forums.malwarebytes.com Open in urlscan Pro
52.222.169.223 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Submission: On December 04 via api (December 4th 2019, 1:44:58 pm UTC) from CZ

Summary HTTP 35 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 11 domains to perform 35 HTTP transactions. The main IP is 52.222.169.223, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is forums.malwarebytes.com.
TLS certificate: Issued by Amazon on October 15th 2019. Valid for: a year.

This is the only time forums.malwarebytes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	52.222.169.223 52.222.169.223	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
16	2600:9000:204... 2600:9000:2043:4800:1e:ebe7:1480:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.235.117.167 54.235.117.167	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	172.217.21.230 172.217.21.230	15169 (GOOGLE) (GOOGLE - Google LLC)
35	12

8 52.222.169.223 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-169-223.fra54.r.cloudfront.net

forums.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2600:9000:2043:4800:1e:ebe7:1480:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

content.invisioncic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.117.167 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-235-117-167.compute-1.amazonaws.com

sample-api-v2.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.230 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f6.1e100.net

8019375.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	invisioncic.com content.invisioncic.com	344 KB
8	malwarebytes.com forums.malwarebytes.com	304 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net 8019375.fls.doubleclick.net	907 B
2	gstatic.com fonts.gstatic.com	22 KB
2	crazyegg.com script.crazyegg.com sample-api-v2.crazyegg.com	15 KB
2	bing.com bat.bing.com	7 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	179 B
1	googletagmanager.com www.googletagmanager.com	36 KB
1	googleapis.com fonts.googleapis.com	921 B
35	11

	Domain	Requested by
16	content.invisioncic.com	forums.malwarebytes.com
8	forums.malwarebytes.com	forums.malwarebytes.com
2	8019375.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	fonts.gstatic.com	forums.malwarebytes.com
2	bat.bing.com	forums.malwarebytes.com
2	www.google-analytics.com	1 redirects forums.malwarebytes.com
1	sample-api-v2.crazyegg.com	script.crazyegg.com
1	www.google.de	forums.malwarebytes.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	script.crazyegg.com	www.googletagmanager.com
1	www.googletagmanager.com	forums.malwarebytes.com
1	fonts.googleapis.com	forums.malwarebytes.com
35	13

This site contains links to these domains. Also see Links.

Domain
www.malwarebytes.com
blog.malwarebytes.org
blog.malwarebytes.com
www.malwarebytes.org
store.malwarebytes.org
twitter.com
www.facebook.com
digg.com
del.icio.us
www.reddit.com
pinterest.com
www.invisioncommunity.com

Subject Issuer	Validity	Valid
forums.malwarebytes.com Amazon	`2019-10-15` - `2020-11-15`	a year	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
content.invisioncic.com Amazon	`2019-10-14` - `2020-11-14`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
ssl945600.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-20` - `2020-02-26`	6 months	crt.sh
www.google.de GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.crazyegg.com DigiCert SHA2 Secure Server CA	`2018-06-08` - `2020-08-05`	2 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Frame ID: 70385E5481A1BDDAD331ADB6E11F0015
Requests: 35 HTTP requests in this frame

Frame: https://8019375.fls.doubleclick.net/activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766
Frame ID: A316B8C393BDA7E55E2E7451D660EE8D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Amazon EC2 (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /$Amazon$/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /$Amazon$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Page Statistics

35
Requests

100 %
HTTPS

77 %
IPv6

11
Domains

13
Subdomains

12
IPs

3
Countries

747 kB
Transfer

2041 kB
Size

13
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: https://www.malwarebytes.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/premium/
Title: Malwarebytes for Windows

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac/
Title: Malwarebytes for Mac

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/
Title: Business

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointsecurity/
Title: Endpoint Security

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointprotection/
Title: Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/incidentresponse/
Title: Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointprotectionandresponse/
Title: Endpoint Protection & Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mobile/
Title: Mobile

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android/
Title: Malwarebytes for Android

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ios/
Title: Malwarebytes for iOS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/techbench/
Title: Malwarebytes Techbench

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/managed-service-providers/
Title: MSP

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/antivirus/
Title: Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malware/
Title: Malware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android-antivirus/
Title: Android Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac-antivirus/
Title: Mac Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/hacker/
Title: Hacker

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cybersecurity/
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/identity-theft/
Title: Identity Theft

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ransomware/
Title: Ransomware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/keylogger/
Title: Keylogger

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/adware/
Title: Adware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/spyware/
Title: Spyware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/sql-injection/
Title: SQL Injection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ddos/
Title: DDoS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cryptojacking/
Title: Cryptojacking

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/data-breach/
Title: Data Breach

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/computer-virus/
Title: Computer Virus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malvertising/
Title: Malvertising

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/emotet/
Title: Emotet

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/trojan/
Title: Trojan

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/exploits/
Title: Exploit

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/backdoor/
Title: Backdoor

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/scam-call/
Title: Scam Call

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/spam/
Title: Spam

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/phishing/
Title: Phishing

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/spoofing/
Title: Spoofing

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.org/security-threat/2015/03/adware-delivery-methods/
Title: browser hijacker

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/puppum/2017/02/spigot-browser-hijackers/
Title: Spigot browser hijackers

