www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Submission: On December 28 via manual (December 28th 2023, 3:03:45 am UTC) from JP — Scanned from JP

Summary HTTP 178 Redirects Behaviour Indicators

Summary

This website contacted 52 IPs in 9 countries across 69 domains to perform 178 HTTP transactions. The main IP is 104.20.59.209, located in and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com. The Cisco Umbrella rank of the primary domain is 81262.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 4th 2023. Valid for: a year.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	104.20.59.209 104.20.59.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2404:6800:400... 2404:6800:4004:824::2008	15169 (GOOGLE) (GOOGLE)
5	104.26.13.6 104.26.13.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 6	2404:6800:400... 2404:6800:4004:820::200e	15169 (GOOGLE) (GOOGLE)
6 11	2404:6800:400... 2404:6800:4004:801::200d	15169 (GOOGLE) (GOOGLE)
3	18.211.231.38 18.211.231.38	14618 (AMAZON-AES) (AMAZON-AES)
1 1	13.226.210.65 13.226.210.65	16509 (AMAZON-02) (AMAZON-02)
1	192.0.66.233 192.0.66.233	2635 (AUTOMATTIC) (AUTOMATTIC)
5	2404:6800:400... 2404:6800:4004:808::200e	15169 (GOOGLE) (GOOGLE)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
4	2606:4700::68... 2606:4700::6812:14ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.174.105 13.33.174.105	16509 (AMAZON-02) (AMAZON-02)
1	99.84.55.102 99.84.55.102	16509 (AMAZON-02) (AMAZON-02)
1 29	172.64.146.152 172.64.146.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
1	34.160.152.31 34.160.152.31	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.217.26.230 172.217.26.230	15169 (GOOGLE) (GOOGLE)
1	23.40.153.132 23.40.153.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1901:0:7... 2600:1901:0:7416::1	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2404:6800:400... 2404:6800:4004:824::200e	15169 (GOOGLE) (GOOGLE)
2	34.111.152.239 34.111.152.239	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	18.172.52.40 18.172.52.40	16509 (AMAZON-02) (AMAZON-02)
1	99.84.55.28 99.84.55.28	16509 (AMAZON-02) (AMAZON-02)
2	34.120.117.212 34.120.117.212	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a03:2880:f10... 2a03:2880:f10f:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2404:6800:400... 2404:6800:4004:811::2002	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:820::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:216... 2600:9000:2163:7800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:34ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.32.49.23 13.32.49.23	16509 (AMAZON-02) (AMAZON-02)
1 4	18.65.185.71 18.65.185.71	16509 (AMAZON-02) (AMAZON-02)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
3	2606:4700:10:... 2606:4700:10::ac43:17ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	52.220.125.144 52.220.125.144	16509 (AMAZON-02) (AMAZON-02)
1	143.204.86.24 143.204.86.24	16509 (AMAZON-02) (AMAZON-02)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2.18.148.25 2.18.148.25	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1	3.109.191.131 3.109.191.131	16509 (AMAZON-02) (AMAZON-02)
2 2	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.92.19.245 54.92.19.245	16509 (AMAZON-02) (AMAZON-02)
2 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	2001:df2:a300... 2001:df2:a300:bbbb::135	6336 (TURN-US-ASN) (TURN-US-ASN)
2 2	35.71.178.8 35.71.178.8	16509 (AMAZON-02) (AMAZON-02)
2 2	103.43.89.4 103.43.89.4	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	74.118.186.107 74.118.186.107	6336 (TURN-US-ASN) (TURN-US-ASN)
1 1	23.106.127.164 23.106.127.164	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
1 1	23.208.233.60 23.208.233.60	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.40.149.60 23.40.149.60	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	74.214.196.131 74.214.196.131	19189 (PULSEPOINT) (PULSEPOINT)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.214.242.157 35.214.242.157	15169 (GOOGLE) (GOOGLE)
2 2	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	52.77.167.172 52.77.167.172	16509 (AMAZON-02) (AMAZON-02)
1 1	2600:1f18:612... 2600:1f18:612b:4216:17ab:830b:3ca7:8552	14618 (AMAZON-AES) (AMAZON-AES)
1 1	139.99.123.207 139.99.123.207	16276 (OVH) (OVH)
2 2	3.227.155.145 3.227.155.145	14618 (AMAZON-AES) (AMAZON-AES)
1 1	159.203.147.11 159.203.147.11	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	72.34.250.75 72.34.250.75	27630 (AS-XFERNET) (AS-XFERNET)
1 1	52.76.225.212 52.76.225.212	16509 (AMAZON-02) (AMAZON-02)
1	142.234.204.77 142.234.204.77	396362 (LEASEWEB-...) (LEASEWEB-USA-NYC)
1 1	52.45.111.235 52.45.111.235	14618 (AMAZON-AES) (AMAZON-AES)
2 4	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
4	182.161.74.11 182.161.74.11	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
2	2600:1901:0:2... 2600:1901:0:2b56::1	15169 (GOOGLE) (GOOGLE)
178	52

42 104.20.59.209 (None, )

ASN13335 (CLOUDFLARENET, US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4004:824::2008 (Australia)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.26.13.6 (None, )

ASN13335 (CLOUDFLARENET, US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2404:6800:4004:820::200e (Australia) 6 redirects

ASN15169 (GOOGLE, US)

sites.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2404:6800:4004:801::200d (Australia) 6 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.211.231.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-231-38.compute-1.amazonaws.com

ssl-proxy-updated.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.210.65 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-226-210-65.lax50.r.cloudfront.net

www.malwarebytes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.66.233 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

www.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2404:6800:4004:808::200e (Australia)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:14ce (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.174.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-174-105.nrt57.r.cloudfront.net

