzip
age: 84057
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-tw-fra1-cr1-10-TWFRA1
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1523920765.780283,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
S 200 symantec.bundle.js Show response
d2vxvnufz8f5c5.cloudfront.net/ 181 KB
50 KB 89ms
29ms Script
application/javascript 52.85.173.78
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2vxvnufz8f5c5.cloudfront.net/symantec.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: SPDY
Server: 52.85.173.78 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-173-78.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a1e99f6fb92decec3de9730b43f12120c57b9524f9acebf81c9af854d1626518

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 18:48:33 GMT
content-encoding: gzip
age: 16252
x-amz-meta-recsites: 59
x-amz-meta-version: 1.0.0-3114-094992b5d443f3d9485a385007b076ce49d5a993
status: 200
x-amz-meta-companyid: 52
x-cache: Hit from cloudfront
x-amz-meta-siteid: 59
x-amz-meta-name: symantec
last-modified: Mon, 16 Apr 2018 18:48:24 GMT
server: AmazonS3
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e482e2c19d6e57adc72e19f731c7bf44.cloudfront.net (CloudFront)
x-amz-cf-id: gcUvtgGkBPB2xtTf0HpzjAcwaGw5tVntgUDhBSmEgvTiijO0y0iJ8w==

GET
S 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1043330685/ 2 KB
1 KB 17ms
17ms Script
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1043330685/?random=1523920764782&cv=9&fst=1523920764782&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&tiba=ImgBurn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious%20%7C%20Norton%20Community&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

981f3e0c357bb563a112786a9abe50adfa37da5f09929c0730dd84fcba5d464c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Apr 2018 23:19:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="42,41,39,35",hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 994
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 adsct
t.co/i/ 43 B
166 B 118ms
117ms Image
image/gif 104.244.42.197
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuzip&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

SPDY

Server

104.244.42.197 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 112
pragma: no-cache
last-modified: Mon, 16 Apr 2018 23:19:24 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d4c39c1439f8bb0703c24b626486a1b9
x-transaction: 002f5ba100fb6053
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
S 200 2010787619164716 Show response
connect.facebook.net/signals/config/ 56 KB
15 KB 6ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2010787619164716?v=2.8.12&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

9af73d6cf0fc8b723f4463d27ad61885c4b94fce1c3e20b6801ad74862e858bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15266
x-xss-protection: 0
pragma: public
x-fb-debug: /BnqjDA7kVzRLz5JcAxMUFFocEs7hV/bFiHVyhV660hjEBfEiyOlEofmA5nGTlIyXUF/i/6M24CQ2KzRAeZfYw==
date: Mon, 16 Apr 2018 23:19:24 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 /
www.google.com/ads/user-lists/1043330685/ 42 B
107 B 14ms
14ms Image
image/gif 216.58.214.100
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/user-lists/1043330685/?random=1523920764782&cv=9&fst=1523919600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&tiba=ImgBurn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious%20%7C%20Norton%20Community&async=1&fmt=3&cdct=2&is_vtc=1&random=4057812864&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

SPDY

Server

216.58.214.100 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f4.1e100.net

Software

adclick_server /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Apr 2018 23:19:24 GMT
x-content-type-options: nosniff
server: adclick_server
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.com.ua/ads/user-lists/1043330685/ 42 B
107 B 14ms
13ms Image
image/gif 216.58.214.99
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.ua/ads/user-lists/1043330685/?random=1523920764782&cv=9&fst=1523919600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&tiba=ImgBurn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious%20%7C%20Norton%20Community&async=1&fmt=3&cdct=2&is_vtc=1&random=4057812864&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

SPDY

Server

216.58.214.99 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f99.1e100.net

Software

adclick_server /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Apr 2018 23:19:24 GMT
x-content-type-options: nosniff
server: adclick_server
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
295 B 19ms
5ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=2010787619164716&ev=PageView&dl=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&rl=&if=false&ts=1523920764822&sw=1600&sh=1200&v=2.8.12&r=stable&a=tmensighten&ec=0&o=29&it=1523920764808
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Mon, 16 Apr 2018 23:19:24 GMT

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 367 B
1 KB 189ms
189ms XHR
application/json 34.210.106.222
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1523920764610
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 34.210.106.222 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-210-106-222.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 002dbad77b300dce55017448fd4b95cf4a31172702e2911ffa2fa67ac299f8ef

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id: 50AC5DA7EF2F9FE25973D702CC7AAC4
Origin: https://community.norton.com
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: usw2-prod-dcs-6c448eb0.edge-usw2.demdex.com 5.26.5.20180413144530 5ms
Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:25 GMT
Content-Encoding: gzip
X-TID: 6cH2ib3SSe8=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://community.norton.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Content-Length: 300
Expires: Thu, 01 Jan 2009 00:00:00 GMT

GET
H/1.1 200
OK id Show response
oms.symantec.com/ 49 B
470 B 96ms
18ms XHR
application/x-javascript 63.140.40.91
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://oms.symantec.com/id?d_visid_ver=2.1.0&d_fieldgroup=A&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&mid=35362638877209888241127809696239581087&ts=1523920765539
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 63.140.40.91 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS: symantec.com.ssl.d1.sc.omtrdc.net
Software: Omniture DC/2.0.0 /
Resource Hash: c10e66deada6c0078a338bc17ca8388cbfaf71fb34a9e180336304908212a5d2

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Origin: https://community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Mon, 16 Apr 2018 23:19:25 GMT
Server: Omniture DC/2.0.0
xserver: www163
Vary: Origin
Access-Control-Allow-Methods: GET, POST, DELETE
P3P: CP="This is not a P3P policy"
Access-Control-Allow-Origin: https://community.norton.com
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/x-javascript
Keep-Alive: timeout=15
Content-Length: 49
X-C: ms-6.1.5