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/glossary/bundler/
Title: bundle

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mwb-download/
Title: Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.org/restorebrowser/index.html
Title: Restore Browser page

Search URL Search Domain Scan URL

URL: https://store.malwarebytes.org/342/purl-consumer?x-source=guides&x-action=MyQuickConverter
Title: full version of Malwarebytes

Search URL Search Domain Scan URL

URL: http://twitter.com/share?text=Removal%20instructions%20for%20My%20Quick%20Converter&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F%3Fdo%3DfindComment%26comment%3D1150919
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F%3Fdo%3DfindComment%26comment%3D1150919
Title:

Search URL Search Domain Scan URL

URL: http://digg.com/submit?url=https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/?do=findComment%26comment=1150919
Title:

Search URL Search Domain Scan URL

URL: https://del.icio.us/save?jump=close&noui=1&v=5&provider=Malwarebytes%2BForums&url=https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/?do=findComment%26comment=1150919&title=Removal%20instructions%20for%20My%20Quick%20Converter
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F%3Fdo%3DfindComment%26comment%3D1150919&title=Removal+instructions+for+My+Quick+Converter
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/?do=findComment%26comment=1150919&media=https://content.invisioncic.com/Mmalware/monthly_2018_05/icon-blue.png.3b020790d0e946291d408816ccfaece5.png
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F
Title:

Search URL Search Domain Scan URL

URL: http://digg.com/submit?url=https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Title:

Search URL Search Domain Scan URL

URL: https://del.icio.us/save?jump=close&noui=1&v=5&provider=Malwarebytes%2BForums&url=https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/&title=Removal%20instructions%20for%20My%20Quick%20Converter
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F&title=Removal+instructions+for+My+Quick+Converter
Title:

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/&media=https://content.invisioncic.com/Mmalware/monthly_2018_05/icon-blue.png.3b020790d0e946291d408816ccfaece5.png
Title:

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.invisioncommunity.com/
Title: Powered by Invision Community

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1094550779&t=pageview&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F&ul=en-us&de=UTF-8&dt=Removal%20instructions%20for%20My%20Quick%20Converter%20-%20Malware%20Removal%20Self-Help%20Guides%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1585x1185&je=0&_u=IEBAAEAB~&jid=645091136&gjid=1313567313&cid=1903078762.1575467079&tid=UA-3347303-10&_gid=1304156294.1575467079&_r=1&z=71572870 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_gid=1304156294.1575467079&gjid=1313567313&_v=j79&z=71572870 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_v=j79&z=71572870 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_v=j79&z=71572870&slf_rd=1&random=1121351845

Request Chain 34

https://8019375.fls.doubleclick.net/activityi;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766 HTTP 302
https://8019375.fls.doubleclick.net/activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766

35 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/ 126 KB
24 KB 472ms
424ms Document
text/html 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-169-223.fra54.r.cloudfront.net

Software

Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33

Resource Hash

87405cd3ae92e5e1a2601409c20f6c41246aef54af274919b9a21c789c5399bc

Security Headers

Name	Value
X-Frame-Options	sameorigin
X-Xss-Protection	0

Request headers

:method: GET
:authority: forums.malwarebytes.com
:scheme: https
:path: /topic/207285-removal-instructions-for-my-quick-converter/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
content-type: text/html;charset=UTF-8
content-length: 24185
date: Wed, 04 Dec 2019 13:44:38 GMT
server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33
x-powered-by: PHP/7.1.33
set-cookie: SimpleSAMLSessionID=fe03968ebe0a8164f84ccb805d6d5ae0; path=/; HttpOnly ips4_IPSSessionFront=7o2jfrhrurtvgcfekttvl6corf; path=/; secure; HttpOnly ips4_guestTime=1575467078; path=/; secure; HttpOnly ct_cookies_test=%7B%22cookies_names%22%3A%5B%5D%2C%22check_value%22%3A%229533b808c1c1d7b1afde9a8986ca2daf%22%7D; path=/
expires: Wed, 04 Dec 2019 13:49:38 GMT
cache-control: max-age=300, public
pragma: public
x-ips-loggedin: 0
content-encoding: gzip
x-xss-protection: 0
x-frame-options: sameorigin
last-modified: Wed, 04 Dec 2019 13:44:38 GMT
vary: cookie,Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA54
x-amz-cf-id: BaTPn7qXPj4jIDqk8nNpfdWwg8Elxg76ZcG_tV4MUVjBzVNyvE_1ZA==

GET
H2 200 css
fonts.googleapis.com/ 14 KB
921 B 18ms
14ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

61c330480d49d2c9c9caf0dbf4822c469c4fbe83ed5d216edec83617b45bcd43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 04 Dec 2019 13:44:38 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 04 Dec 2019 13:44:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 04 Dec 2019 13:44:38 GMT

GET
H2 200 341e4a57816af3ba440d891ca87450ff_framework.css.aa017d96b8a0cbbb1cf93b7a0c015ffd.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 242 KB
45 KB 57ms
18ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/341e4a57816af3ba440d891ca87450ff_framework.css.aa017d96b8a0cbbb1cf93b7a0c015ffd.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9eae644b41d78c64dbbaf4b4579441e4f7c5e8665786876ec9c3f04eb356214a

