securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Submission: On February 11 via api (February 11th 2021, 10:10:28 am UTC) from US

Summary HTTP 216 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 41 IPs in 6 countries across 27 domains to perform 216 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust RSA CA 2018 on March 8th 2020. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2600:9000:20e... 2600:9000:20eb:6200:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:211... 2600:9000:2111:e00:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
34	104.108.144.24 104.108.144.24	16625 (AKAMAI-AS) (AKAMAI-AS)
6	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
10	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:211... 2600:9000:2111:ec00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
15	184.30.24.22 184.30.24.22	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:215... 2600:9000:2156:6e00:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	18.195.238.30 18.195.238.30	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2606:4700:20:... 2606:4700:20::681a:a9c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	184.30.20.198 184.30.20.198	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
10	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
6	52.53.68.248 52.53.68.248	16509 (AMAZON-02) (AMAZON-02)
2	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	157.245.94.128 157.245.94.128	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1 1	104.19.135.78 104.19.135.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
4	54.74.225.211 54.74.225.211	16509 (AMAZON-02) (AMAZON-02)
2	184.30.20.185 184.30.20.185	16625 (AKAMAI-AS) (AKAMAI-AS)
216	41

44 2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:6200:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2111:e00:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 104.108.144.24 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cvision.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2111:ec00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 184.30.24.22 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-22.deploy.static.akamaitechnologies.com

lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:6e00:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.238.30 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-238-30.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:a9c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.30.20.198 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-198.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638:1::13 (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.53.68.248 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-53-68-248.us-west-1.compute.amazonaws.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.145 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.245.94.128 (United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebidserver.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e9f680da7706f81d4fff3a11616db5d1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.135.78 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

41e4d3201ceca50b7902c80ef023a9e9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.120.207.148 (United States)

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.74.225.211 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-225-211.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.30.20.185 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-185.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	media.net contextual.media.net lg3.media.net navvy.media.net cvision.media.net	571 KB
44	securityaffairs.co securityaffairs.co	1 MB
15	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com prebidserver.pixfuture.com	954 KB
13	googlesyndication.com e9f680da7706f81d4fff3a11616db5d1.safeframe.googlesyndication.com tpc.googlesyndication.com 41e4d3201ceca50b7902c80ef023a9e9.safeframe.googlesyndication.com pagead2.googlesyndication.com	24 KB
12	criteo.com 4 redirects gum.criteo.com mug.criteo.com	5 KB
12	wp.com i0.wp.com i1.wp.com i2.wp.com stats.wp.com pixel.wp.com	58 KB
11	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	457 KB
6	pubmatic.com ads.pubmatic.com hbopenbid.pubmatic.com	169 KB
5	ampproject.org cdn.ampproject.org	98 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	41 KB
4	adsrvr.org match.adsrvr.org	3 KB
4	google.com 1 redirects adservice.google.com www.google.com	1 KB
4	openx.net pixfuture2-d.openx.net eu-u.openx.net	918 B
4	adnxs.com ib.adnxs.com acdn.adnxs.com	2 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	37 KB
3	rlcdn.com api.rlcdn.com	549 B
3	googletagservices.com www.googletagservices.com	66 KB
2	google.de adservice.google.de	2 KB
2	sonobi.com apex.go.sonobi.com	1 KB
2	facebook.net connect.facebook.net	62 KB
1	mgid.com 1 redirects cm.mgid.com	971 B
1	yahoo.com c2shb.ssp.yahoo.com	389 B
1	gravatar.com secure.gravatar.com	1 KB
1	consensu.org c.sharethis.mgr.consensu.org
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
0	googleapis.com Failed fonts.googleapis.com Failed
216	27

	Domain	Requested by
44	securityaffairs.co	securityaffairs.co
30	contextual.media.net	securityaffairs.co contextual.media.net
15	lg3.media.net	securityaffairs.co contextual.media.net
10	securepubads.g.doubleclick.net	www.googletagservices.com cdn.pixfuture.com securepubads.g.doubleclick.net securityaffairs.co
8	tpc.googlesyndication.com	securepubads.g.doubleclick.net securityaffairs.co tpc.googlesyndication.com
6	navvy.media.net	contextual.media.net
6	mug.criteo.com	securityaffairs.co
6	gum.criteo.com	4 redirects
6	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com securityaffairs.co
6	served-by.pixfuture.com	securityaffairs.co served-by.pixfuture.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	match.adsrvr.org	cdn.pixfuture.com ads.pubmatic.com
4	cvision.media.net	securityaffairs.co
4	ads.pubmatic.com	securityaffairs.co cdn.pixfuture.com
4	i1.wp.com	securityaffairs.co
4	i0.wp.com	securityaffairs.co
3	api.rlcdn.com	cdn.pixfuture.com ads.pubmatic.com
3	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
3	prebidserver.pixfuture.com	cdn.pixfuture.com
3	www.googletagservices.com	securityaffairs.co securepubads.g.doubleclick.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	eu-u.openx.net	cdn.pixfuture.com
2	acdn.adnxs.com	cdn.pixfuture.com
2	www.google.com	1 redirects securityaffairs.co
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	pixfuture2-d.openx.net	cdn.pixfuture.com
2	ib.adnxs.com	cdn.pixfuture.com
2	hbopenbid.pubmatic.com	cdn.pixfuture.com
2	apex.go.sonobi.com	cdn.pixfuture.com
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	i2.wp.com	securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	googleads.g.doubleclick.net	securityaffairs.co
1	41e4d3201ceca50b7902c80ef023a9e9.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cm.mgid.com	1 redirects
1	e9f680da7706f81d4fff3a11616db5d1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c2shb.ssp.yahoo.com	cdn.pixfuture.com
1	pixel.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
1	www.googletagmanager.com	securityaffairs.co
0	fonts.googleapis.com Failed	securityaffairs.co
216	49

This site contains links to these domains. Also see Links.

Domain
github.com
www.linkedin.com
www.facebook.com
twitter.com
reddit.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust RSA CA 2018	`2020-03-08` - `2021-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2020-02-26` - `2021-05-27`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-09-18` - `2021-03-17`	6 months	crt.sh
*.google.de GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Frame ID: FAC2617E04DD0116FCB95EEDE420A993
Requests: 92 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 375F35786F79972634BD98A7E3BB4919
Requests: 1 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: FEFBC0E381EB2EFD4F1818E3223D4054
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: 101FF54C1AC0B57F4454D1F48967B9E0
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: DAB93401265C3896277D2F880D628705
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 123C4BDB68EF8FE8FB8E1B0BA8CF39FD
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: 070FC446C09B5AE25A26B29DC50B2869
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Frame ID: 0670074DD538F2AC126D98F3B735E14F
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 813438A145AFD7C838FFF14F463632F3
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 46D14F9EDC08FD35E949013A3E2B6BAE
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: E86FEC94CBA4CC4409B6D7D803F703B0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: C8B657A804E25C5C1A2614E10D46C37A
Requests: 18 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: B2EE0E4C7FC994E5EF6AD20028B667CF
Requests: 20 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV63415.js
Frame ID: 97CE8168D609EC489480C0C450A74956
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV63415.js
Frame ID: AEBC379EA6732E69F249981F7226AF86
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV63415.js
Frame ID: 3C5CC321686B55BD3AB9BD90F20BB14F
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV63415.js
Frame ID: ACAEF2C57203609C6C58B6310478F9A5
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV63415.js
Frame ID: 0D650F989F866D123CE0056F2C269026
Requests: 7 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV63415.js
Frame ID: 1D938BDF864A841959EE7BB028C92022
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 3A39761D8716CFC37B111341CB5BBE89
Requests: 10 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 706C474BA960C95D4AB9CDA742851789
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022010270040000/amp4ads-v0.mjs
Frame ID: BE1D5F944FF8AA8BDD74D143E970BDB7
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: B6B90AE3BEF3E52997CD815759798ECB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=3
Frame ID: 46514F18DE9D88F5EA549C520CC3E2BA
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8774697809D90A1A10853209818F13A0
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Frame ID: 1D5144171A3638F326332D54A74BF507
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 253623853E608FBDEA5EE93DE98E1D29
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: E41361968D97996E60E684AEAD4BD1EE
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Frame ID: FF26E61308572569D9F233EE954461B4
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 03EB4B38B42363766B9DD97FFC65A0BB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

216
Requests

97 %
HTTPS

51 %
IPv6

27
Domains

49
Subdomains

41
IPs

6
Countries

3796 kB
Transfer

6669 kB
Size

6
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/greatsuspender/thegreatsuspender/issues/1304
Title: read

Search URL Search Domain Scan URL

URL: https://github.com/greatsuspender/thegreatsuspender/issues/1263
Title: reads

Search URL Search Domain Scan URL

URL: https://github.com/greatsuspender/thegreatsuspender/issues/526
Title: post

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html&text=Watch%20out%21%20%E2%80%98The%20Great%20Suspender%E2%80%99%20Chrome%20extension%20contains%20Malware%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html&title=Watch%20out!%20%E2%80%98The%20Great%20Suspender%E2%80%99%20Chrome%20extension%20contains%20Malware
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=A40NQHxnMVZsdVVYcTFnWjJCcXB0amQxVGxwOW43VjVEUUxlY01SQ0FDL2U4QWVIYVc0Mi84QVc4bTRSdmgrekdPaElUK0l0Vks2bkIwU053K3VmKzd0SU1QV0YyOFNWZWYyWEZ3aU0vZ1d2UlNJaFYza054VWlSMWx3cUIwUUV2VUxkV0x1b1ZXTXphaktYMERIS1UralNvUThJcklsWDhwVEgzUHdaRmk4bW9UUmNMeHFNRjNWVll2ZG8ydEZLQm1CTUFPK0NwbExxRVpYRUhMcUhGMStIVzZjdkNYeWFFcml5ZENXQVJ0YTBES25RPXw&cppv=2

Request Chain 128

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=XzT30F9EclNldDZneWNDalBEang5TVglMkI5eHVHSG42QW9ubWk2bzFTUEdKOTN3eGhpbTFOYWtjYmpNQTBUak93JTJGaHBmRCUyRm5jNVNBS1B4ZEZJdGd4bXB1NjhBVGREJTJCVWRRb0ZFbFIlMkJ6bFZlYUtnNnNpa2dNY1ZyNmlIaHRWQmZUZVVLQ1U&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=qUkGnXxBRkhabGJEQU5obGkyL2FPOWk4UkJ0THBJQlVKR3k3cmlQYXF6MExIZWxaNFFDWjVuMGwvcnhmUENlOFV4cGVTVEtsZGZ0ZDRkYnZtOVMrNG5WclJ1Y2VheGRRaVFiNHpPQW52SjRDU1YzTW8zVk54ODI1cUw0ZlM0VmNuWkFzT3p2THNLdWExbEtuN0RXbDJMU1hSZGc4ZktOMTJpZ3lUbmtJQVRzbFB6MlVlNHlQeUVuWmZvWUUzaHJxYXF0a3EzSDJJdjBvaWwxbUJKRHRNSEVhUG1aSXZhY1lUaEVHOEZIVnpsTDBuQW9NNktNTS9kdWRkd0ZaeHVkZ3FYSUhwfA&cppv=2

Request Chain 139

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=Bm0f4V9EclNldDZneWNDalBEang5TVglMkI5eGxYdUlvQVFqdFFKQW96YzE0WVpvejVuR1FhSkY3Q3BXcVFhJTJCU3UzZ1YzYTM0d2paVVJiM1JVc3lrSDV0QzZVSjB4azdHV0x3NnFuSGZ6MWhmR01sVU5LeHNlUHN1S1VyQ0FaJTJCWk9KWlpmVQ&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=BmQjeHxtY0N4amNIOEJiSXkzVFlCakJHTCszdUNOTFNEUG5LMkk4YTFOalN6TWxHS29ZR1JpbmtjYTJrSlo4aE1RM3YydmhuRk5wVjA0RlMrMklXOFQ2YkZjaERvZVFhcnVNenNTZXVzYlkzL2xyU3pJMjFLU05lTXJHMUNlT2hrZ3BpcVh6VnpYTkoySkI0anBPd1JSdjdqdjhXc3Fxc3V1N2U5dlJmdk5teTY0Yld2NmMyWFNMZGNWYk5YY244OGNqZCt0c3hUS2QwamN4bk1rZzR6TGZXSFFoenRQUm04Q0M5ckYzZHFPVG9wSStjR3h1WEpMbGhFTnhHNWxLRVNSaWVNfA&cppv=2

Request Chain 158

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=Bm0f4V9EclNldDZneWNDalBEang5TVglMkI5eGxYdUlvQVFqdFFKQW96YzE0WVpvejVuR1FhSkY3Q3BXcVFhJTJCU3UzZ1YzYTM0d2paVVJiM1JVc3lrSDV0QzZVSjB4azdHV0x3NnFuSGZ6MWhmR01sVU5LeHNlUHN1S1VyQ0FaJTJCWk9KWlpmVQ&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=rj_DEnxDTXBnaWVrLzBYTUpFSlc2eTMydmRFbTZZN0wxdlQwaUZMRlk3bUtpWno3M2lyWW9tU003T2UzODhxbUNJaHQ0YmJCbEZyWUZhTW1Gd2Jza2JaSXdMS0U4RFliMEtLMVljZUkwc3o1OUN5c2NDVTFYMDZMVTh2Zys0bFhEeSt6aGJoZy93OTUyKytvcFBINkliTFk1c09MVjU0bDVMcEJJYmdpSnZYemtzZ2EzK29ZRE45aDVKcGpHU1ZkNU1ReVRKc2J3dEdVVnhzcXd4K2FVSWFEekN5SE51aGtVSHUzdlk4WkdaMVc1RTRRMmh5MkRFVFpVUXIzWjU4OXdqc3U5fA&cppv=2

Request Chain 181

https://cm.mgid.com/m?cdsp=363893&adu=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dmgid%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%7Bmuidn%7D HTTP 301
https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1b9XFS5oRa2

Request Chain 204

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

216 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-great-suspender-extension-malware.html Show response
securityaffairs.co/wordpress/114272/malware/ 86 KB
24 KB 1231ms
1206ms Document
text/html 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: ff36e84d7779ed5da45da25e9bd881efb8d61ca7af1b586256cc9d319a106d21

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/114272/malware/the-great-suspender-extension-malware.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 11 Feb 2021 10:10:05 GMT
server: Apache
x-powered-by: PHP/7.2.34
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/114272>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=114272>; rel=shortlink
set-cookie: cookielawinfo-checkbox-necessary=yes; expires=Thu, 11-Feb-2021 11:10:06 GMT; Max-Age=3600; path=/ cookielawinfo-checkbox-non-necessary=yes; expires=Thu, 11-Feb-2021 11:10:06 GMT; Max-Age=3600; path=/
content-encoding: gzip

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 29ms
24ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ac0879acc54857126ac08eefb16ca1919fa83216c1a4976f7e9ea2b661bd167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39238
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Feb 2021 10:10:06 GMT

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 61 KB
61 KB 43ms
38ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8c43e551763d3628fab88767caacb3188f69afa8d1290cf3f9d61ab09cb56073

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 09 Dec 2020 23:30:59 GMT
server: Apache
accept-ranges: bytes
etag: "f520-5b61073a99e2a"
content-length: 62752
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 49ms
45ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.9.5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2020 23:05:49 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5b69cea81443a"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 27 KB
27 KB 30ms
25ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.9.5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2020 23:05:49 GMT
server: Apache
accept-ranges: bytes
etag: "6cdf-5b69cea81443a"
content-length: 27871
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 27ms
8ms Stylesheet
text/css 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=688ce3e49e5ecefa1cd650833f2ac646