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=WtUvfQAAAjeCnRKk
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=35556756328370207131147803906437053230
https://dpm.demdex.net/ibs:dpid=411&dpuuid=WtUvfQAAAjeCnRKk

42 B
767 B

190ms
190ms

Image
image/gif

34.210.106.222
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=411&dpuuid=WtUvfQAAAjeCnRKk
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 34.210.106.222 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-210-106-222.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

DCS: usw2-prod-dcs-09207bee4.edge-usw2.demdex.com 5.26.5.20180413144530 7ms
Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:25 GMT
X-TID: nXDy0bXURuk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 2009 00:00:00 GMT

Redirect headers

Date: Mon, 16 Apr 2018 23:19:25 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=WtUvfQAAAjeCnRKk
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK s3922953276232
oms.symantec.com/b/ss/symanteccom,symantechho/1/JS-2.7.0/ 43 B
550 B 21ms
21ms Image
image/gif 63.140.40.91
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://oms.symantec.com/b/ss/symanteccom,symantechho/1/JS-2.7.0/s3922953276232?AQB=1&ndh=1&pf=1&t=16%2F3%2F2018%2023%3A19%3A25%201%200&mid=35362638877209888241127809696239581087&aamlh=9&ce=UTF-8&pageName=norton.com%3Aus%3Acommunity%3Athreads%3Anorton%20products%3Anorton%20internet%20security%20%7C%20norton%20360%20%7C%20norton%20antivirus%3Aimgburn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious&g=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&server=symantec&events=event69%2Cevent79%3D22&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c2=us&c3=en&c14=symcom&c15=Vulnerability%20Protection%2CWindows%2010&v16=symcom&v18=D%3DpageName&v27=us&v28=en&c35=norton.com%3Aus%3Acommunity%3Athreads%3Anorton%20products%3Anorton%20internet%20security%20%7C%20norton%20360%20%7C%20norton%20antivirus%3Aimgburn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious&c41=norton.com&v41=norton.com&c46=html&c47=page&v47=s_code&c48=Norton%20Internet%20Security%20%7C%20Norton%20360%20%7C%20Norton%20AntiVirus&v48=Community&c49=Community&v49=Norton%20Internet%20Security%20%7C%20Norton%20360%20%7C%20Norton%20AntiVirus&v57=35362638877209888241127809696239581087&v72=norton.com&c75=D%3Dv57&v92=unsolved&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: HTTP/1.1
Server: 63.140.40.91 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS: symantec.com.ssl.d1.sc.omtrdc.net
Software: Omniture DC/2.0.0 /
Resource Hash: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:25 GMT
X-C: ms-6.1.5
P3P: CP="This is not a P3P policy"
Connection: Keep-Alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 17 Apr 2018 23:19:25 GMT
Server: Omniture DC/2.0.0
xserver: www160
ETag: "3272594923772248064-6875168229057139981"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Keep-Alive: timeout=15
Expires: Sun, 15 Apr 2018 23:19:25 GMT

GET
H/1.1

200

Cookie set SAML2 Show response
login.norton.com/sso/idp/ Frame 7D13
Redirect Chain

https://community.norton.com/en/sso-get-norton-passive-url
https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p4...

6 KB
4 KB

687ms
167ms

Document
text/html

104.40.62.153
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D

Requested by

Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.40.62.153 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

sso /

Resource Hash

02a349948b9a23badd4aa2ede5ac82bf03c3b783fcb4f9efc9f1f7bb7eeec199

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: login.norton.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Cookie: s_nr=1523920765638-New; event69=event69; channelStack=s_eVar72~norton.com; s_eVar63=%5B%5BB%5D%5D; s_eVar70=%5B%5BB%5D%5D; s_eVar72=%5B%5BB%5D%5D; s_gpv=norton.com%3Aus%3Acommunity%3Athreads%3Anorton%20products%3Anorton%20internet%20security%20%7C%20norton%20360%20%7C%20norton%20antivirus%3Aimgburn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious; s_cc=true
Connection: keep-alive
Cache-Control: no-cache
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:25 GMT
Content-Encoding: gzip
Server: sso
Cache-Control: no-cache no-store
Vary: Accept-Encoding
P3P: CP="IDC DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Via: 1.1 login.norton.com
Set-Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en; Path=/; Secure JSESSIONID=F765866E3F41B17DCCEA36BF9389F886.jvmroute8081; Path=/sso; Secure; HttpOnly
Connection: Keep-Alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=15, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:25 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
Transfer-Encoding: chunked
X-Cache: MISS
Connection: keep-alive
X-Served-By: cache-hhn1531-HHN
Server: Apache
X-Timer: S1523920765.117432,VS0,VE598
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Location: https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Accept-Ranges: bytes
X-Drupal-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK loading_animation.gif
static.nortoncdn.com/static/sso/longlived/images/ Frame 7D13 6 KB
6 KB 42ms
5ms Image
image/gif 2.18.232.65
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.nortoncdn.com/static/sso/longlived/images/loading_animation.gif
Requested by: Host: login.norton.com
URL: https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D
Protocol: HTTP/1.1
Server: 2.18.232.65 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2fbdc600988b0c0deb30d8e6877917a845a2f404781a088d0913cdd6021cdc2f

Request headers

Referer: https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Mon, 16 Apr 2018 23:19:26 GMT
Last-Modified: Wed, 21 Mar 2018 01:24:54 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "17fd-567e20ee96580"
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6141