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 02:05:39 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:20 GMT
server: AmazonS3
age: 41940
etag: "c8cb81bf0d099786fd5133a0bfbdbf5b"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 45387
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: z9Ic4LwHiwBCoKtu3aaavjgJ_51MkeeclqtHeQTqM_IgW_pETt5h6w==

GET
H2 200 05e81b71abe4f22d6eb8d1a929494829_responsive.css.426c8cd1e0cd0d29f170a221274fd2f0.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 39 KB
7 KB 51ms
13ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/05e81b71abe4f22d6eb8d1a929494829_responsive.css.426c8cd1e0cd0d29f170a221274fd2f0.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c003d5a094e07dd4b93f9cb7dc877814ce3563c0d72f27c630759d2eaac69b3f

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 01 Dec 2019 00:59:56 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:20 GMT
server: AmazonS3
age: 305082
etag: "8419f6746deb2d3d65832d46cd8637e6"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 6954
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: l62xj0ZEu_QDfdGZ9_EArMh9bEtRZPt9a-uVISISLI6Kn7_K6JFzuQ==

GET
H2 200 90eb5adf50a8c640f633d47fd7eb1778_core.css.3c1a91a834db20c0415e613321de87b5.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 17 KB
5 KB 50ms
12ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/90eb5adf50a8c640f633d47fd7eb1778_core.css.3c1a91a834db20c0415e613321de87b5.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ed0ba5e0544b1811d2c647208a28b5ffd310aa67663f1dd55c06f9e394ff211

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 Nov 2019 22:34:31 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:20 GMT
server: AmazonS3
age: 742231
etag: "14aec3c3bde091f6390f3d4b7c7b6d2f"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 4279
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: 3cGmk20kza7aiahnjJ_YyT2xjnOeIhV7C0UCEWujiNzV6PC0Xh9fLw==

GET
H2 200 5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.3c91818a015457c1d61cd2baacc9895d.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 3 KB
1 KB 51ms
14ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.3c91818a015457c1d61cd2baacc9895d.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 159308ebb6cd30326aa68872f9a327c7b99ec1a2d167d509ff333bec2e098b79

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 02:05:39 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:21 GMT
server: AmazonS3
age: 41940
etag: "13f5acdedbe072ab728bfa6a66911ac5"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 861
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: 0IWweySLnkJ0k7Xpx1Witi_k4qALJs8BUQ8wBn2puEc4d_nTzSAOTw==

GET
H2 200 62e269ced0fdab7e30e026f1d30ae516_forums.css.96c0f3aba1b84a2499416b5f15c2c242.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 9 KB
3 KB 53ms
16ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/62e269ced0fdab7e30e026f1d30ae516_forums.css.96c0f3aba1b84a2499416b5f15c2c242.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f60e704278243c82c28bc263d0ad6f0fbda6f71099c6e72b799e0b719dba5d50

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 02:05:39 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:24 GMT
server: AmazonS3
age: 41940
etag: "c5c0ecf9e679269ae395745b4bc18968"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 2318
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: O8W3a_7dsNMnjcmEuYnPLlPfavy_5rPAB6bbWEUIxYlenEWR1SzwlQ==

GET
H2 200 76e62c573090645fb99a15a363d8620e_forums_responsive.css.c47dee0bcff269204e111d8f31be23ab.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 7 KB
2 KB 52ms
15ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/76e62c573090645fb99a15a363d8620e_forums_responsive.css.c47dee0bcff269204e111d8f31be23ab.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0bec4e20bc4af56f95159be1e6dd93c1150eae46e1aabd71db1b5d937af44bb

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 02:05:39 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:24 GMT
server: AmazonS3
age: 41940
etag: "9fb695e8d405bd590a1236d4ccfd0c07"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 1463
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: 773DT0bo8TdQUc2MW52AoT2wu_8ctBjVJn51sUL4O8BKDywhTPyBIg==

GET
H2 200 258adbb6e4f3e83cd3b355f84e3fa002_custom.css.911046e7e0fa668854fde17a08ee45f3.css.gz
content.invisioncic.com/Mmalware/css_built_18/ 421 B
661 B 51ms
14ms Stylesheet
text/css 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/css_built_18/258adbb6e4f3e83cd3b355f84e3fa002_custom.css.911046e7e0fa668854fde17a08ee45f3.css.gz?v=eda510d912
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b205e1f29eb67183b5c3008c3de8446373fe9bfcfed7b08ab0f1ec84ab81e28c

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 03:58:05 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 22:23:26 GMT
server: AmazonS3
age: 35194
etag: "331987caa62d2971f39e2db1d41f034b"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 293
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: 6l25KLrg-EGeVEKq3bCrOrpqMiqw9rRsszMlPjUgKw7EsZoouBpUAQ==

GET
H2 200 img667950018.jpeg.f555eecd941b66dfb3a2b8194ae8b736.thumb.jpeg.5dda69eb4aff988410b3d12d151be20f.jpeg
content.invisioncic.com/Mmalware/monthly_2016_03/ 2 KB
2 KB 387ms
387ms Image
image/jpeg 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.invisioncic.com/Mmalware/monthly_2016_03/img667950018.jpeg.f555eecd941b66dfb3a2b8194ae8b736.thumb.jpeg.5dda69eb4aff988410b3d12d151be20f.jpeg
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 02a8c27fe9b82dcb04c0061373b64d0a90a20834a486c3942d339b015d97edae