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 frontend.css
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/ 7 KB
7 KB 34ms
30ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/frontend.css?ver=1613038206
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 10 Feb 2021 22:39:15 GMT
server: Apache
accept-ranges: bytes
etag: "1c69-5bb0312a4205b"
content-length: 7273
content-type: text/css

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 38ms
34ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 49ms
45ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 50ms
45ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 50ms
46ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "2bf8-5b61073af996a"
content-length: 11256
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 51ms
18ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 53ms
19ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 56ms
18ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 68ms
17ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 72ms
21ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 109ms
59ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
server: Apache
x-powered-by: PHP/7.2.34
content-type: text/css; charset: UTF-8;charset=UTF-8

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 73ms
22ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 frontend-gtag.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 22 KB
23 KB 71ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1613038206
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: bdec2cf98067424804869b7686735623c4f6fb88ce27718d27619860481b7733

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 10 Feb 2021 22:39:15 GMT
server: Apache
accept-ranges: bytes
etag: "596d-5bb0312a4dbdb"
content-length: 22893
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 281 KB
281 KB 71ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.5.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "463a2-5b61073af5aea"
content-length: 287650
content-type: application/javascript

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 25 KB
25 KB 72ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "62d4-5b61073af5aea"
content-length: 25300
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 33 KB
33 KB 90ms
35ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.9.5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a902ffc1c259dc54cb51d32618f4238568e5bcac3d32afc33e6729277f67dffb

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2020 23:05:49 GMT
server: Apache
accept-ranges: bytes
etag: "8319-5b69cea81443a"
content-length: 33561
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 741 B
895 B 91ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.11
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 10 Feb 2021 22:39:25 GMT
server: Apache
accept-ranges: bytes
etag: "2e5-5bb03133e9b7e"
content-length: 741
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 27 KB
8 KB 24ms
7ms Script
application/javascript 2600:9000:20eb:6200:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 2d5a9aa4eabdb58974140a8dfdacfe1ddb89ae27819ad19e8e148649936dac4a

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 15:24:27 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 153939
etag: W/"5fce7d95-6a23"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA2-C1
x-robots-tag: noindex, nofollow
content-length: 7721
x-amz-cf-id: 4Si6ln3UBNKv9z0uj7sraLCJwMHt-h13pAk7GBWihy752GOKeI5ntA==
expires: Fri, 12 Feb 2021 15:24:27 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 101 KB
32 KB 25ms
23ms Script
text/javascript 2600:9000:2111:e00:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2111:e00:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ddc2d8842e4e21c1cfe68e168737a5d49b858618ba76e21ba138d67d50492e48

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:00:47 GMT
content-encoding: gzip
age: 559
etag: W/"19346-02iMeBttC92qvz2cvqVIzDDmFfY"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 9dfe528172e388251f8e164c4585ba91.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: LHR61-C1
x-amz-cf-id: nglwUvI5IYQ13sq8o6QrE_COmqYcbtNh6GyxfYc2aavR8djAUJ2nag==

GET
H2 200 shield-antibot.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
3 KB 90ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shield-antibot.js?ver=10.1.6&mtime=1611272049
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: af7abdbcee9fe7d9eed8ff21d4a2ef12c31d2c374b77c8c67b1bf7c8b752f925

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Thu, 21 Jan 2021 23:34:09 GMT
server: Apache
accept-ranges: bytes
etag: "bc9-5b97182247ead"
content-length: 3017
content-type: application/javascript

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 149 KB
51 KB 76ms
45ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9c6f2f7abc0e87bc5a9365f11f5590e8c15cba05e99288f46ebc0cfc5ac479e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h: 8-15
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "7fc2699d480d4f12b632274c0195d97e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:07 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-31
expires: Thu, 11 Feb 2021 10:15:07 GMT

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 18ms
18ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H/1.1 200
OK headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 3 KB
4 KB 306ms
100ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:07 GMT
Last-Modified: Wed, 13 Jan 2021 17:57:03 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5fff346f-d42"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 3394
Expires: Sat, 13 Feb 2021 10:10:07 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 25ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 8ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 reddit.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:18:21 GMT
server: nginx
etag: "6a02164672eeeebc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png>; rel="canonical"
content-length: 1566
expires: Sat, 11 Jun 2022 08:18:21 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

522bc833d63af80c592a0e820353bdbda2c5fb502d19a0a3b13762168b0e12f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: dWlIi6HLM1vu4ktSvXkokg==
cross-origin-resource-policy: cross-origin
expires: Thu, 11 Feb 2021 10:21:02 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: sjBl3zRjlW0LYWjrslLRL0fyr6a1geod1RbCJqA3CVq3/L3IvD0oPBMBEtqv4x9elpdFpURuBIut2VcYHwd1wA==
x-fb-trip-id: 686109401
x-fb-content-md5: 138be755c186da1115670b2451d4e40c
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 11 Feb 2021 10:10:07 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f24b47994649c100d38e9616fb0ded64"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 pinterest.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
2 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

936c3e0cfba7a07ab55be383aeca9d39dcde7b4e9cddbfd973f78e34d3cc7078

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "68e3fd8215972705"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png>; rel="canonical"
content-length: 1498
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 hacking-SIM-cards.jpg
securityaffairs.co/wordpress/wp-content/uploads/2014/12/ 64 KB
64 KB 24ms
24ms Image
image/jpeg 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2014/12/hacking-SIM-cards.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5c5b2ef7e7acfc0a265dc851bef437e0d1198d4083919e0d872ddf0227f01e61

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Wed, 16 Dec 2015 10:54:18 GMT
server: Apache
accept-ranges: bytes
etag: "fe9c-52701ba52ea80"
content-length: 65180
content-type: image/jpeg

GET
H2 200 SAP-systems.gif
securityaffairs.co/wordpress/wp-content/uploads/2015/05/ 7 KB
7 KB 19ms
19ms Image
image/gif 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/05/SAP-systems.gif
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9e4a6ba8fbf104beec44e4d5573badfb08bf436aea0b6a6fcc3e85cd84180856

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Wed, 16 Dec 2015 12:32:50 GMT
server: Apache
accept-ranges: bytes
etag: "1a88-527031ab4e080"
content-length: 6792
content-type: image/gif

GET
H2 200 ransomware.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/06/ 18 KB
18 KB 11ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/06/ransomware.jpg?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a231780871d254762070051a6953761a8919c173161da8e1c1c63fd2b61fd74f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 12:17:06 GMT
server: nginx
etag: "1eda1e469b6c798f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2019/06/ransomware.jpg>; rel="canonical"
content-length: 17962
expires: Sun, 06 Nov 2022 00:17:06 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 122 KB
122 KB 22ms
22ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Fri, 25 Dec 2020 23:58:53 GMT
server: Apache
accept-ranges: bytes
etag: "1e76e-5b752b4e76df8"
content-length: 124782
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 21ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 10 Feb 2021 22:39:21 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5bb031302da84"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 10 Feb 2021 22:39:09 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5bb0312473af2"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Fri, 25 Dec 2020 23:58:53 GMT
server: Apache
accept-ranges: bytes
etag: "792-5b752b4e7bc18"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 23ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 18ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 21ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 19ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 20ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 19ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 18ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:06 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 e-202106.js Show response
stats.wp.com/ 9 KB
3 KB 42ms
12ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202106.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams
date: Thu, 11 Feb 2021 10:10:07 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Mon, 31 Jan 2022 19:20:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2700
date: Thu, 11 Feb 2021 09:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 11 Feb 2021 11:25:07 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 27 KB
28 KB 21ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e98cd00e7be004c4360ad0c38471911312d74a117babcc29f239935afc80c8cb

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "6d6a-5b61073b100ca"
content-length: 28010
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 24ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 198 KB
60 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7eef5b623cbc00459c0f87847b8616e7&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

750edb76bcb3f472a6fef8902f269f1253f08ea33fba3b018e304bbd249c744e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: zYwxCRpkiN/NNFb8CNsAJQ==
cross-origin-resource-policy: cross-origin
expires: Fri, 11 Feb 2022 08:51:21 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 60946
x-fb-rlafr: 0
x-fb-debug: v+n0KGfA6SBrMsW13XOK8kHyCUI+HTm/oJWd1gLvwagyQWtU2SQYVi0J/GSZ7S5Ogwlwjza2o4sKwMZffwu8SA==
x-fb-trip-id: 686109401
x-fb-content-md5: 1bdf1a5efe20b3e35938af959cb9ce96
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 11 Feb 2021 10:10:07 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "45e76943d21be0a8bdc73a4c8cd3a076"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
379 B 418ms
417ms Script
text/javascript 2600:9000:2111:ec00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2111:ec00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
via: 1.1 ece983986e74e7e31b6830d8531f6fb9.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: LHR61-C1
etag: "e6e1643313740711175f51662a65b42f"
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: ixlPS3M4agye41vy_fOx-DpXcWPndMQsRIkL77n7VFxsSDh6VKpSxA==

GET
H2 200 analytics.js Show response
google-analytics.com/ 46 KB
19 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 118
date: Thu, 11 Feb 2021 10:08:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 11 Feb 2021 12:08:09 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 20ms
20ms Font
application/font-woff 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 72 KB
24 KB 732ms
732ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=829833831&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&nse=3&vi=1613038207588307252&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

37ec29ec08a441de8286c73c3b4cdc8f3fa8e122ca3220bf5fcb640e68d77768

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 12-21
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:08 GMT
x-mnt-w: 12-13, 12-23
content-length: 23979
expires: Thu, 11 Feb 2021 10:15:08 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 375F 0
0 25ms
25ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 15 Aug 2021 10:10:07 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 13 Feb 2021 10:10:07 GMT
date: Thu, 11 Feb 2021 10:10:07 GMT
content-length: 5527

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 42ms
7ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=829833831&vi=1613038207588307252&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886993991&r=1613038207611&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613038207608015095070721975&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 11 Feb 2021 10:10:07 GMT

GET
H2 200 portal-v2.html
c.sharethis.mgr.consensu.org/ Frame FEFB 0
0 7ms
6ms Document
text/html 2600:9000:2156:6e00:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:6e00:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

content-type: text/html; charset=utf-8
content-encoding: gzip
cache-control: max-age=3600, public
date: Thu, 11 Feb 2021 09:43:54 GMT
etag: W/"83a-K1Ex0xzH2LCxSyRnDnyZEg18N68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: h8PiT52g4bmzyfM6Kq1JnDJWDTzAzniDh3DuwpZJXvIKDhI0X58x5w==
age: 1573

GET headerbid_refresh_alex.php
served-by.pixfuture.com/www/delivery/ Frame 101F 0
0

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 75 KB
24 KB 559ms
559ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&nse=3&vi=1613038207285388675&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9dd0b78c654cc13bdf93cc8699329c66c6e683418990c3bbc980f0bd24e3ca17

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 12-21
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:08 GMT
x-mnt-w: 12-21, 12-8
content-length: 24036
expires: Thu, 11 Feb 2021 10:15:08 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame DAB9 0
0 64ms
64ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 15 Aug 2021 10:10:07 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 13 Feb 2021 10:10:07 GMT
date: Thu, 11 Feb 2021 10:10:07 GMT
content-length: 5527

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 8ms
8ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1613038207285388675&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886993991&r=1613038207667&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613038207666015095070721084&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 11 Feb 2021 10:10:07 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 74 KB
23 KB 734ms
734ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&nse=6&vi=1613038207314659905&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d93a9e1b6f8143463e29ea1058c28bcedd46ae656c1d21ae0875654e24aea0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 12-21
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:08 GMT
x-mnt-w: 21-50pk, 21-cbbg
content-length: 23429
expires: Thu, 11 Feb 2021 10:15:08 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 123C 0
0 61ms
59ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 15 Aug 2021 10:10:07 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 13 Feb 2021 10:10:07 GMT
date: Thu, 11 Feb 2021 10:10:07 GMT
content-length: 5527

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 11ms
8ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1613038207314659905&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886993991&r=1613038207674&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613038207666015095070721084&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 11 Feb 2021 10:10:07 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ 148 KB
50 KB 79ms
78ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8742a950050057fb38d5a4c3f63bd298112011ed5fceb0c66575e72098af68be

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-mnt-h: 8-4
content-encoding: gzip
server: Apache
etag: "d466f3b8342a1dcc14db3ac2cf700faa"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:07 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-8
expires: Thu, 11 Feb 2021 10:15:07 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 69ms
15ms XHR
text/plain 18.195.238.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1613038207539.17927&hostname=securityaffairs.co&location=%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consent_cookie_duration=143&consent_duration=143&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&gdpr_method=cookie&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&title=Watch%20out!%20%27The%20Great%20Suspender%27%20Chrome%20extension%20contains%20MalwareSecurity%20Affairs&sop=false&description=Google%20removed%C2%A0the%20popular%20The%20Great%20Suspender%20from%20the%20official%20Chrome%20Web%20Store%20for%20containing%20malware%20and%20deactivated%20it%20from%20the%20users%E2%80%99%20PC.%20Google%20on%20Thursday%20removed%C2%A0The%20Great%20Suspender%20extension%20from%20the%20Chrome%20Web%20Store.%20Million%20of%20users%20have%20installed%20the%20popular%20Chrome%20extension%2C%20the%20IT%20giant%20also%20took%20the%20proactive%20measure%20of%20deactivating%20it%20from%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.238.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-238-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:07 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 070F 11 KB
11 KB 325ms
127ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 4d31e714c9328b09cae601b4576c268eef27691d681fe57edc4f1357606c8a85

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 13 Feb 2021 10:10:07 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 0670 11 KB
12 KB 323ms
126ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 08566bbf10fed41d231d4725095a0d8c126ec253f862a2a2b522b4e3149e254d

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 13 Feb 2021 10:10:07 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
68 B 13ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=2114043989&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&ul=en-us&de=UTF-8&dt=Watch%20out!%20%27The%20Great%20Suspender%27%20Chrome%20extension%20contains%20MalwareSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=572356815&gjid=43073981&cid=1835785540.1613038208&tid=UA-59069958-1&_gid=965512881.1613038208&_r=1&did=dNDMyYj&gtm=2ou230&z=707228342

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 28ms
28ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=2114043989&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&ul=en-us&de=UTF-8&dt=Watch%20out!%20%27The%20Great%20Suspender%27%20Chrome%20extension%20contains%20MalwareSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAUABAAAAAC~&jid=1499871141&gjid=1839133138&cid=1835785540.1613038208&tid=UA-59069958-1&_gid=965512881.1613038208&_r=1&_slc=1&z=1730112530

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 16ms
16ms Image
text/plain 18.195.238.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1613038207539.17927&hostname=securityaffairs.co&location=%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consent_cookie_duration=143&consent_duration=143&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&gdpr_method=cookie&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&title=Watch%20out!%20%27The%20Great%20Suspender%27%20Chrome%20extension%20contains%20MalwareSecurity%20Affairs&sop=false&description=Google%20removed%C2%A0the%20popular%20The%20Great%20Suspender%20from%20the%20official%20Chrome%20Web%20Store%20for%20containing%20malware%20and%20deactivated%20it%20from%20the%20users%E2%80%99%20PC.%20Google%20on%20Thursday%20removed%C2%A0The%20Great%20Suspender%20extension%20from%20the%20Chrome%20Web%20Store.%20Million%20of%20users%20have%20installed%20the%20popular%20Chrome%20extension%2C%20the%20IT%20giant%20also%20took%20the%20proactive%20measure%20of%20deactivating%20it%20from%20%5B%E2%80%A6%5D&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&gdpr_method=cookie&description=Google%20removed%C2%A0the%20popular%20The%20Great%20Suspender%20from%20the%20official%20Chrome%20Web%20Store%20for%20containing%20malware%20and%20deactivated%20it%20from%20the%20users%E2%80%99%20PC.%20Google%20on%20Thursday%20removed%C2%A0The%20Great%20Suspender%20extension%20from%20the%20Chrome%20Web%20Store.%20Million%20of%20users%20have%20installed%20the%20popular%20Chrome%20extension%2C%20the%20IT%20giant%20also%20took%20the%20proactive%20measure%20of%20deactivating%20it%20from%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.238.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-238-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:07 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 75 KB
24 KB 560ms
560ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=733976884&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&nse=3&vi=1613038207308649482&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5315c8adc27036f25e14d6de7e182cf67123820851d7aa6a29b8f58a8b4b2b86