GET
S 200 nr-1071.min.js Show response
js-agent.newrelic.com/ 23 KB
9 KB 29ms
5ms Script
application/javascript 151.101.114.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1071.min.js
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: SPDY
Server: 151.101.114.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
content-encoding: gzip
x-amz-request-id: 4FA97F9146AC1E0C
x-cache: HIT
status: 200
content-length: 9086
x-amz-id-2: 2u+ePBLq0i+86Rc6Ty4s1JjLllOr+DvppPFIKi56RBFSrYzKnBNjQJjsdHXpgMCr0P5LWmRHmOY=
x-served-by: cache-hhn1521-HHN
last-modified: Wed, 28 Feb 2018 23:33:31 GMT
server: AmazonS3
x-timer: S1523920766.481336,VS0,VE0
etag: "a1a545c95f313a230157b47dca555c25"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 34177

GET
S 200 bat.js Show response
bat.bing.com/ 14 KB
5 KB 60ms
36ms Script
application/javascript 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: SPDY
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: 8f664e230aa5f9c01e7759b2762c67627c3349d02d199654162b35ab14b641aa

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:25 GMT
content-encoding: gzip
last-modified: Wed, 04 Apr 2018 18:25:28 GMT
x-msedge-ref: Ref A: B5BB8A15C2A44E18A4D21D2960497733 Ref B: FRAEDGE0507 Ref C: 2018-04-16T23:19:26Z
status: 200
etag: "0dc734e42ccd31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 4430

GET
S 200 adsct Show response
analytics.twitter.com/i/ 31 B
329 B 133ms
133ms Script
application/javascript 104.244.42.195
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuzip&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

SPDY

Server

104.244.42.195 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 127
pragma: no-cache
last-modified: Mon, 16 Apr 2018 23:19:26 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d3f0935f96d9dc05be6e197c1c86c1c4
x-transaction: 00c99d1a00e267cd
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
S 200 / Show response
graph.facebook.com/ 177 B
508 B 65ms
47ms Fetch
application/json 185.60.216.15
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious

Requested by

Host: d2vxvnufz8f5c5.cloudfront.net
URL: https://d2vxvnufz8f5c5.cloudfront.net/symantec.bundle.js

Protocol

SPDY

Server

185.60.216.15 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b613e1a3c0f8169b1827124f79bea7d8a22dbe743e6798d9ad2d43cf149d5463

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Origin: https://community.norton.com

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
etag: "8a3261f310afc6cb495207d50ed5f7503417d4f6"
status: 200
x-fb-rev: 3817011
content-length: 145
pragma: no-cache
x-fb-debug: DYtmzlaEQpe0RbYHjGCkNTyRVtG4VrTmrF37lK92N4U2ghopBlXAnO3CnRLCXzZCTKfJCZ9U0CrA3+1R1sKxRg==
x-fb-trace-id: DH2zQQLUAje
date: Mon, 16 Apr 2018 23:19:26 GMT
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.6
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 sa-tracker-2-9-0.js Show response
d346whrrklhco7.cloudfront.net/ 74 KB
25 KB 45ms
9ms Script
application/javascript 52.85.177.95
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d346whrrklhco7.cloudfront.net/sa-tracker-2-9-0.js
Requested by: Host: d2vxvnufz8f5c5.cloudfront.net
URL: https://d2vxvnufz8f5c5.cloudfront.net/symantec.bundle.js
Protocol: SPDY
Server: 52.85.177.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-177-95.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 05 Apr 2018 19:09:10 GMT
content-encoding: gzip
last-modified: Thu, 05 Apr 2018 15:42:42 GMT
server: AmazonS3
age: 14953
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-id: VeL8r7Pah5UsTh0ZDE54ToiWQUvRLvknHdLIQYa5dn2A8z9qT7FxsA==
via: 1.1 b451ce1932d9b97c4ef54f2f37ecb931.cloudfront.net (CloudFront)

GET
S 200 analytics.js Show response
www.google-analytics.com/ 35 KB
14 KB 6ms
5ms Script
text/javascript 216.58.210.14
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: d2vxvnufz8f5c5.cloudfront.net
URL: https://d2vxvnufz8f5c5.cloudfront.net/symantec.bundle.js

Protocol

SPDY

Server

216.58.210.14 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 13 Nov 2017 20:19:12 GMT
server: Golfe2
age: 2238
date: Mon, 16 Apr 2018 22:42:08 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 14597
expires: Tue, 17 Apr 2018 00:42:08 GMT

GET
S

200

i
t1.os-data.com/
Redirect Chain

https://t1.os-data.com/i?tna=pixel&aid=symantec&e=se&se_ca=pixel&se_ac=page-view&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%...
https://t1.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22...

43 B
334 B

109ms
109ms

Image
image/gif

52.202.159.105
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t1.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22data%22:%7B%22company_id%22:52,%22site_id%22:59%7D%7D%5D%7D&aid=symantec&tna=pixel&se_ac=page-view&se_ca=pixel&n3pc=true
Protocol: SPDY
Server: 52.202.159.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-159-105.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
server: akka-http/10.0.9
status: 200
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-type: image/gif
content-length: 43

Redirect headers

date: Mon, 16 Apr 2018 23:19:26 GMT
server: akka-http/10.0.9
status: 302
location: https://t1.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22data%22:%7B%22company_id%22:52,%22site_id%22:59%7D%7D%5D%7D&aid=symantec&tna=pixel&se_ac=page-view&se_ca=pixel&n3pc=true
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0

GET
H/1.1 200
OK px
secure.adnxs.com/ 0
591 B 54ms
14ms Image
text/html 185.33.223.220
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?bidder=157&qsdata=campaign%3D1021%26label%3Dpage-view%26data%3D%26url%3Dhttps%253A%252F%252Fcommunity.norton.com%252Fen%252Fforums%252Fimgburn-all-sudden-been-identified-potential-malicious%26aid%3D%26crid%3D%26sid%3D%26onespotId%3D%26trackerId%3D%26pageviewId%3D%26ignore_wp%3Dfalse