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
last-modified: Tue, 29 May 2018 13:13:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "3a4de91c9b5474b0eb6f1ccb4ed4ff1c"
x-cache: Miss from cloudfront
content-type: image/jpeg
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 2156
x-amz-cf-id: yriP5CUT7QzXtHDD24uVjnvVs6kqqZmZIRTLvYHIjs5MBfuVp4PSUg==

GET
H2 200 imageproxy.php
forums.malwarebytes.com/applications/core/interface/imageproxy/ 21 KB
22 KB 22ms
21ms Image
image/png 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyQuickConverter/warning4.png&key=81a46e28ddb63db4a7d7334a79eedf48704e24a05a96ce3234392d96c3010c5b

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-169-223.fra54.r.cloudfront.net

Software

Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33

Resource Hash

544d0f6452e25d1961b4d6acbe7570465d3226e451396695def72eabc4ae8c8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
X-Content-Security-Policy	default-src 'none'; sandbox
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 03 Dec 2019 16:51:21 GMT
content-encoding: gzip
x-amz-cf-pop: FRA54
x-powered-by: PHP/7.1.33
x-cache: Hit from cloudfront
status: 200
content-length: 21726
x-xss-protection: 0
x-ips-loggedin: 0
pragma: public
server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33
vary: cookie,Accept-Encoding
content-type: image/png;charset=UTF-8
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
expires: Sat, 24 Oct 2020 15:48:50 GMT
cache-control: public, max-age=28162649, must-revalidate
content-security-policy: default-src 'none'; sandbox
x-amz-cf-id: 5GkVjgWVZFHlpNVTboamQrP40NKY9y-I1xAxzNwpwkaHDRsNr-kiig==
x-content-security-policy: default-src 'none'; sandbox

GET
H2 200 imageproxy.php
forums.malwarebytes.com/applications/core/interface/imageproxy/ 57 KB
58 KB 32ms
31ms Image
image/png 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyQuickConverter/warning5.png&key=1256c816e46880ade61c43651c472190a07771b7acf131e076e6f12e708e132d

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-169-223.fra54.r.cloudfront.net

Software

Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33

Resource Hash

ccc4881704fdf01d078cfbf3115a1809578034cc577636eb4304f197ed7b04b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
X-Content-Security-Policy	default-src 'none'; sandbox
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 03 Dec 2019 16:51:21 GMT
content-encoding: gzip
x-amz-cf-pop: FRA54
x-powered-by: PHP/7.1.33
x-cache: Hit from cloudfront
status: 200
content-length: 58491
x-xss-protection: 0
x-ips-loggedin: 0
pragma: public
server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33
vary: cookie,Accept-Encoding
content-type: image/png;charset=UTF-8
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
expires: Sat, 24 Oct 2020 15:48:50 GMT
cache-control: public, max-age=28162649, must-revalidate
content-security-policy: default-src 'none'; sandbox
x-amz-cf-id: ty4SeV3y1LeOBtVCCiutpuStjdcCrhTMAZWajt7vY5V3uKfJrclbSA==
x-content-security-policy: default-src 'none'; sandbox

GET
H2 200 imageproxy.php
forums.malwarebytes.com/applications/core/interface/imageproxy/ 48 KB
48 KB 27ms
25ms Image
image/png 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyQuickConverter/warning1.png&key=1b7552d3d940da6b72bfa324cde83960f53d48e91c2764f0f5db3c697c653902

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-169-223.fra54.r.cloudfront.net

Software

Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33

Resource Hash

6941482d844f6ac65ed275476aec9456a3c88273c69818ddfba47363c5e8966d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
X-Content-Security-Policy	default-src 'none'; sandbox
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 03 Dec 2019 16:51:21 GMT
content-encoding: gzip
x-amz-cf-pop: FRA54
x-powered-by: PHP/7.1.33
x-cache: Hit from cloudfront
status: 200
content-length: 48794
x-xss-protection: 0
x-ips-loggedin: 0
pragma: public
server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33
vary: cookie,Accept-Encoding
content-type: image/png;charset=UTF-8
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
expires: Sat, 24 Oct 2020 15:48:50 GMT
cache-control: public, max-age=28162649, must-revalidate
content-security-policy: default-src 'none'; sandbox
x-amz-cf-id: iOAbMEVo6HsihcY216o6sks-NCVzJApRxsMEn8Ce8lzi4NjWgDj_WQ==
x-content-security-policy: default-src 'none'; sandbox

GET
H2 200 imageproxy.php
forums.malwarebytes.com/applications/core/interface/imageproxy/ 50 KB
51 KB 29ms
28ms Image
image/png 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyQuickConverter/startpage.png&key=bbd6f8bf5410c7f2a45875cef978b17b4023f5b915711538f4ad68fc3faae857

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-169-223.fra54.r.cloudfront.net