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 12-21
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:08 GMT
x-mnt-w: 12-1, 12-13
content-length: 24018
expires: Thu, 11 Feb 2021 10:15:08 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 8134 0
0 36ms
35ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 15 Aug 2021 10:10:07 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 13 Feb 2021 10:10:07 GMT
date: Thu, 11 Feb 2021 10:10:07 GMT
content-length: 5527

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 9ms
8ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=733976884&vi=1613038207308649482&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781036&r=1613038207775&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613038207773015095070722142&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 11 Feb 2021 10:10:07 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 19ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 11 Feb 2021 10:10:07 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Thu, 11 Feb 2021 10:15:07 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 60 KB
17 KB 657ms
657ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&nse=6&vi=1613038207764263789&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f132f0617d744838858829c8ebe4ca36608f1456f6eb796921a7907485b7946b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 12-21
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:08 GMT
x-mnt-w: 21-50pk, 21-50pk
content-length: 17430
expires: Thu, 11 Feb 2021 10:15:08 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 46D1 0
0 39ms
39ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 15 Aug 2021 10:10:07 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 13 Feb 2021 10:10:07 GMT
date: Thu, 11 Feb 2021 10:10:07 GMT
content-length: 5527

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 8ms
7ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1613038207764263789&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781036&r=1613038207812&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613038207811015095070726064&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 11 Feb 2021 10:10:07 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
27 KB 694ms
694ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&nse=3&vi=1613038207713998985&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

eada28bfc274105e95f2467622c2420e68b78fde407aa4baee295d5dcc003f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 12-21
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Thu, 11 Feb 2021 10:10:08 GMT
x-mnt-w: 12-24, 12-15
content-length: 27728
expires: Thu, 11 Feb 2021 10:15:08 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame E86F 0
0 32ms
31ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 15 Aug 2021 10:10:07 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 13 Feb 2021 10:10:07 GMT
date: Thu, 11 Feb 2021 10:10:07 GMT
content-length: 5527

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 9ms
7ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1613038207713998985&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781036&r=1613038207820&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613038207819015095070727176&gdpr=1&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:07 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 11 Feb 2021 10:10:07 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "156244085faab7d3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 9ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 10ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 6 KB
6 KB 11ms
10ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Thu, 11 Feb 2021 10:10:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Dec 2020 07:29:12 GMT
server: nginx
etag: "a6fb49f7a00a0498"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 6336
expires: Thu, 15 Dec 2022 19:29:12 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 15ms
13ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.4&blog=29506073&post=114272&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2279&rand=0.7786862194720257
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:07 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame C8B6 37 KB
38 KB 136ms
118ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029b3c29c4111c7177d55f5196deb35b99ffd868d2f95b653f97a1418791d10e

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 10 Feb 2021 17:03:25 GMT
server: cloudflare
etag: "602411dd-955d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fqgZhQjsEuiYtFxLbDB7P5xIoX%2FABikEMNveeSVG%2FAxP8obLFK84%2ByVZmpRG1mEK%2FJe%2BP12jAKcZkdAEk6EFcWg2264TCqxBME150DdOh5UyMwsjbVFwMA7V6uO1ew%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 61fd47404bf016ee-FRA
content-length: 38237
cf-request-id: 08322adc2b000016eefd94b000000001
expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame B2EE 37 KB
38 KB 355ms
344ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029b3c29c4111c7177d55f5196deb35b99ffd868d2f95b653f97a1418791d10e

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 10 Feb 2021 17:03:25 GMT
server: cloudflare
etag: "602411dd-955d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mJffEOILndR5BjEoYprZaTybQkTuJNWUYSwzbtOqwCWVjFxgcgFNzYTWbCw2fmdIMZreoAmsL8fOH7OkkWvoshubS2L4f6g5BTUBU6G%2FBUYR8rNZkYVklOIWFe%2B7HQ%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 61fd47404bf216ee-FRA
content-length: 38237
cf-request-id: 08322adc2a000016ee3c136000000001
expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame C8B6 87 KB
88 KB 351ms
350ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MZNtSA4Z0uQy%2B4jjgI3qq1mjx%2FCzevc6N3TYCTbniqcjecaWcqfRsFGoSRCzVRkwzD1jkYCBUaprub83hzi4DlE8TDGV5Fbj%2BOScFFj1qjgApQFJOwF2%2FJCyugwKPw%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 61fd47410dd116ee-FRA
content-length: 89476
cf-request-id: 08322adca5000016ee3ca78000000001
expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158127/2642/ Frame C8B6 275 KB
84 KB 31ms
13ms Script
text/javascript 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e98e8d723dd2eaca28bade949628d27e81e6cf8c9b3e0fd8091fe4b3843f78ce

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 29 Oct 2020 22:47:13 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "10c1257-44c71-5b2d70fa58647"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: public, max-age=17941
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 85626
Expires: Thu, 11 Feb 2021 15:09:09 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame C8B6
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1
https://mug.criteo.com/sid?cpp=A40NQHxnMVZsdVVYcTFnWjJCcXB0amQxVGxwOW43VjVEUUxlY01SQ0FDL2U4QWVIYVc0Mi84QVc4bTRSdmgrekdPaElUK0l0Vks2bkIwU053K3VmKzd0SU1QV0YyOFNWZWYyWEZ3aU0vZ1d2UlNJaFYza054VWlSMWx3cU...

347 B
629 B

64ms
23ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=A40NQHxnMVZsdVVYcTFnWjJCcXB0amQxVGxwOW43VjVEUUxlY01SQ0FDL2U4QWVIYVc0Mi84QVc4bTRSdmgrekdPaElUK0l0Vks2bkIwU053K3VmKzd0SU1QV0YyOFNWZWYyWEZ3aU0vZ1d2UlNJaFYza054VWlSMWx3cUIwUUV2VUxkV0x1b1ZXTXphaktYMERIS1UralNvUThJcklsWDhwVEgzUHdaRmk4bW9UUmNMeHFNRjNWVll2ZG8ydEZLQm1CTUFPK0NwbExxRVpYRUhMcUhGMStIVzZjdkNYeWFFcml5ZENXQVJ0YTBES25RPXw&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

d9f0d356ee963a240576194fcaacee542e82e03427646ae8b6e10322bfb021b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 11 Feb 2021 10:10:07 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2261
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 11 Feb 2021 10:10:08 GMT
location: https://mug.criteo.com/sid?cpp=A40NQHxnMVZsdVVYcTFnWjJCcXB0amQxVGxwOW43VjVEUUxlY01SQ0FDL2U4QWVIYVc0Mi84QVc4bTRSdmgrekdPaElUK0l0Vks2bkIwU053K3VmKzd0SU1QV0YyOFNWZWYyWEZ3aU0vZ1d2UlNJaFYza054VWlSMWx3cUIwUUV2VUxkV0x1b1ZXTXphaktYMERIS1UralNvUThJcklsWDhwVEgzUHdaRmk4bW9UUmNMeHFNRjNWVll2ZG8ydEZLQm1CTUFPK0NwbExxRVpYRUhMcUhGMStIVzZjdkNYeWFFcml5ZENXQVJ0YTBES25RPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1732
content-length: 482
expires: 0

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C8B6 56 KB
19 KB 35ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3cc6af6f13fdac2b76ddb393d32a0e2dcbb082e2b98231b30348c13d9b9649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "780 / 906 of 1000 / last-modified: 1612998653"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 19122
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H2 200 prebid4.19.0.js Show response
cdn.pixfuture.com/ Frame C8B6 331 KB
332 KB 121ms
121ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 10 Dec 2020 17:32:50 GMT
server: cloudflare
etag: "5fd25bc2-52b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OhWAPoRGOBDSKgcB3DybET0%2B9y3fFSu7DziXd%2Bl2WpXlq%2B0X1bpu5e5E4jc1RuipDTks7ruHdBD0bd3iZkSC4grPrhG%2FBcny33YzZj7Ht2Ga44i4oj3Ch5fbxgbDHg%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 61fd47417ec216ee-FRA
content-length: 338715
cf-request-id: 08322adceb000016ee079db000000001
expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H2 200 nrrV63415.js Show response
contextual.media.net/4a/ Frame 97CE 88 KB
29 KB 52ms
51ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV63415.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "b88764f1c889943b3800a04d001e29c0"
vary: Accept-Encoding
x-mnet-h: 8-21
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 11 Feb 2021 10:10:08 GMT
content-length: 29185
expires: Thu, 25 Feb 2021 10:10:08 GMT

GET
H2 200 1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame 97CE 42 B
204 B 17ms
16ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800028474/1x1.gif

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 04 Jun 2018 10:04:19 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=128956
accept-ranges: bytes
content-length: 42
expires: Fri, 12 Feb 2021 21:59:24 GMT

GET
DATA 200
OK truncated
/ Frame 97CE 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 97CE 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet13.woff
contextual.media.net/__media__/fonts/bullet13/ Frame 97CE 2 KB
2 KB 52ms
22ms Font
application/font-woff 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet13/bullet13.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1692
expires: Fri, 12 Feb 2021 10:10:08 GMT

GET
H2 200 pubads_impl_2021020801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C8B6 288 KB
101 KB 65ms
40ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

2d8a5cf0e0ee804d8ffc7cffa8ba1ec6dc69f7a7e20afefc16eb947c36aab149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Feb 2021 09:37:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103421
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 97CE 15 B
397 B 11ms
10ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001613038207666015095070721084&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYCOqVQZlt2Bci8fUTps6vDNfKRrY-fAPvzWLXVbLeDmOsN6TbUNiNJEQK4u9Qx4eG14gYqZzVk-x&lpid=&tsid=1&q=&prv=&type=&ps=&cme=EmX4F68WjWmAfltM71gq6aVC9-nXDzbgN2RHcBwTzNtJu1yWQ_vdN8_bNfw7l65YKJi0_Dd4m7vJJ2o7YNWhaYeFBmewRNqYbVje5RHMIjFQKkBQjM6qU6AU1W38Td7XJ6P-p_YrsAeo_jZW9IjPtoly3Oq4FX0NlySX1WkQWc4Kxr842VK34mO70YRa2qu-teakT0qDQBB5xmYzMDENdodjSiWabKYHFXRou49KGok%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CSKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA%3D%3D%7CN7fu2vKt8_s%3D%7CwXKarcpIYaSB-Dkl_kvDExNJZO12B2MsDosccW0kKS6HqrqOz81H2fQ47SWkx5eklRtPQ8wtlJDwmKC3kVbmgPDLrsuDMu2F_zXYlZSARELGB-wC_ZK-RDIYiVQkgbPxAL3dFIEbvzRzWpkd9Ed5tssVoz0UeY6h6rKhlS_uaCw0UdFCKt7T_EEBqhrYONzzALaXZIvWor4okTEinUchYMl0hnusGTDs%7C&hint=&td=&cc=DE&wsip=2886934118&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=NufozNuN&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329900794&kbc2[]=ps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D2.08&ktd[]=281749871526144&kwd[]=Malware%20Removal%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=18327823&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.50%7C%7Clvl%3D1.00&ktd[]=283948911825152&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=329809631&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.33%7C%7Clvl%3D1.29&ktd[]=283948895047936&kwd[]=Malware%20Free%20Download&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=210330434&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.37%7C%7Clvl%3D1.29&ktd[]=283948895047936&kwd[]=Top%20Anti%20Virus%20Softwares%20in%202020&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=330164244&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D1.18%7C%7Clvl%3D1.00&ktd[]=284498650861824&rand=1613038208308&cid=8CU5BD6EW&vwid=1613038207285388675&vi=1613038207285388675&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1613038207156409097&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1613038207666&upk=1613038208.12494&hvsid=00001613038207666015095070721084&verid=4121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=16&matm=1613038208315&vgd_ltime=652&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807056982&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D16&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886930199&vgd_nrrsf=nrr&vgd_nrrv=63415&vgd_nrrs=63415&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=367&vgd_y_pos=1785&vgd_ren_page_h=3478&vgd_cty=FRANKFURT&vgd_l1hcsd=A15%7C992&vgd_sethcsd=C21%7C983&vgd_cfud=200219&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_ect=4g&vgd_rensize=517_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&oRurl=http%3A%2F%2Fcdn3ncc%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1613038207285388675%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D3%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114272%252fmalware%252fthe-great-suspender-extension-malware.html%26%26katid%3D807056982%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A517%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:08 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:08 GMT

POST
H2 200 log
navvy.media.net/ Frame 97CE 807 B
997 B 697ms
350ms Other
image/gif 52.53.68.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.53.68.248 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-53-68-248.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H2 200 nrrV63415.js Show response
contextual.media.net/4a/ Frame AEBC 88 KB
29 KB 29ms
29ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV63415.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "b88764f1c889943b3800a04d001e29c0"
vary: Accept-Encoding
x-mnet-h: 8-21
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 11 Feb 2021 10:10:08 GMT
content-length: 29185
expires: Thu, 25 Feb 2021 10:10:08 GMT

GET
H2 200 nrrV63415.js Show response
contextual.media.net/4a/ Frame 3C5C 88 KB
29 KB 25ms
25ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV63415.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "b88764f1c889943b3800a04d001e29c0"
vary: Accept-Encoding
x-mnet-h: 8-21
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 11 Feb 2021 10:10:08 GMT
content-length: 29185
expires: Thu, 25 Feb 2021 10:10:08 GMT