Protocol

HTTP/1.1

Server

185.33.223.220 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:28 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 309.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.26:80
AN-X-Request-Uuid: 1fc54079-f74a-4813-8ade-1b352d398a37
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
S 200 ebOneTag.js Show response
secure-ds.serving-sys.com/SemiCachedScripts/ 44 KB
13 KB 31ms
6ms Script
application/javascript 2.20.20.209
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/symantec/community/Bootstrap.js
Protocol: SPDY
Server: 2.20.20.209 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ARR/2.5, ASP.NET
Resource Hash: eb84e9ff649d59f9fe2acf667f1f46ceeab0523018ff8c4abbd562b9fdb74b81

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
content-encoding: gzip
etag: "0dfd34941b5d31:0"
last-modified: Tue, 06 Mar 2018 11:50:14 GMT
server: Microsoft-IIS/8.5
status: 200
x-powered-by: ARR/2.5, ASP.NET
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=520
accept-ranges: bytes
content-length: 13353

GET
S 200 collect
www.google-analytics.com/r/ 35 B
124 B 14ms
13ms Image
image/gif 216.58.210.14
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j66&a=1257683032&t=pageview&_s=1&dl=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&ul=en-us&de=UTF-8&dt=ImgBurn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious%20%7C%20Norton%20Community&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=465171749&gjid=35114653&cid=977465782.1523920766&tid=UA-35809374-66&_gid=895035639.1523920766&_r=1&z=724880130

Protocol

SPDY

Server

216.58.210.14 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Apr 2018 23:19:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK d64731b77f Show response
bam.nr-data.net/1/ 57 B
261 B 481ms
120ms Script
text/javascript 162.247.242.18
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/d64731b77f?a=3806765&v=1071.385e752&to=MgAGbUVZWREHAERdCgtKJVpDUVgMSQ1fUAA6FQVeUmdBCwMU&rst=3084&ref=https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious&ap=622&be=640&fe=3044&dc=1212&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1523920763413,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:6,%22c%22:6,%22s%22:12,%22ce%22:26,%22rq%22:26,%22rp%22:631,%22rpe%22:636,%22dl%22:633,%22di%22:1213,%22ds%22:1213,%22de%22:1289,%22dc%22:3044,%22l%22:3044,%22le%22:3055%7D,%22navigation%22:%7B%7D%7D&at=HkcFGw1DSh8%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1071.min.js
Protocol: HTTP/1.1
Server: 162.247.242.18 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-6.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

GET
S

302

OneTagDefaultConfig.json Show response
secure-ds.serving-sys.com/BurstingCachedScripts/
Redirect Chain

https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/6/1806
https://secure-ds.serving-sys.com/BurstingCachedScripts/OneTagDefaultConfig.json

0
-1 B

133ms
118ms

XHR

2.20.20.209
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/OneTagDefaultConfig.json
Protocol: SPDY
Server: 2.20.20.209 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: AkamaiGHost /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 302
date: Mon, 16 Apr 2018 23:19:26 GMT
server: AkamaiGHost
access-control-allow-origin: *
accept-ranges: bytes
content-length: 0
location: https://secure-ds.serving-sys.com/BurstingCachedScripts/OneTagDefaultConfig.json

Redirect headers

status: 302
date: Mon, 16 Apr 2018 23:19:26 GMT
server: AkamaiGHost
access-control-allow-origin: *
accept-ranges: bytes
content-length: 0
location: https://secure-ds.serving-sys.com/BurstingCachedScripts/OneTagDefaultConfig.json

OPTIONS
S 200 tp2 Show response
t1.os-data.com/com.snowplowanalytics.snowplow/ 0
168 B 313ms
104ms XHR
text/plain 18.233.14.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://t1.os-data.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: community.norton.com
URL: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Protocol: SPDY
Server: 18.233.14.232 Cambridge, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-233-14-232.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

status: 200
date: Mon, 16 Apr 2018 23:19:26 GMT
access-control-allow-credentials: true
server: akka-http/10.0.9
access-control-allow-origin: https://community.norton.com
access-control-allow-headers: Content-Type
content-length: 0

GET
S

200

i
sync.os-data.com/
Redirect Chain

https://t1.os-data.com/r/tp2?u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D145576%26dpuuid%3D%24%7BSP_UUID%7D%26redir%3Dhttps%253A%252F%252Fsync.os-data.com%252Fi%253Ftna%253Dpixel%2526aid%253Daam-...
https://dpm.demdex.net/ibs:dpid=145576&dpuuid=bc8938e6-a408-45f6-b779-909f37426cd5&redir=https%3A%2F%2Fsync.os-data.com%2Fi%3Ftna%3Dpixel%26aid%3Daam-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26s...
https://sync.os-data.com/i?tna=pixel&aid=aam-sync&e=se&se_ca=uuid&se_ac=sync&se_la=35556756328370207131147803906437053230&se_pr=aam&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fc...

43 B
334 B

109ms
108ms

Image
image/gif

52.202.159.105
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.os-data.com/i?tna=pixel&aid=aam-sync&e=se&se_ca=uuid&se_ac=sync&se_la=35556756328370207131147803906437053230&se_pr=aam&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D
Protocol: SPDY
Server: 52.202.159.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-159-105.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:27 GMT
server: akka-http/10.0.9
status: 200
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-type: image/gif
content-length: 43

Redirect headers

Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:26 GMT
X-TID: ExdCrJ6CSp4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://sync.os-data.com/i?tna=pixel&aid=aam-sync&e=se&se_ca=uuid&se_ac=sync&se_la=35556756328370207131147803906437053230&se_pr=aam&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 2009 00:00:00 GMT

GET
S

200

i
sync.os-data.com/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.os-data.com%2Fi%3Ftna%3Dpixel%26aid%3Dan-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_la%3D%24UID%26se_pr%3Dan%26co%3D%257B%2522schema%2522%25...
https://sync.os-data.com/i?tna=pixel&aid=an-sync&e=se&se_ca=uuid&se_ac=sync&se_la=303428788319361933&se_pr=an&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2...
https://sync.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%...