Software

Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33

Resource Hash

1e3b116d82e49ced664d977fb00be0a35016f110f249b353e493e5f3d9f86361

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
X-Content-Security-Policy	default-src 'none'; sandbox
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 03 Dec 2019 16:51:21 GMT
content-encoding: gzip
x-amz-cf-pop: FRA54
x-powered-by: PHP/7.1.33
x-cache: Hit from cloudfront
status: 200
content-length: 51546
x-xss-protection: 0
x-ips-loggedin: 0
pragma: public
server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33
vary: cookie,Accept-Encoding
content-type: image/png;charset=UTF-8
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
expires: Sat, 24 Oct 2020 15:48:50 GMT
cache-control: public, max-age=28162649, must-revalidate
content-security-policy: default-src 'none'; sandbox
x-amz-cf-id: LyHs4MOkTFp3Vb2I5lGlXR481nWGZoirWTqYEpat320GtszPm60D0g==
x-content-security-policy: default-src 'none'; sandbox

GET
H2 200 imageproxy.php
forums.malwarebytes.com/applications/core/interface/imageproxy/ 23 KB
22 KB 24ms
23ms Image
image/png 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyQuickConverter/protection1.png&key=7096b9f8fb2fe924326f2fe63502b04b847549171118515853e729dd524e4c36

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-52-222-169-223.fra54.r.cloudfront.net

Software

Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33

Resource Hash

105e986d60d3311d2391505ac139343ed91e4cc13f93892718ce92c67eea2d01

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
X-Content-Security-Policy	default-src 'none'; sandbox
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 03 Dec 2019 16:51:21 GMT
content-encoding: gzip
x-amz-cf-pop: FRA54
x-powered-by: PHP/7.1.33
x-cache: Hit from cloudfront
status: 200
content-length: 22443
x-xss-protection: 0
x-ips-loggedin: 0
pragma: public
server: Apache/2.4.41 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.33
vary: cookie,Accept-Encoding
content-type: image/png;charset=UTF-8
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
expires: Wed, 21 Oct 2020 16:33:37 GMT
cache-control: public, max-age=27906136, must-revalidate
content-security-policy: default-src 'none'; sandbox
x-amz-cf-id: varhtPU9kuRY0BVeo2Jh4-NKx0kF9VlHQi5csGzHIoxZ5Qx2alsefA==
x-content-security-policy: default-src 'none'; sandbox

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 163 KB
36 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:821::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

98e4e94fb1a187ebfd0288ad44e17a4b697783d467bf6a2408ea03fa18bf5510

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:38 GMT
content-encoding: br
last-modified: Wed, 04 Dec 2019 12:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 36865
x-xss-protection: 0
expires: Wed, 04 Dec 2019 13:44:38 GMT

GET
H2 200 root_library.js.0ddd80c1a0cdb9664f0854c7930fe6e9.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 365 KB
121 KB 366ms
365ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.0ddd80c1a0cdb9664f0854c7930fe6e9.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6a1f8f243c85f0023dcf30a77a626a1885076cbcc5e268129f6e1f978713df3f

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "ecfedf47bc19b2c47e4861ee6f11ece7"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 123459
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: uNF38wZocoNXiplSUBvCT1NSkqrSll80PhjhEmsxl2w-1XJ2tofnhQ==

GET
H2 200 root_js_lang_1.js.675ffcaaa944b62cc5c350310191fda2.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 90 KB
28 KB 371ms
370ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_js_lang_1.js.675ffcaaa944b62cc5c350310191fda2.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 576abb2fcd75b6372bccc6c8f308c0f0ed8b8de4420a8d3aedab1d6a650589a5

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "212dfcac6ad10cca906c3e068add1bf8"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 28380
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: 16dO6OHFqDKMB-3VbnXDOhsP_NqdAq0jP8UnyDtiIgYt1lD9rPF7bA==

GET
H2 200 root_framework.js.7f9f99e7a2b082594d65184e9d03649a.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 393 KB
91 KB 365ms
365ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_framework.js.7f9f99e7a2b082594d65184e9d03649a.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6047500c69cf1bf4710aaa3b2324c29f774b5180e608000e19fffa828d9768ba

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "79dcd639383c4bfcf96312edaf388036"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 92324
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: -MMsLHBoCQ22ifsD_2LEEJphwkDFy4VizO9jeYT4dSxs7S2otQJCSw==

GET
H2 200 global_global_core.js.3b34e99d8441bcf3350c988078c3d7e1.js.gz Show response
content.invisioncic.com/Mmalware/javascript_core/ 34 KB
8 KB 364ms
364ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_core/global_global_core.js.3b34e99d8441bcf3350c988078c3d7e1.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c451e968e926da4739ed2dd2a66a18f7b7c072235da7db7bce15a8ddb7acfaf8

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "8aedff1c302c2965351c87aad97e8131"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 8284
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: aRlvZrGll9kDTqWTM4QNud5Xe9ntw8X-Rqu9_1Zdm96Qgk9KG5eXtQ==

GET
H2 200 root_front.js.3493063b1e3ecb22ff0aef64d6a5e26c.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 100 KB
22 KB 395ms
394ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_front.js.3493063b1e3ecb22ff0aef64d6a5e26c.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb1a5c8f738456fc3d945fa837c7f2ea7d5f4f8ced2af58481c03fb7c57661ee