GET
DATA 200
OK truncated
/ Frame 3C5C 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3C5C 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet3.woff
contextual.media.net/__media__/fonts/bullet3/ Frame 3C5C 2 KB
2 KB 26ms
25ms Font
application/font-woff 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet3/bullet3.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1688
expires: Fri, 12 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame AEBC 15 B
397 B 9ms
8ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001613038207773015095070722142&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYCOqVQZlt2Bci8fUTps6vDNfKRrY-fAPvzWLXVbLeDmOsN6TbUNiNJHkm3ClXg1FbCGNvIKFkhrw&lpid=&tsid=1&q=&prv=&type=&ps=&cme=fl3c56yKPIKh4Yb_w13uJESUzBGBO0-pW5Jpt9vCRG1gc1Tf4wzkrhO3KMXgoQZDiJclCtG-yVq2Mn4pJOdhV23q_rPCMFu2unMMQrO-PBmRTR0ZNbuO_97FBEqsWdBf454DbyeWYxPBb7kGLJJaH0Rq_gvhdMp6YkupRf7CCAa6p4c2sr7Jx4ShD1J-O3aBsnbKLw3Zrth6hdMKGHuCukcYkNut7HCgp4SqS6_mLPU%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CSKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA%3D%3D%7CN7fu2vKt8_s%3D%7Cl4DufyKHygoSbxHDTyycttmZv1W7v8o6mDlWaZesBNJTwXOjt_NyooS_pUxoBgAcCZbrzotip8fAQ2B6hyv-zcV1HwDk3qs-psb0wmvGqfZod1Zsexy0rMcnMXNJYFX_ArM4KT9FJa89HWPo6ehZVRFil-qKKqcud65JUtpRxqMFnl1gbYSs71vIRxYQ2_MgMlKKAwq8FYoNGGy0vEufR1OPc31xQQ-6%7C&hint=&td=&cc=DE&wsip=2886934591&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=NufozNuN&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329900794&kbc2[]=ps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D2.08&ktd[]=281749871526144&kwd[]=Malware%20Removal%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=18327823&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.50%7C%7Clvl%3D1.00&ktd[]=283948911825152&kwd[]=Top%20Anti%20Virus%20Softwares%20in%202020&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=330164244&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D1.18%7C%7Clvl%3D1.00&ktd[]=284498650861824&kwd[]=Best%20Malware%20Removers&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=48906549&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.89%7C%7Clvl%3D1.00&ktd[]=283948895047936&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329649619&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D1.00&ktd[]=283948895047936&rand=1613038208386&cid=8CU5BD6EW&vwid=1613038207308649482&vi=1613038207308649482&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1613038207119404840&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1613038207773&upk=1613038208.12494&hvsid=00001613038207773015095070722142&verid=111299&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=16&matm=1613038208388&vgd_ltime=621&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807056976&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D16&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886932026&vgd_nrrsf=nrr&vgd_nrrv=63415&vgd_nrrs=63415&vgd_nrrmf=4a&vgd_cntrdt=S%7CDIV&vgd_ren_page_h=3735&vgd_cty=FRANKFURT&vgd_l1hcsd=A4%7C992&vgd_sethcsd=C21%7C983&vgd_cfud=200131&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_ect=4g&vgd_rensize=0_0&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fnmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&oRurl=http%3A%2F%2Fcdn3ncc%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1613038207308649482%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D733976884%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D3%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114272%252fmalware%252fthe-great-suspender-extension-malware.html%26%26katid%3D807056976%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Bwin_w%3A1600%3Bwin_h%3A1200&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:08 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:08 GMT

POST
H2 200 log
navvy.media.net/ Frame AEBC 807 B
997 B 774ms
500ms Other
image/gif 52.53.68.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.53.68.248 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-53-68-248.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 3C5C 15 B
397 B 11ms
10ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001613038207608015095070721975&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYCOqVQZlt2BcWR5_rnwPCDjsIARi02DezzVOSgfL7eHmUa7ziHdixzamRPHJfuz0o1m5dEPFJTvj&lpid=&tsid=1&q=&prv=&type=&ps=&cme=XVK9LqZbwBgtj9K_BE2bo6DVO0l3Dh1a6zB6eDKZwE523zmIuvHnmdkXRUVzt9iLL07heJRdZQzKIvI-riMY3gyTKGjUf_tN9YneGrdVSVX4L2NKnPnDsHzl_knoeta47Bke_MbDkpuK04OsoCCbqGwMpSSx9qigbGKyEbyGw74Pm4mTWtQ3ikp6dOKw3fH-Kc7Xk4MCjkQe8fdaAF4Wz1brdzL00vSBwgHcpodODmE%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CSKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA%3D%3D%7CN7fu2vKt8_s%3D%7CeyOPkfgOPIiYe-ibRqfODqKheuXEsR_Az54I-eTMi4cQY906EKBB1VcD-TNjhOUzbVv1mRYRq16rLVfgl9LIjNDETj0t1tVGalrC_blBoCUpN5Fxv0nHX8wLWEGQvLaQs2Cv0qlJz27vLlPzgI4GuB8VOV5jW4eS5iFMFcRCh3XBRRuHsjKEcBERheIO7P1xKfComrpoqS6zolRvYfON1J6WU4modGYQ%7C&hint=&td=&cc=DE&wsip=2886932026&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=NufozNuN&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329900794&kbc2[]=ps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D2.08&ktd[]=281749871526144&kwd[]=Top%2010%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=28641497&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.73%7C%7Clvl%3D1.00&ktd[]=290545981591808&kwd[]=online%20malware%20scan&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=21246677&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.30%7C%7Clvl%3D1.89&ktd[]=290545981591808&kwd[]=Best%20Malware%20Protection&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=48906544&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.53%7C%7Clvl%3D1.00&ktd[]=290545981591808&kwd[]=Download%20Chrome%20Browser&kwt[]=307&kbc[]=80362&kwp[]=5&kid[]=321365665&kbc2[]=0%7C%7Cactr%3D0.005%7C%7Cps%3D0.782%7C%7Crpc%3D0.14%7C%7Clvl%3D1.17&ktd[]=3573429764352&rand=1613038208397&cid=8CU5BD6EW&vwid=1613038207588307252&vi=1613038207588307252&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1613038207156409097&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1613038207608&upk=1613038208.12494&hvsid=00001613038207608015095070721975&verid=4121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&pid=8PO5M70HK&katen=1&pc=5&matm=1613038208404&vgd_ltime=803&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807619797&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D5&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886934385&vgd_nrrsf=nrr&vgd_nrrv=63415&vgd_nrrs=63415&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-829833831%7CDIV&vgd_x_pos=320&vgd_y_pos=518&vgd_ren_page_h=3735&vgd_cty=FRANKFURT&vgd_l1hcsd=A15%7C992&vgd_sethcsd=C21%7C983&vgd_cfud=200313&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_ect=4g&vgd_rensize=630_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&oRurl=http%3A%2F%2Fcdn3ncc%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1613038207588307252%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D829833831%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D3%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114272%252fmalware%252fthe-great-suspender-extension-malware.html%26%26katid%3D807619797%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A630%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:08 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:08 GMT

POST
H2 200 log
navvy.media.net/ Frame 3C5C 807 B
997 B 610ms
350ms Other
image/gif 52.53.68.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.53.68.248 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-53-68-248.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame B2EE 87 KB
88 KB 102ms
100ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Rl%2FU1LJMBEDATCHYUkX%2F4BeCqIAJI0R%2B3NDo%2BKkZkvgPsf8V%2BZoCX40m1s4ZYbFXKlE1V2KPq6tXH2cluXP065874HUSz6qi2fOukfb8AG2QGsPAQGqfcaMcdM9yYA%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 61fd4742989b16ee-FRA
content-length: 89476
cf-request-id: 08322add9f000016ee3001f000000001
expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158127/2642/ Frame B2EE 275 KB
84 KB 9ms
8ms Script
text/javascript 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e98e8d723dd2eaca28bade949628d27e81e6cf8c9b3e0fd8091fe4b3843f78ce

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 29 Oct 2020 22:47:13 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "10c1257-44c71-5b2d70fa58647"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: public, max-age=17941
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 85626
Expires: Thu, 11 Feb 2021 15:09:09 GMT

GET
H2 200 nrrV63415.js Show response
contextual.media.net/4a/ Frame ACAE 88 KB
29 KB 39ms
38ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV63415.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "b88764f1c889943b3800a04d001e29c0"
vary: Accept-Encoding
x-mnet-h: 8-21
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 11 Feb 2021 10:10:08 GMT
content-length: 29185
expires: Thu, 25 Feb 2021 10:10:08 GMT

GET
DATA 200
OK truncated
/ Frame ACAE 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame ACAE 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame ACAE 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sid Show response
mug.criteo.com/ Frame B2EE
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=XzT30F9EclNldDZneWNDalBEang5TVglMkI5eHVHSG42QW9ubWk2bzFTUEdKOTN3eGhpbTFOYWt...
https://mug.criteo.com/sid?cpp=qUkGnXxBRkhabGJEQU5obGkyL2FPOWk4UkJ0THBJQlVKR3k3cmlQYXF6MExIZWxaNFFDWjVuMGwvcnhmUENlOFV4cGVTVEtsZGZ0ZDRkYnZtOVMrNG5WclJ1Y2VheGRRaVFiNHpPQW52SjRDU1YzTW8zVk54ODI1cUw0Zl...

345 B
629 B

20ms
20ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=qUkGnXxBRkhabGJEQU5obGkyL2FPOWk4UkJ0THBJQlVKR3k3cmlQYXF6MExIZWxaNFFDWjVuMGwvcnhmUENlOFV4cGVTVEtsZGZ0ZDRkYnZtOVMrNG5WclJ1Y2VheGRRaVFiNHpPQW52SjRDU1YzTW8zVk54ODI1cUw0ZlM0VmNuWkFzT3p2THNLdWExbEtuN0RXbDJMU1hSZGc4ZktOMTJpZ3lUbmtJQVRzbFB6MlVlNHlQeUVuWmZvWUUzaHJxYXF0a3EzSDJJdjBvaWwxbUJKRHRNSEVhUG1aSXZhY1lUaEVHOEZIVnpsTDBuQW9NNktNTS9kdWRkd0ZaeHVkZ3FYSUhwfA&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ad14f739e32a3cf82a1757e7e812039d0c349305f7931240ac02c8aff70cba7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 11 Feb 2021 10:10:07 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2861
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 11 Feb 2021 10:10:07 GMT
location: https://mug.criteo.com/sid?cpp=qUkGnXxBRkhabGJEQU5obGkyL2FPOWk4UkJ0THBJQlVKR3k3cmlQYXF6MExIZWxaNFFDWjVuMGwvcnhmUENlOFV4cGVTVEtsZGZ0ZDRkYnZtOVMrNG5WclJ1Y2VheGRRaVFiNHpPQW52SjRDU1YzTW8zVk54ODI1cUw0ZlM0VmNuWkFzT3p2THNLdWExbEtuN0RXbDJMU1hSZGc4ZktOMTJpZ3lUbmtJQVRzbFB6MlVlNHlQeUVuWmZvWUUzaHJxYXF0a3EzSDJJdjBvaWwxbUJKRHRNSEVhUG1aSXZhY1lUaEVHOEZIVnpsTDBuQW9NNktNTS9kdWRkd0ZaeHVkZ3FYSUhwfA&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2607
content-length: 509
expires: 0

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame B2EE 56 KB
19 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3cc6af6f13fdac2b76ddb393d32a0e2dcbb082e2b98231b30348c13d9b9649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "780 / 119 of 1000 / last-modified: 1612998653"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 19122
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H2 200 prebid4.19.0.js Show response
cdn.pixfuture.com/ Frame B2EE 331 KB
332 KB 102ms
101ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 10 Dec 2020 17:32:50 GMT
server: cloudflare
etag: "5fd25bc2-52b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fFbusx355AnMw35Fw71hExlnvF3t1VxnDqJQlkbnDlvE8VMV%2B2L4xfhA0joM%2B%2ByYhY9dE7F%2FAHhUqc336Bqy%2BR981EUJNWFgMrYsMmeipt6S6YTJ%2FbaLPbrlyI3Y1g%3D%3D"}]}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 61fd4742d8f316ee-FRA
content-length: 338715
cf-request-id: 08322addc7000016ee46394000000001
expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame ACAE 15 B
397 B 12ms
11ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001613038207666015095070721084&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYCOqVQZlt2Bci8fUTps6vDNfKRrY-fAPvzWLXVbLeDmOsN6TbUNiNJEQK4u9Qx4eG14gYqZzVk-x&lpid=&tsid=1&q=&prv=&type=&ps=&cme=7dPTaC80jmPWD-RU3KaN2vz308kb3isPuPy8fqi4rhAuXbH8lkD2Za_nu3qbn4HUlEVctHqAyFYANp457d_C5om_k5jcaeWnBQrbYAZ5E_aNie7e4ZRjZTVliqLcfPlcwA45BVqLhHdNKakBCf7Uzk95I3fOIyIL3iFqCA-t6_VUTONxxUKOgQZDAGNAFnlxdSW7gdVmaIUpwuiIbjzkENuTK-vhoeuo%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CSKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA%3D%3D%7CN7fu2vKt8_s%3D%7CXJm4k_7uzm5h-6E6zwhcn_z4_GK82KfnKfVOJveK5xnZVGMcilva42vyRL8FeE4dqOazcxRseovu9MkBw1li3YxJQBo7FObpB3ZtnRcdZmGTSI-tmnkAtH2_M5N0X-V09l4XKRYTPJpIJKtRINcxOlotzp9Pk7vxiZ1HROVYsa3KouKqs1OrIPFzjkCZWls5JKwobA6j4JeWa7z-GwSv4YicNxv9SeQm%7C&hint=&td=&cc=DE&wsip=170721381&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329900794&kbc2[]=ps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D2.08&ktd[]=281749871526144&kwd[]=Best%20Malware%20Removers&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=48906549&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.89%7C%7Clvl%3D1.00&ktd[]=283948895047936&kwd[]=Practical%20Malware%20Analysis&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=329811000&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.31%7C%7Clvl%3D1.00&ktd[]=284498650861824&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329649619&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D1.00&ktd[]=283948895047936&kwd[]=Advance%20Malware%20Protection&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=329807601&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.43%7C%7Clvl%3D1.00&ktd[]=284498650861824&rand=1613038208471&cid=8CU5BD6EW&vwid=1613038207314659905&vi=1613038207314659905&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1613038207156409097&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1613038207672&upk=1613038208.12494&hvsid=00001613038207666015095070721084&verid=4121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=82&matm=1613038208475&vgd_ltime=805&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=804340239&vgd_katbid=-21&vgd_kals=ttype%3D10017%7C%7Cpc%3D82&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721381&vgd_nrrsf=nrr&vgd_nrrv=63415&vgd_nrrs=63415&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=367&vgd_y_pos=2299&vgd_ren_page_h=3992&vgd_cty=FRANKFURT&vgd_l1hcsd=A15%7C992&vgd_sethcsd=C21%7C983&vgd_cfud=200721&vgd_is_amp=0&vgd_optout=0&vgd_ect=4g&vgd_rensize=524_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1613038207314659905%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D6%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114272%252fmalware%252fthe-great-suspender-extension-malware.html%26%26katid%3D804340239%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A524%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:08 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:08 GMT

POST
H2 200 log
navvy.media.net/ Frame ACAE 807 B
997 B 549ms
361ms Other
image/gif 52.53.68.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.53.68.248 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-53-68-248.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H2 200 nrrV63415.js Show response
contextual.media.net/4a/ Frame 0D65 88 KB
29 KB 28ms
27ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV63415.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "b88764f1c889943b3800a04d001e29c0"
vary: Accept-Encoding
x-mnet-h: 8-21
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 11 Feb 2021 10:10:08 GMT
content-length: 29185
expires: Thu, 25 Feb 2021 10:10:08 GMT

GET
DATA 200
OK truncated
/ Frame 0D65 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0D65 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e9a9ba24042f2effe58a5d585f70a7bc4b917e60ddcb9a780ad03817a78381f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet12.woff
contextual.media.net/__media__/fonts/bullet12/ Frame 0D65 2 KB
2 KB 20ms
19ms Font
application/font-woff 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet12/bullet12.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1716
expires: Fri, 12 Feb 2021 10:10:08 GMT

GET
H3-Q050 200 pubads_impl_2021020801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B2EE 288 KB
101 KB 74ms
59ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

2d8a5cf0e0ee804d8ffc7cffa8ba1ec6dc69f7a7e20afefc16eb947c36aab149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Feb 2021 09:37:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103421
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:08 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 14ms
13ms Other
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=Bm0f4V9EclNldDZneWNDalBEang5TVglMkI5eGxYdUlvQVFqdFFKQW96YzE0WVpvejVuR1FhSkY3Q3BXcVFhJTJCU3UzZ1YzYTM0d2paVVJiM1JVc3lrSDV0QzZVSjB4azdHV0x3NnFuSGZ6MWhmR01sVU5LeHNlUHN1S1VyQ0FaJTJCWk9KWlpmVQ&cw=1&lsw=1

Protocol

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1536
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame C8B6
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=Bm0f4V9EclNldDZneWNDalBEang5TVglMkI5eGxYdUlvQVFqdFFKQW96YzE0WVpvejVuR1FhSkY...
https://mug.criteo.com/sid?cpp=BmQjeHxtY0N4amNIOEJiSXkzVFlCakJHTCszdUNOTFNEUG5LMkk4YTFOalN6TWxHS29ZR1JpbmtjYTJrSlo4aE1RM3YydmhuRk5wVjA0RlMrMklXOFQ2YkZjaERvZVFhcnVNenNTZXVzYlkzL2xyU3pJMjFLU05lTXJHMU...