43 B
334 B

109ms
109ms

Image
image/gif

52.202.159.105
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22data%22:%7B%22company_id%22:52,%22site_id%22:59%7D%7D,%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/web_page/jsonschema/1-0-0%22,%22data%22:%7B%22id%22:%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D&se_pr=an&aid=an-sync&tna=pixel&se_ac=sync&se_la=303428788319361933&se_ca=uuid&n3pc=true
Protocol: SPDY
Server: 52.202.159.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-159-105.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:27 GMT
server: akka-http/10.0.9
status: 200
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-type: image/gif
content-length: 43

Redirect headers

date: Mon, 16 Apr 2018 23:19:26 GMT
server: akka-http/10.0.9
status: 302
location: https://sync.os-data.com/i?e=se&co=%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/contexts/jsonschema/1-0-0%22,%22data%22:%5B%7B%22schema%22:%22iglu:com.onespot/client/jsonschema/1-0-0%22,%22data%22:%7B%22company_id%22:52,%22site_id%22:59%7D%7D,%7B%22schema%22:%22iglu:com.snowplowanalytics.snowplow/web_page/jsonschema/1-0-0%22,%22data%22:%7B%22id%22:%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D&se_pr=an&aid=an-sync&tna=pixel&se_ac=sync&se_la=303428788319361933&se_ca=uuid&n3pc=true
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0

GET
S

200

tp2
sync.os-data.com/com.snowplowanalytics.snowplow/
Redirect Chain

https://id.rlcdn.com/467946.gif?cparams=tna%3Dpixel%26aid%3Dliveramp-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_pr%3Dliveramp%26duid%3Dd12e2dd6-a9b0-4959-a0cc-b17a622c24cd%26co%3D%257B%2522sc...
https://id.rlcdn.com/467946.gif?cparams=tna%3Dpixel%26aid%3Dliveramp-sync%26e%3Dse%26se_ca%3Duuid%26se_ac%3Dsync%26se_pr%3Dliveramp%26duid%3Dd12e2dd6-a9b0-4959-a0cc-b17a622c24cd%26co%3D%257B%2522sc...
https://sync.os-data.com/com.snowplowanalytics.snowplow/tp2?se_la=Xc1379g0hnwCcaXaMMbRWt72sA-X17DAVz0BsXfb8WgtrDSfg&tna=pixel&aid=liveramp-sync&e=se&se_ca=uuid&se_ac=sync&se_pr=liveramp&duid=d12e2d...

43 B
334 B

109ms
109ms

Image
image/gif

52.202.159.105
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.os-data.com/com.snowplowanalytics.snowplow/tp2?se_la=Xc1379g0hnwCcaXaMMbRWt72sA-X17DAVz0BsXfb8WgtrDSfg&tna=pixel&aid=liveramp-sync&e=se&se_ca=uuid&se_ac=sync&se_pr=liveramp&duid=d12e2dd6-a9b0-4959-a0cc-b17a622c24cd&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D
Protocol: SPDY
Server: 52.202.159.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-159-105.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:27 GMT
server: akka-http/10.0.9
status: 200
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-type: image/gif
content-length: 43

Redirect headers

Location: https://sync.os-data.com/com.snowplowanalytics.snowplow/tp2?se_la=Xc1379g0hnwCcaXaMMbRWt72sA-X17DAVz0BsXfb8WgtrDSfg&tna=pixel&aid=liveramp-sync&e=se&se_ca=uuid&se_ac=sync&se_pr=liveramp&duid=d12e2dd6-a9b0-4959-a0cc-b17a622c24cd&co=%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fcontexts%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%5B%7B%22schema%22%3A%22iglu%3Acom.onespot%2Fclient%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22company_id%22%3A52%2C%22site_id%22%3A59%7D%7D%2C%7B%22schema%22%3A%22iglu%3Acom.snowplowanalytics.snowplow%2Fweb_page%2Fjsonschema%2F1-0-0%22%2C%22data%22%3A%7B%22id%22%3A%2211b00aca-f2d4-433c-b3c2-7c2de23ef95f%22%7D%7D%5D%7D
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
status: 302
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif; charset=ISO-8859-1
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
S 204 0
bat.bing.com/action/ 0
148 B 35ms
34ms Image
text/plain 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5441611&Ver=2&mid=75facdb4-ca81-aedf-fb08-4884e1784aef&evt=pageLoad&sid=f772e4f7-1&lt=3055&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=ImgBurn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious%20%7C%20Norton%20Community&p=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&r=&msclkid=N&rn=2203
Protocol: SPDY
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 16 Apr 2018 23:19:25 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 05C5FAC35F2949858C0FB273F4B986F1 Ref B: FRAEDGE0507 Ref C: 2018-04-16T23:19:26Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
144 B 6ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=2010787619164716&ev=ViewContent&dl=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fforums%2Fimgburn-all-sudden-been-identified-potential-malicious&rl=&if=false&ts=1523920766559&cd[value]=&cd[currency]=&cd[content_name]=&cd[content_category]=&cd[content_ids]=&cd[content_type]=&cd[num_items]=&cd[search_string]=&cd[status]=&sw=1600&sh=1200&v=2.8.12&r=stable&a=tmensighten&ec=1&o=29&it=1523920764808
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Mon, 16 Apr 2018 23:19:26 GMT