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "64915024cfba77586652213fe8e19812"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 22030
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: CLANv0aJWF2efP4qJzBmdtUWBfoAdIbFB-zikT0vLWrQBS4MaJ2jZA==

GET
H2 200 front_front_topic.js.8e25e74f1d4b6d1d895c9efaa8bfdfd5.js.gz Show response
content.invisioncic.com/Mmalware/javascript_forums/ 3 KB
1 KB 379ms
378ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_forums/front_front_topic.js.8e25e74f1d4b6d1d895c9efaa8bfdfd5.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7bc15fa24b8f81c4ed4c49bf751a5ae00c7e470503947d650b794b970f46df8

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "21af9ce01d5f1a3dbd7188fe99b9536f"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 926
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: zaEE6s24jgn-dmt8jEtoWA9DtKq58l6EyyqN5OPz_QxMH5l_1FBtMw==

GET
H2 200 front_front_core.js.49740d7f6832353d3709f3195e88a501.js.gz Show response
content.invisioncic.com/Mmalware/javascript_core/ 26 KB
7 KB 370ms
370ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_core/front_front_core.js.49740d7f6832353d3709f3195e88a501.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c90dd4aa28a47571696f2cdbe5aff456de88a9cc3b6a0865e7524761696070ab

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:16:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "e6cce38b6595ead37aae5cb6c158a5b0"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 6341
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: ICU-pWFiv4XOxsMUi-zm4zaHxcIfyE_TE1nbvo437Y4Ob0JKfs9mjA==

GET
H2 200 root_map.js.7062cc19045214088a603bfc0e81de4f.js.gz Show response
content.invisioncic.com/Mmalware/javascript_global/ 1 KB
795 B 375ms
374ms Script
text/javascript 2600:9000:2043:4800:1e:ebe7:1480:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.invisioncic.com/Mmalware/javascript_global/root_map.js.7062cc19045214088a603bfc0e81de4f.js.gz
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2043:4800:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea40ba8604c85721aeead0b8a71ea085c4196bedca9c1a9d2a525e10e745bdf1

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:39 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 13:26:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA54
etag: "9cde3be834f77b0e3d81dd8ce8ebcb03"
x-cache: Miss from cloudfront
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 429
via: 1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
x-amz-cf-id: 562EVeeFdKDATaCax0pl28F3U9CjDnJVGlO_zVbyBNUGvYVcOPjb0g==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4261
date: Wed, 04 Dec 2019 12:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 04 Dec 2019 14:33:37 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 47ms
46ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:38 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: BEE0DF0C0C774E3C8C36B29C19ABAFC8 Ref B: VIEEDGE0918 Ref C: 2019-12-04T13:44:38Z
access-control-allow-origin: *
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H2 200 2893.js Show response
script.crazyegg.com/pages/scripts/0081/ 40 KB
15 KB 199ms
173ms Script
application/x-javascript 2606:4700::6813:9308
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe2bc241753bf59aa82a20ef2379aa17c706e3056f844e42cf92472d044f0495

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 04 Dec 2019 13:44:38 GMT
via: 1.1 693662765171cd4487715cf47d785e5c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 4733
cf-polished: origSize=41305
x-cache: Miss from cloudfront
status: 200
content-encoding: gzip
last-modified: Tue, 03 Dec 2019 18:17:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
x-amz-cf-pop: PRG50
cf-ray: 53fe37589e2a594c-VIE
x-amz-cf-id: U8Y2Ln0mLEQGzn9ckpGPQonxaHt5OeIq5CDTxv37F0VO9M6LtbG9AA==
cf-bgj: minify

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1094550779&t=pageview&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F&ul=en-us&...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_gid=1304156294.1575467079&gjid=1313567313&_v=j79&z=71572870
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_v=j79&z=71572870
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_v=j79&z=71572870&slf_rd=1&random=1121351845

42 B
109 B

29ms
29ms

Image
image/gif

2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_v=j79&z=71572870&slf_rd=1&random=1121351845

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Dec 2019 13:44:38 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Dec 2019 13:44:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3347303-10&cid=1903078762.1575467079&jid=645091136&_v=j79&z=71572870&slf_rd=1&random=1121351845
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
136 B 47ms
47ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4072696&Ver=2&mid=2848dcc5-3343-a43f-232a-cf913e8ba39f&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Removal%20instructions%20for%20My%20Quick%20Converter%20-%20Malware%20Removal%20Self-Help%20Guides%20-%20Malwarebytes%20Forums&kw=pup.optional.spigot,%20hmyquickconverter.com,%20newtab&p=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F207285-removal-instructions-for-my-quick-converter%2F&r=&evt=pageLoad&msclkid=N&rn=458809
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Wed, 04 Dec 2019 13:44:38 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 6BE91A8A96DB485CB6B27EAE31D5EB02 Ref B: VIEEDGE0918 Ref C: 2019-12-04T13:44:38Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i
Origin: https://forums.malwarebytes.com

Response headers

date: Wed, 20 Nov 2019 05:05:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1240734
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Thu, 19 Nov 2020 05:05:44 GMT