353 B
631 B

72ms
21ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=BmQjeHxtY0N4amNIOEJiSXkzVFlCakJHTCszdUNOTFNEUG5LMkk4YTFOalN6TWxHS29ZR1JpbmtjYTJrSlo4aE1RM3YydmhuRk5wVjA0RlMrMklXOFQ2YkZjaERvZVFhcnVNenNTZXVzYlkzL2xyU3pJMjFLU05lTXJHMUNlT2hrZ3BpcVh6VnpYTkoySkI0anBPd1JSdjdqdjhXc3Fxc3V1N2U5dlJmdk5teTY0Yld2NmMyWFNMZGNWYk5YY244OGNqZCt0c3hUS2QwamN4bk1rZzR6TGZXSFFoenRQUm04Q0M5ckYzZHFPVG9wSStjR3h1WEpMbGhFTnhHNWxLRVNSaWVNfA&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

0e886b87aeb96ecddc1499fcfced7ec04bb236095a43d7367e05dac4fec76f6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 11 Feb 2021 10:10:07 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2348
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 11 Feb 2021 10:10:08 GMT
location: https://mug.criteo.com/sid?cpp=BmQjeHxtY0N4amNIOEJiSXkzVFlCakJHTCszdUNOTFNEUG5LMkk4YTFOalN6TWxHS29ZR1JpbmtjYTJrSlo4aE1RM3YydmhuRk5wVjA0RlMrMklXOFQ2YkZjaERvZVFhcnVNenNTZXVzYlkzL2xyU3pJMjFLU05lTXJHMUNlT2hrZ3BpcVh6VnpYTkoySkI0anBPd1JSdjdqdjhXc3Fxc3V1N2U5dlJmdk5teTY0Yld2NmMyWFNMZGNWYk5YY244OGNqZCt0c3hUS2QwamN4bk1rZzR6TGZXSFFoenRQUm04Q0M5ckYzZHFPVG9wSStjR3h1WEpMbGhFTnhHNWxLRVNSaWVNfA&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1818
content-length: 509
expires: 0

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame C8B6 94 B
734 B 68ms
25ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%222bdf641b1fc366%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&s=f89c6581-6ec9-47da-8834-9a3ff5938d8e&pv=088e6b87-5173-46a1-bcb3-6223d070c875&vp=mobile&lib_name=prebid&lib_v=4.19.0&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22criteoId%22%3A%22AEu8rV85SmI4WE51UTlhR1NaV2xtUEFjeG1UNnFDcU45TyUyRnh2MEdQVlg0enJtRkF0RzlZeTgyMjhYUDBYZkRiMFVrWWtVZW10akhCcWlIdCUyQjNEdzZrbHFUVnclM0QlM0Q%22%2C%22pubcid%22%3A%2200c60a3f-7fff-4a0b-b748-8dc332c56fb8%22%7D&kw=watch%2Cout%2Cthe%2Cgreat%2Csuspender%2Cchrome%2Cextension%2Ccontains%2Cmalwaresecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

a980f713e3b8502e575ffd9f86c50bf4eb7139de1491ed27335b33b64631d28f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:08 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 119
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C8B6 0
117 B 101ms
70ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Thu, 11 Feb 2021 10:10:07 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C8B6 144 B
1 KB 99ms
68ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

f524a102607601c61d037ffcefce87bbeb1071253131d325a19728f8eb69be34

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:08 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.177:80
AN-X-Request-Uuid: f6510a1b-ad9d-476d-9f86-3da93c9db448
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame C8B6 171 B
558 B 46ms
30ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=6a0e3401-dafb-4d53-b6b5-c3cea616fe7f&nocache=1613038208540&criteoid=AEu8rV85SmI4WE51UTlhR1NaV2xtUEFjeG1UNnFDcU45TyUyRnh2MEdQVlg0enJtRkF0RzlZeTgyMjhYUDBYZkRiMFVrWWtVZW10akhCcWlIdCUyQjNEdzZrbHFUVnclM0QlM0Q&pubcid=00c60a3f-7fff-4a0b-b748-8dc332c56fb8&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divIds=24272x320x50x4142x_ADSLOT1&auid=540580841&tps=bXlrZXl3b3JkPXdhdGNoLG91dCx0aGUsZ3JlYXQsc3VzcGVuZGVyLGNocm9tZSxleHRlbnNpb24sY29udGFpbnMsbWFsd2FyZXNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9d2F0Y2gsb3V0LHRoZSxncmVhdCxzdXNwZW5kZXIsY2hyb21lLGV4dGVuc2lvbixjb250YWlucyxtYWx3YXJlc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 3792e3306ea1a389ea50352adaad3fd2315d6ccc0a5f1e69582cc6ed56d483c3

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
server: OXGW/16.202.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 OpenSans_Bold.woff
contextual.media.net/__media__/fonts/OpenSans_Bold/ Frame 0D65 25 KB
25 KB 25ms
24ms Font
application/font-woff 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/OpenSans_Bold/OpenSans_Bold.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25720
expires: Fri, 12 Feb 2021 10:10:08 GMT

GET
H2 200 nrrV63415.js Show response
contextual.media.net/4a/ Frame 1D93 88 KB
29 KB 62ms
58ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV63415.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "b88764f1c889943b3800a04d001e29c0"
vary: Accept-Encoding
x-mnet-h: 8-21
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 11 Feb 2021 10:10:08 GMT
content-length: 29185
expires: Thu, 25 Feb 2021 10:10:08 GMT

GET
H2 200 1.jpg
contextual.media.net/__media__/pics/800060601/ Frame 1D93 5 KB
5 KB 27ms
23ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800060601/1.jpg

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

05999befd49ad70a0d0648a08d12fa80206fa88822a907ff426f0eadcc437c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Tue, 29 May 2018 12:36:32 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/jpeg
cache-control: max-age=774306
accept-ranges: bytes
content-length: 4781
expires: Sat, 20 Feb 2021 09:15:14 GMT

GET
H2 200 2.jpg
contextual.media.net/__media__/pics/800060601/ Frame 1D93 4 KB
4 KB 59ms
56ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800060601/2.jpg

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0758ad694d2f74d096d49d79e32cb100eeb38dc6ff11c2f9a870de5eb5a35b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Tue, 29 May 2018 12:36:32 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/jpeg
cache-control: max-age=165651
accept-ranges: bytes
content-length: 3740
expires: Sat, 13 Feb 2021 08:10:59 GMT

GET
H2 200 3.jpg
contextual.media.net/__media__/pics/800060601/ Frame 1D93 3 KB
3 KB 60ms
57ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800060601/3.jpg

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0bdb519e9746b7b770969e860e0bbf41606bc4b814479ddd4f8688f2cafcc01a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Tue, 29 May 2018 12:36:32 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/jpeg
cache-control: max-age=139138
accept-ranges: bytes
content-length: 3376
expires: Sat, 13 Feb 2021 00:49:06 GMT

GET
H2 200 4.jpg
contextual.media.net/__media__/pics/800060601/ Frame 1D93 5 KB
5 KB 60ms
57ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/__media__/pics/800060601/4.jpg

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9282ea078a317f764d3883e732d14a2e80575e437b710144396d453f5a19139a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Tue, 29 May 2018 12:36:32 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/jpeg
cache-control: max-age=853322
accept-ranges: bytes
content-length: 5051
expires: Sun, 21 Feb 2021 07:12:10 GMT

GET
DATA 200
OK truncated
/ Frame 1D93 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf9b76f5559de92c2cc7df8fa751c09d9a3bbfada6123d975c75c4a093f8cfeb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1D93 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1D93 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 OpenSans-Regular.woff
contextual.media.net/__media__/fonts/OpenSans-Regular/ Frame 1D93 66 KB
66 KB 19ms
18ms Font
application/font-woff 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/OpenSans-Regular/OpenSans-Regular.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5256d55a499ecb71f04dd716cfdf75bf9fe5f863620ec6634e3b43b4e6b11fd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 67528
expires: Fri, 12 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 0D65 15 B
397 B 12ms
9ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001613038207811015095070726064&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYCOqVQZlt2Bci8fUTps6vDNfKRrY-fAPvzWLXVbLeDmOsN6TbUNiNJF9HzJm0vzUok3XyFvsgRqY&lpid=&tsid=1&q=&prv=&type=&ps=&cme=XVK9LqZbwBg2mGCwAzpLp4luGKLNFdogCtEFx_CaW7qKs9hu5i3ZzJKxZ0HMh0FwCZFny3KTQzCt88fVvVovASErd8n8nS8_s9yD26SJ-5y3iVW4ndveUnNStb9ORMtW-zWMf7HqZoXC0jT5dKdgrxmPqrhuGAzfLBGzVx3XPsP4OdNndXiLrgjE8njIEdmfAcGVGG1bYuEaRYNtUCr4wfyz_wCWOIJZ%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CSKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA%3D%3D%7CN7fu2vKt8_s%3D%7CzeQrVoT0xVEEwFjTMI3ZvKuvIpi8VEt1sphH5HeEChfYcWgCo6fyQhNyBi-OXslq27WrkoCepaVQ3leWEkCfkOfDUybqTuCMjNDD9nSlrbEMLVIcGRP68_YrLh7inRnQtZ0oEjqN2fsUhgJz229flmP-isvGHXbIJi_deOds-lnX-eak7RBRqdXo-_UpszObmUPWmALT4AWj3oxeh2g9NPbXoQJiMMEA%7C&hint=&td=&cc=DE&wsip=170721381&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329900794&kbc2[]=ps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D2.08&ktd[]=281749871526144&kwd[]=Practical%20Malware%20Analysis&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=329811000&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.31%7C%7Clvl%3D1.00&ktd[]=284498650861824&kwd[]=Malware%20Free%20Download&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=210330434&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.37%7C%7Clvl%3D1.29&ktd[]=283948895047936&kwd[]=Free%20Malware%20Antivirus%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=329809631&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.33%7C%7Clvl%3D1.29&ktd[]=283948895047936&kwd[]=Malware%20Removal%20Software&kwt[]=439&kbc[]=1202866661&kwp[]=5&kid[]=18327823&kbc2[]=c%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%20%3E%20antivirus%20%26%20malware%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.943%7C%7Crpc%3D0.50%7C%7Clvl%3D1.00&ktd[]=283948911825152&rand=1613038208553&cid=8CU5BD6EW&vwid=1613038207764263789&vi=1613038207764263789&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1613038207156409097&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1613038207811&upk=1613038208.12494&hvsid=00001613038207811015095070726064&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=53&matm=1613038208563&vgd_ltime=779&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=801338199&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D53&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721381&vgd_nrrsf=nrr&vgd_nrrv=63415&vgd_nrrs=63415&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=3992&vgd_cty=FRANKFURT&vgd_l1hcsd=A15%7C992&vgd_sethcsd=C21%7C983&vgd_cfud=200303&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1613038207764263789%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D6%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114272%252fmalware%252fthe-great-suspender-extension-malware.html%26%26katid%3D801338199%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:08 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:08 GMT

POST
H2 200 log
navvy.media.net/ Frame 0D65 807 B
998 B 425ms
350ms Other
image/gif 52.53.68.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.53.68.248 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-53-68-248.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 11 Feb 2021 10:10:08 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 45ms
45ms Other
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1177
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 20ms
13ms Other
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1713
date: Thu, 11 Feb 2021 10:10:07 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame B2EE
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&bundle=Bm0f4V9EclNldDZneWNDalBEang5TVglMkI5eGxYdUlvQVFqdFFKQW96YzE0WVpvejVuR1FhSkY...
https://mug.criteo.com/sid?cpp=rj_DEnxDTXBnaWVrLzBYTUpFSlc2eTMydmRFbTZZN0wxdlQwaUZMRlk3bUtpWno3M2lyWW9tU003T2UzODhxbUNJaHQ0YmJCbEZyWUZhTW1Gd2Jza2JaSXdMS0U4RFliMEtLMVljZUkwc3o1OUN5c2NDVTFYMDZMVTh2Zy...

347 B
629 B

24ms
24ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=rj_DEnxDTXBnaWVrLzBYTUpFSlc2eTMydmRFbTZZN0wxdlQwaUZMRlk3bUtpWno3M2lyWW9tU003T2UzODhxbUNJaHQ0YmJCbEZyWUZhTW1Gd2Jza2JaSXdMS0U4RFliMEtLMVljZUkwc3o1OUN5c2NDVTFYMDZMVTh2Zys0bFhEeSt6aGJoZy93OTUyKytvcFBINkliTFk1c09MVjU0bDVMcEJJYmdpSnZYemtzZ2EzK29ZRE45aDVKcGpHU1ZkNU1ReVRKc2J3dEdVVnhzcXd4K2FVSWFEekN5SE51aGtVSHUzdlk4WkdaMVc1RTRRMmh5MkRFVFpVUXIzWjU4OXdqc3U5fA&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e785794ef4c9334b2ecb02cb76948a4318d547c325ecb463f450f3472d05af41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 11 Feb 2021 10:10:07 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2314
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 11 Feb 2021 10:10:07 GMT
location: https://mug.criteo.com/sid?cpp=rj_DEnxDTXBnaWVrLzBYTUpFSlc2eTMydmRFbTZZN0wxdlQwaUZMRlk3bUtpWno3M2lyWW9tU003T2UzODhxbUNJaHQ0YmJCbEZyWUZhTW1Gd2Jza2JaSXdMS0U4RFliMEtLMVljZUkwc3o1OUN5c2NDVTFYMDZMVTh2Zys0bFhEeSt6aGJoZy93OTUyKytvcFBINkliTFk1c09MVjU0bDVMcEJJYmdpSnZYemtzZ2EzK29ZRE45aDVKcGpHU1ZkNU1ReVRKc2J3dEdVVnhzcXd4K2FVSWFEekN5SE51aGtVSHUzdlk4WkdaMVc1RTRRMmh5MkRFVFpVUXIzWjU4OXdqc3U5fA&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1884
content-length: 509
expires: 0

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ Frame B2EE 275 B
647 B 332ms
128ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6a99e7d178fd19b946a936a0f64d31a1af2e843b889ab515ada00d38622c5d67

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:08 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 275
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ Frame B2EE 105 B
462 B 357ms
150ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 15b2e4fdeb4053c26f863c023802b5813595a678ff413577262a536c226f7810

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:08 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 105
Expires: 0