GET
S 200 OneTagDefaultConfig.json Show response
secure-ds.serving-sys.com/BurstingCachedScripts/ 11 B
217 B 6ms
6ms XHR
application/json 2.20.20.209
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/OneTagDefaultConfig.json
Protocol: SPDY
Server: 2.20.20.209 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ARR/2.5, ASP.NET
Resource Hash: 9a0f6d26b776c4a0c7c1bdb059e4d204e3312ee5eda177cf55a43fcf033e3308

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id: 50AC5DA7EF2F9FE25973D702CC7AAC4
Origin: https://community.norton.com
Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
last-modified: Tue, 19 Dec 2017 08:44:56 GMT
server: Microsoft-IIS/8.5
x-powered-by: ARR/2.5, ASP.NET
etag: "5a9573a5a578d31:0"
status: 200
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
content-length: 11
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H/1.1 200 Serving Show response
bs.serving-sys.com/ 320 B
1 KB 585ms
546ms Script
text/html 80.252.91.52
TELECITY-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=ot&onetagid=1806&dispType=js&sync=0&sessionid=3792359790356243392&pageurl=$$https%3A//community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious$$&activityValues=$$OrderID=missing&Session=missing&Value=missing&productid=missing&Quantity=missing&Cart%20Total=missing&country=missing&customer=missing$$&ns=0&rnd=44104372267666214
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js
Protocol: HTTP/1.1
Server: 80.252.91.52 Leerdam, Netherlands, ASN15830 (TELECITY-LON, GB),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 290a53b65ca40f284e0d6b1e1663d263e704cea6ceed9c37fec9a72fbba896a6

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 16 Apr 2018 23:19:26 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="NOI DEVa OUR BUS UNI"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=UTF-8
Content-Length: 248
Expires: Sun, 05-Jun-2005 22:00:00 GMT

POST
H/1.1 200
OK Cookie set sso-norton Show response
community.norton.com/ Frame 7D13 0
686 B 183ms
181ms Document
text/html 151.101.112.214
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://community.norton.com/sso-norton

Requested by

Host: login.norton.com
URL: https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.214 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Origin: https://login.norton.com
Accept-Encoding: gzip, deflate
Host: community.norton.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control: no-cache
Referer: https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D
Cookie: has_js=1; 53038=; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; s_nr=1523920765638-New; event69=event69; channelStack=s_eVar72~norton.com; s_eVar63=%5B%5BB%5D%5D; s_eVar70=%5B%5BB%5D%5D; s_eVar72=%5B%5BB%5D%5D; s_gpv=norton.com%3Aus%3Acommunity%3Athreads%3Anorton%20products%3Anorton%20internet%20security%20%7C%20norton%20360%20%7C%20norton%20antivirus%3Aimgburn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious; s_cc=true; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=1099438348%7CMCIDTS%7C17638%7CMCMID%7C35362638877209888241127809696239581087%7CMCAAMLH-1524525565%7C9%7CMCAAMB-1524525565%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1523927965s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17645%7CvVersion%7C2.1.0
Connection: keep-alive
Content-Length: 4097
Referer: https://login.norton.com/sso/idp/SAML2?SAMLRequest=jVPbjtowEH3nK1DeE%2BfCcrEAKYVekChEQPvQF2SSgbXkS%2Bpx6O7fr0lCoasW1W%2Bx55w558xkjEyKkqaVfVYb%2BFkB2k7XnRcpFNL6ceJVRlHNkCNVTAJSm9Nt%2BnVJ4yCkpdFW51p472CPUQwRjOVaNbDFfOKtVx%2BX68%2BL1X4YDw8DSAaDMIFo1O%2BFx4LF%2FWES5oenIkpi6PVDSFjYQL%2BDQccz8Ryt12nYMHP8%2FAwTz5oK2haIFSwUWqasKw6joR%2F2%2FKi%2FixMajWj89KOpm7sEuGK25ny2tkRKiNAnrgKljdUqyLUkiJrwoiQXQ3EDzNogPnBVcHV67P%2FQFCH9sttlfrbe7hqS9JrLTCusJJgtmDPP4dtmeVPjBMhKcfv6TpHffHrTmmp8mQKtbZvpf0LH5B50oynpyllYzDMteP5a31%2FOJ20ks%2F92GgVRfcML%2F1iXUpCMi7QoDCB6v3lSIfSvmQFmryPrkj%2B6t5sJRb2nLhsLL7Y707JkhuNlUpIrLivZer%2F5vwfMhFuLDRzrNFwYvJBMsRNIUDY46TPhOZMkDsMRieI6ib2b1d5t%2BJELIA5cGaZyEHAGEbVZ%2FbVBo508ED%2FtXJ%2Fvf73pGw%3D%3D&RelayState=https%3A%2F%2Fcommunity.norton.com%2Fen%2Fsso-norton-passive&locale=en&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=YPpMcZ19wOuKl5MVR55eU9TPICWiwn778dTlo7fPHaL01THf87KLUjz3MlfGJfOiB8L4XomuHwBZhc%2BXZe%2F9zv42srmt%2FmW4EeKKfkpJFopvx69IGoOf7o8wvjcJ%2BR%2Bu0D%2BUdvEu7QFa%2BsIoVBWterhT5CRZ8lOrS247CdShQ8%2FyGKyf2PXhbpI5aQHwk8VNBH3JlP8w41HR9VbGUmvJV%2FqOMgfBXSxO9LKIJRIkBpGe41hPsYAVtFrOTWl7Iyris58aTUHCBadftFY4Qra9cJYfUwdF%2BujRcA3vdofovF5itJ67GmE5KYZc3G18vUvEc9BRbOY7qsOj5Sm%2F%2F5SAyA%3D%3D
Origin: https://login.norton.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