GET
H2 200 fontawesome-webfont.woff2
forums.malwarebytes.com/applications/core/interface/font/ 75 KB
76 KB 18ms
18ms Font
application/octet-stream 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://forums.malwarebytes.com/applications/core/interface/font/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-169-223.fra54.r.cloudfront.net
Software: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.32 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://content.invisioncic.com/Mmalware/css_built_18/341e4a57816af3ba440d891ca87450ff_framework.css.aa017d96b8a0cbbb1cf93b7a0c015ffd.css.gz?v=eda510d912
Origin: https://forums.malwarebytes.com

Response headers

date: Wed, 16 Oct 2019 19:01:27 GMT
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
last-modified: Wed, 02 Oct 2019 16:12:39 GMT
server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.32
age: 222904
etag: "12d68-593efbce2cbc0"
x-cache: Hit from cloudfront
status: 200
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: VJb-tMasAhiPPnwxTh91WOPiH7qSKb0mqMD3DEMAh8iOvGPQ8Y0LAw==

GET
H2 200 icomoon.woff
forums.malwarebytes.com/applications/core/interface/font/ 3 KB
3 KB 13ms
13ms Font
application/octet-stream 52.222.169.223
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://forums.malwarebytes.com/applications/core/interface/font/icomoon.woff?v=-29n77j
Requested by: Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.169.223 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-169-223.fra54.r.cloudfront.net
Software: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.32 /
Resource Hash: c4dc92b008688c213242cfaf0cbe2bfd0fc689326a7b878cbc1cfa8afd87b763

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://content.invisioncic.com/Mmalware/css_built_18/341e4a57816af3ba440d891ca87450ff_framework.css.aa017d96b8a0cbbb1cf93b7a0c015ffd.css.gz?v=eda510d912
Origin: https://forums.malwarebytes.com

Response headers

date: Wed, 16 Oct 2019 19:01:27 GMT
via: 1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
last-modified: Wed, 02 Oct 2019 16:12:39 GMT
server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/7.1.32
age: 222904
etag: "a74-593efbce2cbc0"
x-cache: Hit from cloudfront
status: 200
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA54
accept-ranges: bytes
content-length: 2676
x-amz-cf-id: G-WdqMaBMailosvCbi_-1GjaLYjhVM7-UYoLYQyPholhhRiRd6ithA==

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: forums.malwarebytes.com
URL: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i
Origin: https://forums.malwarebytes.com

Response headers

date: Fri, 22 Nov 2019 04:03:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 1071694
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11020
x-xss-protection: 0
expires: Sat, 21 Nov 2020 04:03:04 GMT

GET
H/1.1 200
OK MzM5MjI3fDE1NzA3NTM0NDI= Show response
sample-api-v2.crazyegg.com/n/812893/ 50 B
577 B 352ms
90ms XHR
text/html 54.235.117.167
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sample-api-v2.crazyegg.com/n/812893/MzM5MjI3fDE1NzA3NTM0NDI=?v=7&user_script_version=1575397043

Requested by

Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0081/2893.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.235.117.167 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-235-117-167.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

e841621bd51863a83fcbe50963a5a1a3132dd000d698df9fe5a2b8a95897e120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
Origin: https://forums.malwarebytes.com

Response headers

Date: Wed, 04 Dec 2019 13:44:39 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.12.1
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET
Content-Type: text/html;charset=utf-8
Access-Control-Allow-Origin: *
Cache-control: no-cache="set-cookie"
Connection: keep-alive
Content-Length: 50
X-XSS-Protection: 1; mode=block

GET
H2

200

activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766
8019375.fls.doubleclick.net/ Frame A316
Redirect Chain

https://8019375.fls.doubleclick.net/activityi;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766?
https://8019375.fls.doubleclick.net/activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333....

0
0

20ms
20ms

Document
text/html

172.217.21.230
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://8019375.fls.doubleclick.net/activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8019375.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://forums.malwarebytes.com/topic/207285-removal-instructions-for-my-quick-converter/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Wed, 04 Dec 2019 13:44:39 GMT
expires: Wed, 04 Dec 2019 13:44:39 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 428
x-xss-protection: 0
set-cookie: IDE=AHWqTUm4TknRgYUHXNbLGdtLf6TEu1BjzoINaFR1cn8M5ZCabvRuxU0MLssjgLmS; expires=Mon, 28-Dec-2020 13:44:39 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Wed, 04 Dec 2019 13:44:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019375.fls.doubleclick.net/activityi;dc_pre=CLDv8ZyQnOYCFRPQdwod7VgJ6Q;src=8019375;type=malwa000;cat=malwa0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5564980459333.766?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 04-Dec-2019 13:59:39 GMT; path=/; domain=.doubleclick.net
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
forums.malwarebytes.com/	1970-01-19 05:39:13	Name: ips4_hasJS Value: true
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ips4_ipsTimezone Value: Europe/Berlin
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ct_fkp_timestamp Value: 0
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ct_ps_timestamp Value: 1575467079
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ct_pointer_data Value: 0
.malwarebytes.com/	1970-01-19 05:39:13	Name: _gid Value: GA1.2.1304156294.1575467079
.malwarebytes.com/	1970-01-19 05:37:47	Name: _gat Value: 1
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: SimpleSAMLSessionID Value: fe03968ebe0a8164f84ccb805d6d5ae0
.malwarebytes.com/	1970-01-19 23:08:59	Name: _ga Value: GA1.2.1903078762.1575467079
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ct_timezone Value: 0
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ips4_guestTime Value: 1575467078
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ips4_IPSSessionFront Value: 7o2jfrhrurtvgcfekttvl6corf
forums.malwarebytes.com/	1969-12-31 23:59:59	Name: ct_cookies_test Value: %7B%22cookies_names%22%3A%5B%5D%2C%22check_value%22%3A%229533b808c1c1d7b1afde9a8986ca2daf%22%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.0ddd80c1a0cdb9664f0854c7930fe6e9.js.gz(Line 18) Message: %cThis is a browser feature intended for developers. Do not paste any code here given to you by someone else. It may compromise your account or have other negative side effects. font-weight: bold; font-size: 14px;