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ Frame B2EE 62 B
389 B 133ms
101ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidcriteo.com=8BqZW185SmI4WE51UTlhR1NaV2xtUEFjeG1UNnFDcU45TyUyRnh2MEdQVlg0enJtRkF0RzlZeTgyMjhYUDBYZkRiMFVrWWtQelNzZHpSNnAyVDhsNG1UdTRZaTJnJTNEJTNE&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 86c35da14b642d6dd564c254eecf315ba52e11b3becb2172aa56d185e0b09ca7

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 11 Feb 2021 10:10:08 GMT
Server: ATS/7.1.2.128
Age: 0
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame B2EE 94 B
647 B 26ms
26ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%226b027d13c43a2d%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&s=095d1a92-8df0-409f-a53c-eb2471a3631a&pv=8380aec4-e300-4eb9-a524-d5f78c65eab7&vp=mobile&lib_name=prebid&lib_v=4.19.0&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22criteoId%22%3A%228BqZW185SmI4WE51UTlhR1NaV2xtUEFjeG1UNnFDcU45TyUyRnh2MEdQVlg0enJtRkF0RzlZeTgyMjhYUDBYZkRiMFVrWWtQelNzZHpSNnAyVDhsNG1UdTRZaTJnJTNEJTNE%22%2C%22pubcid%22%3A%2200c60a3f-7fff-4a0b-b748-8dc332c56fb8%22%7D&kw=watch%2Cout%2Cthe%2Cgreat%2Csuspender%2Cchrome%2Cextension%2Ccontains%2Cmalwaresecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

c9211408b2da6ec562ace48170a743450a5ed8130f0cde7795786900262ebde8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:08 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 119
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame B2EE 0
61 B 54ms
54ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Thu, 11 Feb 2021 10:10:07 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame B2EE 174 B
360 B 127ms
127ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e0e6deb5-89de-4c35-b34c-cbabb0227799&nocache=1613038208650&criteoid=8BqZW185SmI4WE51UTlhR1NaV2xtUEFjeG1UNnFDcU45TyUyRnh2MEdQVlg0enJtRkF0RzlZeTgyMjhYUDBYZkRiMFVrWWtQelNzZHpSNnAyVDhsNG1UdTRZaTJnJTNEJTNE&pubcid=00c60a3f-7fff-4a0b-b748-8dc332c56fb8&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divIds=24270x300x250x4142x_ADSLOT1&auid=540580840&tps=bXlrZXl3b3JkPXdhdGNoLG91dCx0aGUsZ3JlYXQsc3VzcGVuZGVyLGNocm9tZSxleHRlbnNpb24sY29udGFpbnMsbWFsd2FyZXNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9d2F0Y2gsb3V0LHRoZSxncmVhdCxzdXNwZW5kZXIsY2hyb21lLGV4dGVuc2lvbixjb250YWlucyxtYWx3YXJlc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 2e66ceada3ba51ef5880a56231ac2cea0a5c39a07cf74b53eb4c39a673f2ee67

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
server: OXGW/16.202.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B2EE 145 B
1 KB 241ms
240ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

dbe1c30a690860dc0f73eaf536c563d2116a7621886ac9147136620c56e7fad4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:08 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.79:80
AN-X-Request-Uuid: 8230ef4b-bf6a-46e9-bf44-cdb777155ac5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3A39 56 KB
19 KB 47ms
46ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

bb3cc6af6f13fdac2b76ddb393d32a0e2dcbb082e2b98231b30348c13d9b9649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "780 / 239 of 1000 / last-modified: 1612998653"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19122
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame C8B6 5 KB
5 KB 103ms
101ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v448
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: edf4cc2a6568cffbf6b0c85cea42adb62f64a6f84c1643a30a2e603272f915c7

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:08 GMT
Last-Modified: Wed, 10 Feb 2021 19:17:31 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "6024314b-1229"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 4649
Expires: Sat, 13 Feb 2021 10:10:08 GMT

GET
H2 200 9ffb94d3-eb06-4283-a401-ad66e9e7d1f1.jpg
cvision.media.net/new/100x75/2/174/75/96/ Frame 1D93 8 KB
8 KB 39ms
28ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cvision.media.net/new/100x75/2/174/75/96/9ffb94d3-eb06-4283-a401-ad66e9e7d1f1.jpg?v=9
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 359427da432c5d4dae952d19aadf9d5f5cd8ca582bd3a6f4970aeecdbc93f0a0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Wed, 21 Mar 2018 05:17:51 GMT
server: nginx
accept-ranges: bytes
etag: "5ab1eaff-20d1"
content-length: 8401
content-type: image/jpeg

GET
H2 200 e9318584-cb7a-4c84-9a94-867e7e31b317.jpg
cvision.media.net/new/100x75/2/122/244/84/ Frame 1D93 9 KB
9 KB 60ms
49ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cvision.media.net/new/100x75/2/122/244/84/e9318584-cb7a-4c84-9a94-867e7e31b317.jpg?v=9
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 64264b251d6b9fabc4c6416d8452618964d32dafe13c980139ddb1b83ea2af80

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Mon, 19 Mar 2018 06:05:24 GMT
server: nginx
accept-ranges: bytes
etag: "5aaf5324-2533"
content-length: 9523
content-type: image/jpeg

GET
H2 200 10adb5f8-344e-4bd2-8d0b-7e805281586b.jpg
cvision.media.net/new/100x75/3/108/131/132/ Frame 1D93 7 KB
7 KB 61ms
50ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cvision.media.net/new/100x75/3/108/131/132/10adb5f8-344e-4bd2-8d0b-7e805281586b.jpg?v=9
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 55609819c8c37a264b50824e5e20c7a8a7f37672138d1e078fdd00e019b3ecf4

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Sat, 31 Oct 2020 19:22:10 GMT
server: nginx
accept-ranges: bytes
etag: "5f9db962-1c1b"
content-length: 7195
content-type: image/jpeg

GET
H2 200 9d41424c-af18-42cf-ab7b-7aa5c9731c3f.jpg
cvision.media.net/new/100x75/4/53/191/18/ Frame 1D93 9 KB
9 KB 59ms
48ms Image
image/jpeg 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cvision.media.net/new/100x75/4/53/191/18/9d41424c-af18-42cf-ab7b-7aa5c9731c3f.jpg?v=9
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 8e5eb18d8a8e86f3a4403b53bcfe76a5a4a550b9ffb6ae6edd24d366200db0cb

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
last-modified: Fri, 09 Mar 2018 03:10:17 GMT
server: nginx
accept-ranges: bytes
etag: "5aa1fb19-23ba"
content-length: 9146
content-type: image/jpeg

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 22ms
19ms Other
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1089
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H3-Q050 200 pubads_impl_2021020801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3A39 288 KB
101 KB 44ms
42ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

2d8a5cf0e0ee804d8ffc7cffa8ba1ec6dc69f7a7e20afefc16eb947c36aab149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Feb 2021 09:37:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103421
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 1D93 15 B
397 B 9ms
8ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001613038207819015095070727176&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYCOqVQZlt2Bci8fUTps6vDNfKRrY-fAPvzWLXVbLeDmOsN6TbUNiNJHKins_r-t4TXyhrVobpbCj&lpid=&tsid=1&q=&prv=&type=&ps=&cme=bZfsoLTPqPw5JsGPrDBtyvQgv8jLHUIfmQ6NM64BuFeGqXYgQAL2Qn7FJuR88SX2NySUcbCM-MILyDPj9_vv7E_AyIVydeSXsB_H3eg2t3yI4rG12TiVQj1v1N9fgsQiB4giM3oyKJz-h0ODcBNEWC6nSGX14Afw2QcbYIP4UIT_Wc_tHQHxou53SnAExoLuleWBhFvZfvX_pLiGdRi2v1CtndR42fOZ6s-t06j6gzk%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CSKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA%3D%3D%7CN7fu2vKt8_s%3D%7CQ-hxn93pHCDmQTQFvQjvw1F1bvMbUNR8obAFmUZIFaskovtm9tj9tlrKkzMwAj7CAiHaaTVlK12HJNxzd6OHlOA05vwANIyzt5LJzoLzWNxIXh_feVs03ql118uN713CHf8qKMiPc4oop9oru16oZc9zeXUOS9mFvcaMzb2F7aybQ5d3Ur6mmbw5tJCvu2t09q6vo20-l801OSu8ssEmsEBsiimEiqQF%7C&hint=&td=&cc=DE&wsip=2886934051&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_setid=NufozNuN&&rc=0&ksu=207&fdkt=439&kwd[]=Best%20Antivirus%20Software%20of%202021&kwt[]=439&kbc[]=1202866661&kwp[]=1&kid[]=329900794&kbc2[]=ir%3D1%7C%7Ciid%3D3099599%7C%7Cps%3D0.943%7C%7Crpc%3D0.35%7C%7Clvl%3D2.08&ktd[]=281752287445248&kwd[]=Advanced%20Malware%20Protection&kwt[]=439&kbc[]=1202866661&kwp[]=2&kid[]=326682891&kbc2[]=c%3D1%7C%7C*~malware~protection%7C%7Cdiff%3D1%7C%7Csetid%3D2%7C%7Cir%3D1%7C%7Ciid%3D5615051%7C%7Cps%3D0.943%7C%7Crpc%3D1.31%7C%7Clvl%3D1.00&ktd[]=576762294189822208&kwd[]=Malware%20Free%20Download&kwt[]=439&kbc[]=1202866661&kwp[]=3&kid[]=210330434&kbc2[]=c%3D1%7C%7C*~malware~*%7C%7Cdiff%3D1%7C%7Csetid%3D1%7C%7Cir%3D1%7C%7Ciid%3D6612495%7C%7Cps%3D0.943%7C%7Crpc%3D0.37%7C%7Clvl%3D1.29&ktd[]=288531918038110464&kwd[]=Malware%20Virus&kwt[]=439&kbc[]=1202866661&kwp[]=4&kid[]=18327865&kbc2[]=c%3D1%7C%7C*~malware~*%7C%7Cdiff%3D1%7C%7Csetid%3D1%7C%7Cir%3D1%7C%7Ciid%3D1692895%7C%7Cps%3D0.943%7C%7Crpc%3D0.39%7C%7Clvl%3D1.00&ktd[]=288532469404537088&rand=1613038208683&cid=8CU5BD6EW&vwid=1613038207713998985&vi=1613038207713998985&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1613038207156409097&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1613038207819&upk=1613038208.12494&hvsid=00001613038207819015095070727176&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=6&matm=1613038208686&vgd_ltime=935&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_katid=807056978&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D6&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886931942&vgd_nrrsf=nrr&vgd_nrrv=63415&vgd_nrrs=63415&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=723&vgd_ren_page_h=3992&vgd_cty=FRANKFURT&vgd_l1hcsd=A15%7C992&vgd_sethcsd=C21%7C983&vgd_cfud=191226&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&oRurl=http%3A%2F%2Fcdn3ncc%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1613038207713998985%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D3%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114272%252fmalware%252fthe-great-suspender-extension-malware.html%26%26katid%3D807056978%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A4&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:08 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:08 GMT

POST
H2 200 log
navvy.media.net/ Frame 1D93 807 B
997 B 411ms
411ms Other
image/gif 52.53.68.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV63415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.53.68.248 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-53-68-248.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:08 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 11 Feb 2021 10:10:08 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3A39 109 B
803 B 49ms
28ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3A39 109 B
247 B 28ms
27ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 10:10:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3A39 45 KB
11 KB 387ms
386ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1472999931586433&correlator=2997758854402464&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21065724&vrg=2021020801&ptt=17&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210211&iu_parts=330713950%2C32050&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&cookie_enabled=1&cdm=securityaffairs.co&bc=31&abxe=1&lmt=1613038208&dt=1613038208896&dlt=1613038208668&idt=208&frm=23&biw=1600&bih=1200&isw=320&ish=50&oid=3&adxs=320&adys=1035&adks=3772840268&ucis=5jc04i9pazv1&ifi=1&ifk=2643423413&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&top=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x50&msz=320x50&ga_vid=1514393744.1613038209&ga_sid=1613038209&ga_hid=1602569345&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

641ab443b1e2952f593605c9191580f085db47a97c5f1a160ae997982f2a2bfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11142
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
e9f680da7706f81d4fff3a11616db5d1.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 3A39 0
0 61ms
14ms Other
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://e9f680da7706f81d4fff3a11616db5d1.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=3
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 3A39 0
0 26ms
6ms Other
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=3
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H/1.1

200
OK

setuid
prebidserver.pixfuture.com/ Frame B2EE
Redirect Chain

https://cm.mgid.com/m?cdsp=363893&adu=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dmgid%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%7Bmuidn%7D
https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1b9XFS5oRa2

36 B
36 B

306ms
104ms

Image
text/plain

157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1b9XFS5oRa2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:09 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 36
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:09 GMT
cf-cache-status: DYNAMIC
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-mg-request-uuid: ed667313-9882-4481-9171-4467e0e86ac1
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location: https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1b9XFS5oRa2
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 61fd4746696cee89-CDG
content-type: image/gif
cf-request-id: 08322ae0040000ee892aa76000000001
server: cloudflare

GET
H3-Q050 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 706C 56 KB
19 KB 42ms
41ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

50e09cc0e23a6d571c1673f81c93b4d96ebee901093ef9ef39ca4b3130237630

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "780 / 535 of 1000 / last-modified: 1612998733"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19121
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:09 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame B2EE 5 KB
5 KB 100ms
100ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v604
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: edf4cc2a6568cffbf6b0c85cea42adb62f64a6f84c1643a30a2e603272f915c7

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 11 Feb 2021 10:10:09 GMT
Last-Modified: Wed, 10 Feb 2021 19:17:31 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "6024314b-1229"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 4649
Expires: Sat, 13 Feb 2021 10:10:09 GMT

GET
H3-Q050 200 pubads_impl_2021021001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 706C 288 KB
101 KB 40ms
40ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

c11fb9ac4922e75ae9e0a017f41ae36febd8a185834b7bb608e9049ebe68da62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 10 Feb 2021 15:07:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103470
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:09 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 706C 109 B
781 B 56ms
42ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 706C 109 B
781 B 56ms
42ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 706C 5 KB
3 KB 321ms
321ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=569946870637699&correlator=324376693008288&output=ldjh&impl=fif&eid=21068773%2C21068891%2C31060132&vrg=2021021001&ptt=17&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210211&iu_parts=330713950%2C300250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie_enabled=1&cdm=securityaffairs.co&bc=31&abxe=1&lmt=1613038209&dt=1613038209197&dlt=1613038209008&idt=174&ea=0&frm=23&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1482078445&ucis=37tv7mhca7qv&ifi=1&ifk=1996497099&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&top=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=0x0&ga_vid=822405967.1613038209&ga_sid=1613038209&ga_hid=112877277&fws=256&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

39f8b09328f35e49a17fcc0c9ae10f08704bd985898ff05a00743414628f8c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2734
x-xss-protection: 0
google-lineitem-id: 5613473239
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138339031494
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
41e4d3201ceca50b7902c80ef023a9e9.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 706C 0
0 49ms
14ms Other
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://41e4d3201ceca50b7902c80ef023a9e9.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=3
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 706C 0
0 33ms
20ms Other
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=3
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/022010270040000/ Frame BE1D 180 KB
51 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