X-Varnish-Cache: MISS
Date: Mon, 16 Apr 2018 23:19:26 GMT
Via: 1.1 varnish-v4 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 0
X-Served-By: cache-hhn1531-HHN
Server: Apache
X-Timer: S1523920766.481292,VS0,VE176
X-Frame-Options: SAMEORIGIN
Vary: Cookie
Content-Language: en
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-control: private, no-cache, no-store, max-age=0
Set-Cookie: nortonCommunitySsoRetry=1; expires=Mon, 16-Apr-2018 23:29:26 GMT; Max-Age=600; path=/
Accept-Ranges: bytes bytes
Content-Type: text/html; charset=UTF-8
X-Drupal-Cache: MISS
X-Cache-Hits: 0

POST
S 200 tp2 Show response
t1.os-data.com/com.snowplowanalytics.snowplow/ 2 B
323 B 109ms
108ms XHR
text/plain 52.202.159.105
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://t1.os-data.com/com.snowplowanalytics.snowplow/tp2
Protocol: SPDY
Server: 52.202.159.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-159-105.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://community.norton.com/en/forums/imgburn-all-sudden-been-identified-potential-malicious
Origin: https://community.norton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Mon, 16 Apr 2018 23:19:26 GMT
server: akka-http/10.0.9
status: 200
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://community.norton.com
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
content-length: 2