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	sameorigin
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8019375.fls.doubleclick.net
bat.bing.com
content.invisioncic.com
fonts.googleapis.com
fonts.gstatic.com
forums.malwarebytes.com
sample-api-v2.crazyegg.com
script.crazyegg.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
172.217.21.230
2600:9000:2043:4800:1e:ebe7:1480:93a1
2606:4700::6813:9308
2620:1ec:c11::200
2a00:1450:4001:800::2004
2a00:1450:4001:806::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::2003
2a00:1450:4001:820::200a
2a00:1450:4001:821::2008
2a00:1450:400c:c08::9a
52.222.169.223
54.235.117.167
02a8c27fe9b82dcb04c0061373b64d0a90a20834a486c3942d339b015d97edae
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
105e986d60d3311d2391505ac139343ed91e4cc13f93892718ce92c67eea2d01
159308ebb6cd30326aa68872f9a327c7b99ec1a2d167d509ff333bec2e098b79
1e3b116d82e49ced664d977fb00be0a35016f110f249b353e493e5f3d9f86361
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ed0ba5e0544b1811d2c647208a28b5ffd310aa67663f1dd55c06f9e394ff211
544d0f6452e25d1961b4d6acbe7570465d3226e451396695def72eabc4ae8c8a
576abb2fcd75b6372bccc6c8f308c0f0ed8b8de4420a8d3aedab1d6a650589a5
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6047500c69cf1bf4710aaa3b2324c29f774b5180e608000e19fffa828d9768ba
61c330480d49d2c9c9caf0dbf4822c469c4fbe83ed5d216edec83617b45bcd43
6941482d844f6ac65ed275476aec9456a3c88273c69818ddfba47363c5e8966d
6a1f8f243c85f0023dcf30a77a626a1885076cbcc5e268129f6e1f978713df3f
87405cd3ae92e5e1a2601409c20f6c41246aef54af274919b9a21c789c5399bc
98e4e94fb1a187ebfd0288ad44e17a4b697783d467bf6a2408ea03fa18bf5510
9eae644b41d78c64dbbaf4b4579441e4f7c5e8665786876ec9c3f04eb356214a
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b205e1f29eb67183b5c3008c3de8446373fe9bfcfed7b08ab0f1ec84ab81e28c
c003d5a094e07dd4b93f9cb7dc877814ce3563c0d72f27c630759d2eaac69b3f
c451e968e926da4739ed2dd2a66a18f7b7c072235da7db7bce15a8ddb7acfaf8
c4dc92b008688c213242cfaf0cbe2bfd0fc689326a7b878cbc1cfa8afd87b763
c90dd4aa28a47571696f2cdbe5aff456de88a9cc3b6a0865e7524761696070ab
ccc4881704fdf01d078cfbf3115a1809578034cc577636eb4304f197ed7b04b9
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bc15fa24b8f81c4ed4c49bf751a5ae00c7e470503947d650b794b970f46df8
e841621bd51863a83fcbe50963a5a1a3132dd000d698df9fe5a2b8a95897e120
ea40ba8604c85721aeead0b8a71ea085c4196bedca9c1a9d2a525e10e745bdf1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0bec4e20bc4af56f95159be1e6dd93c1150eae46e1aabd71db1b5d937af44bb
f60e704278243c82c28bc263d0ad6f0fbda6f71099c6e72b799e0b719dba5d50
fb1a5c8f738456fc3d945fa837c7f2ea7d5f4f8ced2af58481c03fb7c57661ee
fe2bc241753bf59aa82a20ef2379aa17c706e3056f844e42cf92472d044f0495

forums.malwarebytes.com Open in urlscan Pro 52.222.169.223 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

35 Requests

100 %HTTPS

77 %IPv6

11 Domains

13 Subdomains

12 IPs

3 Countries

747 kBTransfer

2041 kBSize

13 Cookies

59 Outgoing links

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

forums.malwarebytes.com Open in urlscan Pro
52.222.169.223 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

100 %
HTTPS

77 %
IPv6

11
Domains

13
Subdomains

12
IPs

3
Countries

747 kB
Transfer

2041 kB
Size

13
Cookies

35 HTTP transactions
1 data transactions