700d1d900f10d454a72ce90127520d4ecbbc35725e63b2b2fe9a46e9c9d3fc02

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 594805
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51484
x-xss-protection: 0
server: sffe
date: Thu, 04 Feb 2021 12:56:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6d03694bae3d062c"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Feb 2022 12:56:44 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/022010270040000/v0/ Frame BE1D 13 KB
5 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 539074
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Fri, 05 Feb 2021 04:25:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Feb 2022 04:25:35 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/022010270040000/v0/ Frame BE1D 90 KB
27 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101641
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 05:56:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 05:56:08 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/022010270040000/v0/ Frame BE1D 3 KB
1 KB 44ms
23ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 594817
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Thu, 04 Feb 2021 12:56:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Feb 2022 12:56:32 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/022010270040000/v0/ Frame BE1D 41 KB
13 KB 45ms
23ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 539077
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Fri, 05 Feb 2021 04:25:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Feb 2022 04:25:32 GMT

GET
DATA 200
OK truncated
/ Frame BE1D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c868b299958770fcae4a613c4c42ac2682d6770303b78f32d2d1b64a3abc0b8

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 17543944402842723912
tpc.googlesyndication.com/simgad/ Frame BE1D 7 KB
7 KB 8ms
7ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17543944402842723912?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnMv-Bztyl4oIJYXZcsJaFatzKRFg

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c52676878b0c01bcda6f154c2a2ac21b41e8d1c3a626b8dbf19571828ee71078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 10:20:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Jan 2021 19:45:46 GMT
server: sffe
age: 604158
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6965
x-xss-protection: 0
expires: Fri, 04 Feb 2022 10:20:51 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BE1D 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 10 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 76406
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 11 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BE1D 295 B
389 B 8ms
6ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 20671
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 12 Feb 2021 04:25:38 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame BE1D 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTlRgLFLQ0V2H7oJKTIlLWbrFUCmUcrPkfcMrF8PtfhWzbx7bmneJKcbSfBLXWkc5WZ3OwZ
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BE1D 0
0 45ms
44ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CoI4HgAIlYNj3ONaY3gPskLmoBemz16Fh15T-to0N6Kq2lYsDEAEgo4eWHmCV-vCBjAegAZPcg9UDyAEC4AIAqAMByAMIqgSlAk_Qka0xlTd7ZfO8S9XUh3uBx9D_okwI6DVzJa-QA1qNdZtQD9_lsV3KukpfxQxmqGOG5mAgSkRXgBMfHVHSnlZOmpESrM4HDG4cwS2Ki_yIiOGGWZQfnzt3gv_-AdZNoh214RedAcL3mBZ1UD3d6auWoQdJmd6ov0pFX6Tacjl4zy3bGDTDkzT5uu9OISgUyLnFnBrDej-bSwbFjjGbMzLjqGDqPE_Hl6Y3iSAsfuYdPaDOq56wN4-n6qSRooTuA9k70jMhhepHmLdPlJK7ipNbF4uBqbVSpB76LT6ledLPxvAqtHvThvWaNAnLznbS_0d3BAyK1l29PA5v__2Yq31_pI4q88n3G2JqrbnV8VhvU8riV7XHtDcfTKAgyHcBYK8XAxe4wATuyJm1qQPgBAGgBgKAB9Wj_CqoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQipUX0ggJCIDhgFAQARgdgAoDyAsB2BMDshcaChgIABIUcHViLTE1NzU5MTE1ODU0MzI1NDg&sigh=w-oHmLj91T8&tpd=AGWhJmtuYNYavlQ9JnfF_vNUX58kTaZNORYuBuqidBK411DE6Q
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3A39 8 KB
7 KB 51ms
32ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021020801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acb217dda8f1be01f773db92c1621d7f4203cb06ab1c6f713efddb8ee764af85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6418
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3A39 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021020801.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:09 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 8ms
8ms Image
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&katid=807619797&kals=ttype%3D10002%7C%7Cpc%3D5&katen=1&pc=5&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=XVK9LqZbwBgtj9K_BE2bo6DVO0l3Dh1a6zB6eDKZwE523zmIuvHnmdkXRUVzt9iLL07heJRdZQzKIvI-riMY3gyTKGjUf_tN9YneGrdVSVX4L2NKnPnDsHzl_knoeta47Bke_MbDkpuK04OsoCCbqGwMpSSx9qigbGKyEbyGw74Pm4mTWtQ3ikp6dOKw3fH-Kc7Xk4MCjkQe8fdaAF4Wz1brdzL00vSBwgHcpodODmE=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|SKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA==|N7fu2vKt8_s=|eyOPkfgOPIiYe-ibRqfODqKheuXEsR_Az54I-eTMi4cQY906EKBB1VcD-TNjhOUzbVv1mRYRq16rLVfgl9LIjNDETj0t1tVGalrC_blBoCUpN5Fxv0nHX8wLWEGQvLaQs2Cv0qlJz27vLlPzgI4GuB8VOV5jW4eS5iFMFcRCh3XBRRuHsjKEcBERheIO7P1xKfComrpoqS6zolRvYfON1J6WU4modGYQ|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=829833831&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vi=1613038207588307252&ugd=4&cc=DE&sc=HE&startTime=1613038207602&l2type=setting&vgd_l1rakh=1613038207156409097&l1ch=1&sttm=1613038207608&upk=1613038208.12494&hvsid=00001613038207608015095070721975&verid=4121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A15|992&vgd_uspa=0&vgd_isiolc=1&clp=%7B%7D&l2ch=0&l2wsip=2886934385

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:09 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:09 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame BE1D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 11 Feb 2021 10:10:09 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/221/ Frame B6B9 0
0 6ms
5ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Thu, 11 Feb 2021 09:09:39 GMT
expires: Fri, 11 Feb 2022 09:09:39 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3630
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 8ms
8ms Image
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&katid=801338199&kals=ttype%3D10002%7C%7Cpc%3D53&katen=1&pc=53&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=XVK9LqZbwBg2mGCwAzpLp4luGKLNFdogCtEFx_CaW7qKs9hu5i3ZzJKxZ0HMh0FwCZFny3KTQzCt88fVvVovASErd8n8nS8_s9yD26SJ-5y3iVW4ndveUnNStb9ORMtW-zWMf7HqZoXC0jT5dKdgrxmPqrhuGAzfLBGzVx3XPsP4OdNndXiLrgjE8njIEdmfAcGVGG1bYuEaRYNtUCr4wfyz_wCWOIJZ||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|SKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA==|N7fu2vKt8_s=|zeQrVoT0xVEEwFjTMI3ZvKuvIpi8VEt1sphH5HeEChfYcWgCo6fyQhNyBi-OXslq27WrkoCepaVQ3leWEkCfkOfDUybqTuCMjNDD9nSlrbEMLVIcGRP68_YrLh7inRnQtZ0oEjqN2fsUhgJz229flmP-isvGHXbIJi_deOds-lnX-eak7RBRqdXo-_UpszObmUPWmALT4AWj3oxeh2g9NPbXoQJiMMEA|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vi=1613038207764263789&ugd=4&cc=DE&sc=HE&startTime=1613038207809&l2type=setting&vgd_l1rakh=1613038207156409097&l1ch=1&sttm=1613038207811&upk=1613038208.12494&hvsid=00001613038207811015095070726064&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A15|992&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&l2ch=0&l2wsip=170721381

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:09 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:09 GMT

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 4651 0
0 6ms
5ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html?n=3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Feb 2021 12:56:44 GMT
expires: Fri, 04 Feb 2022 12:56:44 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 594805
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 706C 74 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060132

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80a1ae567d396855243284e674876bb0d856f0e7a18d3c0142f0828513716dfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960672666234"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28344
x-xss-protection: 0
expires: Thu, 11 Feb 2021 10:10:09 GMT

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame 706C 0
0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3A39 0
141 B 42ms
42ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021020801&jk=1472999931586433&bg=!nJ-ln9zNAAWP4B5EjzsAKQB2-DxaGkRoLPRZKbeW-tuLXOPhW9gxzFbJ_sgwBns96Q3Glu7M4Ok6AgAAAD5SAAAADmgBBwoAusvPtltYkipX3Zqx2vI1OPYNEisoCg1vDUVgFL1I8y0t7FWOrRBPzCRuEy0qazz6NyG0ei5JpFw2XLHWSesZM3eJY0XVai0DuEHPl6zXek01D3WtHTC6WOC0iXWH4Iy5PlwDLESDJG50ZZbdHo33dI1sZZrs_axsOa7FTKSbSgZ4yiJsJOLt0P0HuCyRjcsZLmT0ADilT5odNTuZGcZKca0h2Fgn4eUuBwVHyWmKxVeJ0UDo0AGiPU8hQ5kCLcWr1ceBZOJnu1razyWicX1cB97tFmZtERNOBHU5o4rYPOnE3sTloRVP3o02XZW3X4MdamYu1APv9idFfIwFdeyg_azo33p9nGebBBwhLw3r-Ak9lVafJHgEo1q8hUyg5HeS6-R4vFVpbpxuHtrw6hg16c5uVFUQT3r4-BycfK9LN017zkg1htrQtDAT2N4x9W7Z7O3QI6oWMmjeut_CczKc_Doovq7MCvFdDhhfxaFxeP-a4QiN3Q5DbqK_gWI_Kg0_OPO3Zn-6oQbh91-otysRMT9wp0fW7t7OBXXFG4j4f77Sf1mhms2K7p3Kx8fLs3WMoCb_9Xvb3CSKCI_l5PB5WJMcrKEdtdamdAWMMQa2kYTggM_fh6bgcResCME-w1iNWA_wogCgTwMgMiPiVKucdsozGrLIHrdwBEMzI-869o2DLwUTUdqzkQyB113gN7X1YVJ4t1sRg5gxJ_PXT_bocCbMrVSYw7Ta51hfpi8OUJRphkVOkCqazm1P8VgFGTmD4Z56whTqUDqysHIjhdcHl3XqixmDd-1MJaLK3XLMwERTUEBL_BUgokltLn68CRknnRNasvI7TzExip210HjxFbEELObHP5kvHNNdjs_5leP_Aikc6NjudGVzSlahAGUI7ZImjoC5Hh4q60IXHAX7yF8gC7yNmkFyc83rIwDdqkuN-pxLQWYqdY7MbnhVdO-DsT-quapjtsgIBFqQwh3amyELt-RSD-Mgfzu4

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 8ms
8ms Image
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&katid=807056978&kals=ttype%3D10007%7C%7Cpc%3D6&katen=1&pc=6&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=bZfsoLTPqPw5JsGPrDBtyvQgv8jLHUIfmQ6NM64BuFeGqXYgQAL2Qn7FJuR88SX2NySUcbCM-MILyDPj9_vv7E_AyIVydeSXsB_H3eg2t3yI4rG12TiVQj1v1N9fgsQiB4giM3oyKJz-h0ODcBNEWC6nSGX14Afw2QcbYIP4UIT_Wc_tHQHxou53SnAExoLuleWBhFvZfvX_pLiGdRi2v1CtndR42fOZ6s-t06j6gzk=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|SKsdMiWxgQaQ5BRIpB7nsXxgopq2MeRB3kUoRLHQ9rNTaDFmiH1qSkx2fiFJao-SuXgHOQ3f3oyoX8cx-u3ZbPQcilvYg3XFPECb3_aWPnPr_SWUh_HRbA==|N7fu2vKt8_s=|Q-hxn93pHCDmQTQFvQjvw1F1bvMbUNR8obAFmUZIFaskovtm9tj9tlrKkzMwAj7CAiHaaTVlK12HJNxzd6OHlOA05vwANIyzt5LJzoLzWNxIXh_feVs03ql118uN713CHf8qKMiPc4oop9oru16oZc9zeXUOS9mFvcaMzb2F7aybQ5d3Ur6mmbw5tJCvu2t09q6vo20-l801OSu8ssEmsEBsiimEiqQF|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114272%2Fmalware%2Fthe-great-suspender-extension-malware.html&vi=1613038207713998985&ugd=4&cc=DE&sc=HE&startTime=1613038207818&l2type=setting&vgd_l1rakh=1613038207156409097&l1ch=1&sttm=1613038207819&upk=1613038208.12494&hvsid=00001613038207819015095070727176&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A15|992&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&l2ch=0&l2wsip=2886931942

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Thu, 11 Feb 2021 10:10:09 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 11 Feb 2021 10:10:09 GMT

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ Frame C8B6 44 B
329 B 34ms
17ms XHR
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity/envelope?pid=1258

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.207.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

148.207.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame C8B6 109 B
544 B 92ms
30ms XHR
application/json 54.74.225.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.74.225.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-74-225-211.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 38e916e7d619184fa600efce6e8526f00d80ace2cbed157bc69e808d0ec773e6

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:09 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sat, 13 Mar 2021 10:10:09 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 8774 0
0 29ms
9ms Document
text/html 184.30.20.185
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.185 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-185.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=6909035466613222539; icu=ChgI3sJXEAoYAiACKAIwgIWUgQY4AkACSAIQgIWUgQYYAQ..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 12 Feb 2021 10:10:11 GMT
Date: Thu, 11 Feb 2021 10:10:09 GMT
Connection: keep-alive

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 1D51 0
0 26ms
23ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=00c60a3f-7fff-4a0b-b748-8dc332c56fb8|1613038208
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=00c60a3f-7fff-4a0b-b748-8dc332c56fb8|1613038208; Version=1; Expires=Fri, 11-Feb-2022 10:10:09 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1613038209|gekin0vNiygu; Version=1; Expires=Fri, 26-Feb-2021 10:10:09 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 11 Feb 2021 10:10:09 GMT
content-type: text/html
content-length: 414
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 2536 0
0 9ms
8ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=150138
Expires: Sat, 13 Feb 2021 03:52:27 GMT
Date: Thu, 11 Feb 2021 10:10:09 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame B2EE 108 B
690 B 32ms
32ms XHR
application/json 54.74.225.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.74.225.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-74-225-211.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2e24dc9de56114f060ace94384bf33e0b704f69138a7b8f888232cb9189dfdc9

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:10 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Sat, 13 Mar 2021 10:10:10 GMT

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame E413 0
0 9ms
8ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=158127:2; KADUSERCOOKIE=9806B155-1C78-4880-B95E-B4D51A28DDA9; chkChromeAb67Sec=1; DPSync3=1614211200%3A201_227_226_221; SyncRTB3=1614211200%3A3_165_189_56_223_8_176_21_78_71_166_22_81_222_220_13_161_5_55_204_88_99_54_7%7C1613606400%3A15_67_2%7C1615593600%3A203%7C1614297600%3A35%7C1613865600%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=150137
Expires: Sat, 13 Feb 2021 03:52:27 GMT
Date: Thu, 11 Feb 2021 10:10:10 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame FF26 0
0 24ms
24ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=00c60a3f-7fff-4a0b-b748-8dc332c56fb8|1613038208; pd=v2|1613038209|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=00c60a3f-7fff-4a0b-b748-8dc332c56fb8|1613038208; Version=1; Expires=Fri, 11-Feb-2022 10:10:10 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1613038209.1|kiiygevNgun0.mWgqsLommOns; Version=1; Expires=Fri, 26-Feb-2021 10:10:10 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 11 Feb 2021 10:10:10 GMT
content-type: text/html
content-length: 315
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 03EB 0
0 9ms
9ms Document
text/html 184.30.20.185
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.185 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-185.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=6909035466613222539; icu=ChgI3sJXEAoYAiACKAIwgIWUgQY4AkACSAIQgIWUgQYYAQ..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 12 Feb 2021 10:10:12 GMT
Date: Thu, 11 Feb 2021 10:10:10 GMT
Connection: keep-alive

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ Frame C8B6 44 B
110 B 16ms
16ms XHR
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity/envelope?pid=1258

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.207.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