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
login.norton.com/	1969-12-31 23:59:59	Name: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE Value: en
community.norton.com/	1970-01-19 00:04:16	Name: AMCV_67C716D751E567F70A490D4C%40AdobeOrg Value: 1099438348%7CMCIDTS%7C17638%7CMCMID%7C35362638877209888241127809696239581087%7CMCAAMLH-1524525565%7C9%7CMCAAMB-1524525565%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1523927965s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17645%7CvVersion%7C2.1.0
.norton.com/	1969-12-31 23:59:59	Name: s_cc Value: true
community.norton.com/	1969-12-31 23:59:59	Name: has_js Value: 1
community.norton.com/	1970-01-18 17:28:16	Name: 53038 Value:
.norton.com/	1969-12-31 23:59:59	Name: s_eVar70 Value: %5B%5BB%5D%5D
.norton.com/	1970-01-18 15:18:42	Name: s_gpv Value: norton.com%3Aus%3Acommunity%3Athreads%3Anorton%20products%3Anorton%20internet%20security%20%7C%20norton%20360%20%7C%20norton%20antivirus%3Aimgburn%20all%20of%20a%20sudden%20been%20identified%20as%20potential%20malicious
.norton.com/	1969-12-31 23:59:59	Name: s_eVar72 Value: %5B%5BB%5D%5D
.demdex.net/	1970-01-18 19:37:52	Name: demdex Value: 35556756328370207131147803906437053230
.norton.com/	1970-01-19 00:04:16	Name: channelStack Value: s_eVar72~norton.com
.norton.com/	1970-01-18 21:04:16	Name: event69 Value: event69
login.norton.com/sso	1969-12-31 23:59:59	Name: JSESSIONID Value: F765866E3F41B17DCCEA36BF9389F886.jvmroute8081
.norton.com/	1970-01-18 21:04:16	Name: s_nr Value: 1523920765638-New
community.norton.com/	1969-12-31 23:59:59	Name: AMCVS_67C716D751E567F70A490D4C%40AdobeOrg Value: 1
.norton.com/	1969-12-31 23:59:59	Name: s_eVar63 Value: %5B%5BB%5D%5D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
bam.nr-data.net
bat.bing.com
bs.serving-sys.com
cdn.ckeditor.com
cm.everesttech.net
community.norton.com
connect.facebook.net
d2vxvnufz8f5c5.cloudfront.net
d346whrrklhco7.cloudfront.net
dpm.demdex.net
googleads.g.doubleclick.net
graph.facebook.com
id.rlcdn.com
js-agent.newrelic.com
login.norton.com
nexus.ensighten.com
oms.symantec.com
secure-ds.serving-sys.com
secure.adnxs.com
secure.leadback.advertising.com
static.ads-twitter.com
static.nortoncdn.com
sync.os-data.com
t.co
t1.os-data.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.ua
www.googleadservices.com
www.linkedin.com
104.244.42.195
104.244.42.197
104.244.43.112
104.40.62.153
151.101.112.214
151.101.114.110
152.163.50.2
162.247.242.18
172.217.21.226
18.233.14.232
185.33.223.220
185.60.216.15
185.60.216.19
185.60.216.35
185.63.145.1
2.18.232.65
2.20.20.209
204.79.197.200
216.58.210.14
216.58.214.100
216.58.214.98
216.58.214.99
34.210.106.222
35.156.237.78
35.157.8.66
35.172.251.27
52.202.159.105
52.85.173.245
52.85.173.78
52.85.177.95
63.140.40.91
66.117.28.86
80.252.91.52
002dbad77b300dce55017448fd4b95cf4a31172702e2911ffa2fa67ac299f8ef
02a349948b9a23badd4aa2ede5ac82bf03c3b783fcb4f9efc9f1f7bb7eeec199
064bb4f22884305f6a00103a40e866c56b4d71d396b0773bd41c255328388608
080a1a7cebef19af6721f6f6c1876187dae1ac0816be406a36720ea8792bbfd7
0906b66ca9c6e07279c1d7c05703c3c785f7a47baa622aa72adc3bafb4d34eb6
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
208e392f0bba9e4585d38daed4e4646d60ec3a486a8ac4894c95973f0b3a9f92
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
290a53b65ca40f284e0d6b1e1663d263e704cea6ceed9c37fec9a72fbba896a6
29451fb716c05b025bfb8a468767f7112baad0112dbc512d1610f64dbbad4bc0
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2fbdc600988b0c0deb30d8e6877917a845a2f404781a088d0913cdd6021cdc2f
309af58d086cd71e543b431cfb70ab9dcdaec751d9be7f1adf6cc717f7ae6777
30f294f672fc6f9d7b74d716ed1d7f11deecca1bce021fbe0402383ad4da508f
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
36e06adf8ae9795e359eee78d24e09452454d9b960b88e40a0695b0181270247
3d4b82704acee8b2d9b51a6967864de483a55dbf4201e2be1ff948a03d3e11aa
42232630f67c8e9161f375c218fd40de48906c687d7e096acadb10765877d623
430825fa4fe65e02d63e4684c59d0609f73202a71dd12dca90105ff768c64075
45faf539c81409b11c3c700eb1f9f6af48ea7b60e5ec3fff1e737c71e1431155
4ff7d54dd5fb4aeaa57e6fc45b74a4b604da08a308b3b8bf75d1773551540bec
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280
6182799a9818e74aaec22983151a50d32d758131cbadbff7aebe908b62b5010d
67ac532405dcf69ba39d1a3d6c6843518651373a64539d33001ca61c05a5f6e5
6b84045e38c901e0405edd8a5d3a7c409c734220e70d1b0a468441f754f6dd6a
6dd4493c04e8c3d650168bf9f65e01b46aff860070fddb345c679863367bd4fc
7a3b12a948ae027c94de0d752505e227a88c93c72c126186b68f36b2832068a2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8afe8cffc8c1ddc35de8bdda7a7adfeb2970c9a195adac814ec9ba4f8620450d
8f664e230aa5f9c01e7759b2762c67627c3349d02d199654162b35ab14b641aa
95c0f2b05e6b146b94e9fda88f892725138ca515f379627be7c30d47b9f00fe7
981f3e0c357bb563a112786a9abe50adfa37da5f09929c0730dd84fcba5d464c
9a0f6d26b776c4a0c7c1bdb059e4d204e3312ee5eda177cf55a43fcf033e3308
9af73d6cf0fc8b723f4463d27ad61885c4b94fce1c3e20b6801ad74862e858bd
9ca5918e618a453a212d15d9c1e6c1b5ac2b47c5cf5b10b972231b8eb0cd720c
9f82dee8bce6649e3a34aa96d14e03915ec18b66073d68f5af39958d2eb6825a
a1e99f6fb92decec3de9730b43f12120c57b9524f9acebf81c9af854d1626518
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a583bf098595af50adfdcf42a06ebc38d9a96f8f13f0bce33c86aecb8065f4a7
a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0
aa3b190ee7a1ce174966f20d0d0f914e6f9f1f05ded06b154747dfca4096e3c7
aa9e0d094d5262f518235b3ad03fd23e4bca736153ebf5b0fe38aa33823e02ce
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b363dec7bae0c722b0564d5fcf7c7d14ca22281575ce9b2fd709ebdde295f058
b4117b76bcecab61c75a6aca997f8708821ae41072c9f6833cfc4cf0f26c8c02
b4464c9803f8b7e04ca693b94ae2b62303786f25b3bab059a89297f464f7188a
b613e1a3c0f8169b1827124f79bea7d8a22dbe743e6798d9ad2d43cf149d5463
ba217be6d52d5ac6483ee7780cc93b16fccaaffcc0f28a9db66de5f929d0289d
bcc1e37d696d22ba7a1966747a4f1f083fb7919e88e4567dc55dc50e9f29d6f1
bfbcffb9e362f4422b6573c8f12a3b024bb3c97b8a7a4af68db743a6db0ce4e7
c10e66deada6c0078a338bc17ca8388cbfaf71fb34a9e180336304908212a5d2
c933cf8bbbf5ebf2c9f8cab2e88dc8ed1beef40a4639545cd72ee439d814eced
c9a8d3684a43c3c40685f5327817aaa737ffc5c47f1c6c59393c5f2b4a08228a
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cf592688cc4d145d9591397944e2c1f54cefd8d00174f408ead8b6460db1e66d
d25aa5fdb173ce22626fd7a74eca8198a60f7b7263cb79d9a7a3a217e0615f34
d34190e5902eff0f244854e071748aaa03102d09053fc3b15ee875c3186aa01a
d9d1e0fdfbc1d9b360081b8f101b1e1bc39a137a05cda0705d596848b4147941
dc4a7925c4f0cfedd61d241c752828e7f00ef175b51157711b6e0e64e5158a45
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e07ab4d08a8fa6e7244fb7dd897f98fdabcac6eaf8bd1be550faa2ea99ccc48c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb84e9ff649d59f9fe2acf667f1f46ceeab0523018ff8c4abbd562b9fdb74b81
ec96e0b16c87910af4640fa6125252c0e14f553a750a32769fa3ffa978812bb9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
fc6812d7f97a63c5cbf955a840294e0b60400f35dfe8871206471897f25f767e

community.norton.com Open in urlscan Pro 151.101.112.214 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

79 Requests

35 %HTTPS

0 %IPv6

27 Domains

32 Subdomains

31 IPs

5 Countries

630 kBTransfer

1406 kBSize

15 Cookies

47 Outgoing links

Redirected requests

79 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

community.norton.com Open in urlscan Pro
151.101.112.214 Public Scan

Screenshot
Live screenshot

Full Image

79
Requests

35 %
HTTPS

0 %
IPv6

27
Domains

32
Subdomains

31
IPs

5
Countries

630 kB
Transfer

1406 kB
Size

15
Cookies

79 HTTP transactions
0 data transactions