148.207.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:10 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame C8B6 108 B
690 B 31ms
30ms XHR
application/json 54.74.225.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.74.225.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-74-225-211.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2e24dc9de56114f060ace94384bf33e0b704f69138a7b8f888232cb9189dfdc9

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:10 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Sat, 13 Mar 2021 10:10:10 GMT

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ Frame B2EE 44 B
110 B 17ms
16ms XHR
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity/envelope?pid=1258

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.207.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

148.207.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:10 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame B2EE 108 B
690 B 30ms
30ms XHR
application/json 54.74.225.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.74.225.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-74-225-211.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2e24dc9de56114f060ace94384bf33e0b704f69138a7b8f888232cb9189dfdc9

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Feb 2021 10:10:10 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Sat, 13 Mar 2021 10:10:10 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BE1D 0
0 43ms
42ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUSjZgAIlYNj3ONaY3gPskLmoBemz16Fh15T-to0N6Kq2lYsDEAEgo4eWHmCV-vCBjAegAZPcg9UDyAEC4AIAqAMBqgSlAk_Qka0xlTd7ZfO8S9XUh3uBx9D_okwI6DVzJa-QA1qNdZtQD9_lsV3KukpfxQxmqGOG5mAgSkRXgBMfHVHSnlZOmpESrM4HDG4cwS2Ki_yIiOGGWZQfnzt3gv_-AdZNoh214RedAcL3mBZ1UD3d6auWoQdJmd6ov0pFX6Tacjl4zy3bGDTDkzT5uu9OISgUyLnFnBrDej-bSwbFjjGbMzLjqGDqPE_Hl6Y3iSAsfuYdPaDOq56wN4-n6qSRooTuA9k70jMhhepHmLdPlJK7ipNbF4uBqbVSpB76LT6ledLPxvAqtHvThvWaNAnLznbS_0d3BAyK1l29PA5v__2Yq31_pI4q88n3G2JqrbnV8VhvU8riV7XHtDcfTKAgyHcBYK8XAxe4wATuyJm1qQPgBAGgBgKAB9Wj_CqoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQipUX0ggJCIDhgFAQARgdgAoDyAsB2BMDshcaChgIABIUcHViLTE1NzU5MTE1ODU0MzI1NDg&sigh=8q32ThzzHdE&vt=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BE1D 42 B
170 B 43ms
42ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvP4UnfM43yNfaW72nnpjbHpfTdzaETUpgVnEVOdQizPLYe-zpaBOQplxaxhR_afjqCv0hYs2RdZ3TYLFmTL7MOCz4uA121ArQQ5XEZ25tMkr4Aar4G98ZU16buEg&sai=AMfl-YQlwhdZv2Y4BNQy4mg80Oh3otKDV5kfYZyACMbaE_14BAIIXZomAvnI7IIiNS1D9uPFsyHCsn7_006uwv7v2DxMQGBYcNtcuR0mdxiGR7dPn_CDxQnXAxySHN4La9PQ&sig=Cg0ArKJSzBjUNMMiv79hEAE&cid=CAASPeRoQQDeXqLpCZ0nFD7OGwJZuBO70yCrxGUOP2zFpvoph5s2UeHLzO4GZG1eMtHp0aC1D4tvea5qQDzUKAQ&id=ampim&o=320,1035&d=320,50&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=114&tls=1114&g=100&h=100&tt=1114&r=v&avms=ampa&adk=3772840268

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 10:10:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame C8B6 36 B
615 B 298ms
102ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v448
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 11 Feb 2021 10:10:12 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 13 Feb 2021 10:10:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=watch,out,the,great,suspender,chrome,extension,contains,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021021001&st=env

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
securityaffairs.co/	1970-01-20 01:25:37	Name: cto_bidid Value: 2fYqNV85SmI4WE51UTlhR1NaV2xtUEFjeG1UNnFDcU45TyUyRnh2MEdQVlg0enJtRkF0RzlZeTgyMjhYUDBYZkRiMFVrWWswdThTWHFXZFNUalRDd1hvclhNNG53JTNEJTNE
securityaffairs.co/	1970-01-20 01:25:37	Name: cto_bundle Value: t3rxFl9EclNldDZneWNDalBEang5TVglMkI5eGpmY1NZZmpyajZBeGJmb1JkVSUyRlolMkZHaFJjbzZCZ0Rpd1V4cEZXTWlGbTE5b0pLMGk4bGUlMkJjek9UWVFYNEs5WUY0MzlWeGlMc2lDczJwTk1uZHFpSyUyQldHdUpMNlBzeExiUDQyNDNNS2FWQmY
securityaffairs.co/	1970-01-19 16:47:10	Name: _pbjs_userid_consent_data Value: 3524755945110770
securityaffairs.co/	1970-01-20 00:49:34	Name: cookielawinfo-checkbox-non-necessary Value: yes
.securityaffairs.co/	1970-01-19 20:23:10	Name: _pubcid Value: 00c60a3f-7fff-4a0b-b748-8dc332c56fb8
securityaffairs.co/	1970-01-20 00:49:34	Name: cookielawinfo-checkbox-necessary Value: yes

39 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 69) Message: JQMIGRATE: Migrate is installed with logging active, version 3.3.2
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.blur() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.focus() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.load() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.click() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.hover() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.isArray is deprecated; use Array.isArray
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.submit() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.unload() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.scroll() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.trim is deprecated; use String.prototype.trim
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: 'jQuery.easing.swing' should use only one argument
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js(Line 1) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	warning	URL: https://ads.pubmatic.com/AdServer/js/pwt/158127/2642/pwt.js(Line 1) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	log	URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html(Line 102) Message: CMP IS NOT FOUND!!!
console-api	log	URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html(Line 112) Message: CMP IS NOT FOUND!!!
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.isFunction() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.isWindow() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.bind() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.offset() requires a valid DOM element
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.change() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	info	URL: https://cdn.ampproject.org/rtv/022010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html
console-api	log	URL: https://securityaffairs.co/wordpress/114272/malware/the-great-suspender-extension-malware.html(Line 8) Message: mgnf

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

41e4d3201ceca50b7902c80ef023a9e9.safeframe.googlesyndication.com
acdn.adnxs.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
apex.go.sonobi.com
api.rlcdn.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
c2shb.ssp.yahoo.com
cdn.ampproject.org
cdn.pixfuture.com
cm.mgid.com
connect.facebook.net
contextual.media.net
cvision.media.net
e9f680da7706f81d4fff3a11616db5d1.safeframe.googlesyndication.com
eu-u.openx.net
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
l.sharethis.com
lg3.media.net
match.adsrvr.org
maxcdn.bootstrapcdn.com
mug.criteo.com
navvy.media.net
pagead2.googlesyndication.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
prebidserver.pixfuture.com
secure.gravatar.com
securepubads.g.doubleclick.net
securityaffairs.co
served-by.pixfuture.com
stats.wp.com
tpc.googlesyndication.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
fonts.googleapis.com
pagead2.googlesyndication.com
served-by.pixfuture.com
104.108.144.24
104.19.135.78
142.250.186.98
157.245.94.128
178.162.133.150
178.250.2.146
18.195.238.30
184.30.20.185
184.30.20.198
184.30.24.22
185.33.220.145
185.64.189.112
192.0.76.3
192.0.77.2
2001:4de0:ac19::1:b:3a
2001:8d8:100f:f000::289
2600:9000:20eb:6200:3:c04e:c780:93a1
2600:9000:2111:e00:1c:8a07:5e80:93a1
2600:9000:2111:ec00:c:abe:f440:93a1
2600:9000:2156:6e00:c:a9b7:ddc0:93a1
2606:4700:20::681a:a9c
2a00:1450:4001:800::2002
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:812::2001
2a00:1450:4001:812::200e
2a00:1450:4001:813::2004
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a02:2638:1::13
2a03:2880:f01c:8012:face:b00c:0:3
2a04:fa87:fffe::c000:4902
34.120.207.148
35.157.246.167
35.244.159.8
52.53.68.248
54.74.225.211
68.183.31.14
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
029b3c29c4111c7177d55f5196deb35b99ffd868d2f95b653f97a1418791d10e
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05999befd49ad70a0d0648a08d12fa80206fa88822a907ff426f0eadcc437c1a
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0758ad694d2f74d096d49d79e32cb100eeb38dc6ff11c2f9a870de5eb5a35b5f
08566bbf10fed41d231d4725095a0d8c126ec253f862a2a2b522b4e3149e254d
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60
0bdb519e9746b7b770969e860e0bbf41606bc4b814479ddd4f8688f2cafcc01a
0bf3f6e79af33723b0c1a822f59a484a35583303ab76fa9227b694b1e719364f
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0c868b299958770fcae4a613c4c42ac2682d6770303b78f32d2d1b64a3abc0b8
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0e886b87aeb96ecddc1499fcfced7ec04bb236095a43d7367e05dac4fec76f6d
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
15b2e4fdeb4053c26f863c023802b5813595a678ff413577262a536c226f7810
177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1e9a9ba24042f2effe58a5d585f70a7bc4b917e60ddcb9a780ad03817a78381f
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2d5a9aa4eabdb58974140a8dfdacfe1ddb89ae27819ad19e8e148649936dac4a
2d8a5cf0e0ee804d8ffc7cffa8ba1ec6dc69f7a7e20afefc16eb947c36aab149
2e24dc9de56114f060ace94384bf33e0b704f69138a7b8f888232cb9189dfdc9
2e66ceada3ba51ef5880a56231ac2cea0a5c39a07cf74b53eb4c39a673f2ee67
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
359427da432c5d4dae952d19aadf9d5f5cd8ca582bd3a6f4970aeecdbc93f0a0
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3792e3306ea1a389ea50352adaad3fd2315d6ccc0a5f1e69582cc6ed56d483c3
37ec29ec08a441de8286c73c3b4cdc8f3fa8e122ca3220bf5fcb640e68d77768
38e916e7d619184fa600efce6e8526f00d80ace2cbed157bc69e808d0ec773e6
39f8b09328f35e49a17fcc0c9ae10f08704bd985898ff05a00743414628f8c31
3ac0879acc54857126ac08eefb16ca1919fa83216c1a4976f7e9ea2b661bd167
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee
477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4d31e714c9328b09cae601b4576c268eef27691d681fe57edc4f1357606c8a85
50e09cc0e23a6d571c1673f81c93b4d96ebee901093ef9ef39ca4b3130237630
522bc833d63af80c592a0e820353bdbda2c5fb502d19a0a3b13762168b0e12f5
5256d55a499ecb71f04dd716cfdf75bf9fe5f863620ec6634e3b43b4e6b11fd8
5315c8adc27036f25e14d6de7e182cf67123820851d7aa6a29b8f58a8b4b2b86
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55609819c8c37a264b50824e5e20c7a8a7f37672138d1e078fdd00e019b3ecf4
56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6
5c5b2ef7e7acfc0a265dc851bef437e0d1198d4083919e0d872ddf0227f01e61
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7
641ab443b1e2952f593605c9191580f085db47a97c5f1a160ae997982f2a2bfc
64264b251d6b9fabc4c6416d8452618964d32dafe13c980139ddb1b83ea2af80
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
6a99e7d178fd19b946a936a0f64d31a1af2e843b889ab515ada00d38622c5d67
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
700d1d900f10d454a72ce90127520d4ecbbc35725e63b2b2fe9a46e9c9d3fc02
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
750edb76bcb3f472a6fef8902f269f1253f08ea33fba3b018e304bbd249c744e
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80a1ae567d396855243284e674876bb0d856f0e7a18d3c0142f0828513716dfe
86c35da14b642d6dd564c254eecf315ba52e11b3becb2172aa56d185e0b09ca7
86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982
8742a950050057fb38d5a4c3f63bd298112011ed5fceb0c66575e72098af68be
8c43e551763d3628fab88767caacb3188f69afa8d1290cf3f9d61ab09cb56073
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e5eb18d8a8e86f3a4403b53bcfe76a5a4a550b9ffb6ae6edd24d366200db0cb
9282ea078a317f764d3883e732d14a2e80575e437b710144396d453f5a19139a
936c3e0cfba7a07ab55be383aeca9d39dcde7b4e9cddbfd973f78e34d3cc7078
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9b64a264f1832feadc7fca863d4407934713b16447794f567c383f7a34612e0d
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c6f2f7abc0e87bc5a9365f11f5590e8c15cba05e99288f46ebc0cfc5ac479e4
9dd0b78c654cc13bdf93cc8699329c66c6e683418990c3bbc980f0bd24e3ca17
9e4a6ba8fbf104beec44e4d5573badfb08bf436aea0b6a6fcc3e85cd84180856
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a231780871d254762070051a6953761a8919c173161da8e1c1c63fd2b61fd74f
a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1
a902ffc1c259dc54cb51d32618f4238568e5bcac3d32afc33e6729277f67dffb
a980f713e3b8502e575ffd9f86c50bf4eb7139de1491ed27335b33b64631d28f
acb217dda8f1be01f773db92c1621d7f4203cb06ab1c6f713efddb8ee764af85
ad14f739e32a3cf82a1757e7e812039d0c349305f7931240ac02c8aff70cba7c
af7abdbcee9fe7d9eed8ff21d4a2ef12c31d2c374b77c8c67b1bf7c8b752f925
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bb3cc6af6f13fdac2b76ddb393d32a0e2dcbb082e2b98231b30348c13d9b9649
bdec2cf98067424804869b7686735623c4f6fb88ce27718d27619860481b7733
c11fb9ac4922e75ae9e0a017f41ae36febd8a185834b7bb608e9049ebe68da62
c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9
c52676878b0c01bcda6f154c2a2ac21b41e8d1c3a626b8dbf19571828ee71078
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc
c9211408b2da6ec562ace48170a743450a5ed8130f0cde7795786900262ebde8
cf9b76f5559de92c2cc7df8fa751c09d9a3bbfada6123d975c75c4a093f8cfeb
d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d93a9e1b6f8143463e29ea1058c28bcedd46ae656c1d21ae0875654e24aea0e9
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
d9f0d356ee963a240576194fcaacee542e82e03427646ae8b6e10322bfb021b3
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
dbe1c30a690860dc0f73eaf536c563d2116a7621886ac9147136620c56e7fad4
ddc2d8842e4e21c1cfe68e168737a5d49b858618ba76e21ba138d67d50492e48
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820
e785794ef4c9334b2ecb02cb76948a4318d547c325ecb463f450f3472d05af41
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
e98cd00e7be004c4360ad0c38471911312d74a117babcc29f239935afc80c8cb
e98e8d723dd2eaca28bade949628d27e81e6cf8c9b3e0fd8091fe4b3843f78ce
eada28bfc274105e95f2467622c2420e68b78fde407aa4baee295d5dcc003f74
ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d
edf4cc2a6568cffbf6b0c85cea42adb62f64a6f84c1643a30a2e603272f915c7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f132f0617d744838858829c8ebe4ca36608f1456f6eb796921a7907485b7946b
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e
f524a102607601c61d037ffcefce87bbeb1071253131d325a19728f8eb69be34
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ff36e84d7779ed5da45da25e9bd881efb8d61ca7af1b586256cc9d319a106d21

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

216 Requests

97 %HTTPS

51 %IPv6

27 Domains

49 Subdomains

41 IPs

6 Countries

3796 kBTransfer

6669 kBSize

6 Cookies

15 Outgoing links

Redirected requests

216 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

216
Requests

97 %
HTTPS

51 %
IPv6

27
Domains

49
Subdomains

41
IPs

6
Countries

3796 kB
Transfer

6669 kB
Size

6
Cookies

216 HTTP transactions
13 data transactions