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.55.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-55-102.nrt20.r.cloudfront.net

ecdn.firstimpression.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 172.64.146.152 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ins.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cks.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f00f:8:face:b00c:0:1 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.152.31 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 31.152.160.34.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.26.230 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s51-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.40.153.132 (Tokyo, Japan)

ASN16625 (AKAMAI-AS, US)
PTR: a23-40-153-132.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:7416::1 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

functionalfeather.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4004:824::200e (Australia)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.152.239 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.152.111.34.bc.googleusercontent.com

optimise.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.172.52.40 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-172-52-40.nrt20.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.55.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-55-28.nrt20.r.cloudfront.net

cdn.firstimpression.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.117.212 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 212.117.120.34.bc.googleusercontent.com

ls.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f10f:83:face:b00c:0:25de (Tokyo, Japan)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4004:811::2002 (Australia)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:820::2003 (Australia)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2163:7800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:34ad (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.hadronid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.49.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-49-23.nrt57.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.65.185.71 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-65-185-71.nrt57.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::ac43:17ea (United States)

ASN13335 (CLOUDFLARENET, US)

id.hadron.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.220.125.144 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-220-125-144.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.86.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-86-24.nrt12.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.148.25 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-18-148-25.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.109.191.131 (Mumbai, India)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-109-191-131.ap-south-1.compute.amazonaws.com

tag.escalated.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.92.19.245 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-92-19-245.ap-northeast-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:df2:a300:bbbb::135 (United States) 2 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.178.8 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ade9ecc7904667038.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.43.89.4 (Singapore, Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.118.186.107 (Serangoon New Town, Singapore) 4 redirects

ASN6336 (TURN-US-ASN, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.106.127.164 (Singapore, Singapore) 1 redirects

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.208.233.60 (Tokyo, Japan) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-208-233-60.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.40.149.60 (Tokyo, Japan)

ASN16625 (AKAMAI-AS, US)
PTR: a23-40-149-60.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.196.131 (Sunnyvale, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

i.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.242.157 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 157.242.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.98.134.241 (United States) 2 redirects

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.77.167.172 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-77-167-172.ap-southeast-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:17ab:830b:3ca7:8552 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

connatix-supply-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.99.123.207 (Singapore, Singapore) 1 redirects

ASN16276 (OVH, FR)
PTR: ads5-sgp.stickyadstv.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.227.155.145 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-227-155-145.compute-1.amazonaws.com

vop.sundaysky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.203.147.11 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.resetdigital.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.34.250.75 (Hemet, United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.76.225.212 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-76-225-212.ap-southeast-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.234.204.77 (Edison, United States)

ASN396362 (LEASEWEB-USA-NYC, US)

xsync.iqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.111.235 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-111-235.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:100:a001::c (United States) 2 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 182.161.74.11 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.118 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:2b56::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

merequartz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	bleepingcomputer.com www.bleepingcomputer.com — Cisco Umbrella Rank: 81262	242 KB
29	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3607 cds.connatix.com — Cisco Umbrella Rank: 3703 capi.connatix.com — Cisco Umbrella Rank: 1010 ins.connatix.com — Cisco Umbrella Rank: 4899 cks.connatix.com — Cisco Umbrella Rank: 5016 vid.connatix.com Failed	372 KB
22	google.com 12 redirects sites.google.com — Cisco Umbrella Rank: 3144 accounts.google.com — Cisco Umbrella Rank: 23 apis.google.com — Cisco Umbrella Rank: 116 developers.google.com Failed	143 KB
9	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 4161 r.skimresources.com — Cisco Umbrella Rank: 4070 t.skimresources.com — Cisco Umbrella Rank: 4279 p.skimresources.com — Cisco Umbrella Rank: 5174 ls.skimresources.com — Cisco Umbrella Rank: 12169	17 KB
8	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 424 mug.criteo.com — Cisco Umbrella Rank: 2811	2 KB
5	crwdcntrl.net 1 redirects tags.crwdcntrl.net — Cisco Umbrella Rank: 979 bcp.crwdcntrl.net — Cisco Umbrella Rank: 850 sync.crwdcntrl.net — Cisco Umbrella Rank: 799	25 KB
5	pub.network a.pub.network — Cisco Umbrella Rank: 4449 d.pub.network — Cisco Umbrella Rank: 4680	369 KB
5	bleepstatic.com www.bleepstatic.com — Cisco Umbrella Rank: 103333	8 KB
4	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 331	2 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 893 id5-sync.com — Cisco Umbrella Rank: 425	68 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 306 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 614	76 KB
4	doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 139 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196	194 KB
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 546	2 KB
3	ad.gt id.hadron.ad.gt — Cisco Umbrella Rank: 1673	535 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 172	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	herokuapp.com ssl-proxy-updated.herokuapp.com	6 KB
2	merequartz.com merequartz.com — Cisco Umbrella Rank: 12128	423 B
2	sundaysky.com 2 redirects vop.sundaysky.com — Cisco Umbrella Rank: 2302	1 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 465	1 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 681	1 KB
2	rubiconproject.com 1 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 946 eus.rubiconproject.com — Cisco Umbrella Rank: 588	142 B
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 478	2 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 372	824 B
2	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 773	893 B
2	bidr.io 1 redirects match.prod.bidr.io — Cisco Umbrella Rank: 563	533 B
2	casalemedia.com 2 redirects ssum.casalemedia.com — Cisco Umbrella Rank: 1351	1 KB
2	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1639 us-u.openx.net Failed	550 B
2	intentiq.com api.intentiq.com Failed sync.intentiq.com — Cisco Umbrella Rank: 846 sync1.intentiq.com — Cisco Umbrella Rank: 2869	2 KB
2	optimise.net optimise.net — Cisco Umbrella Rank: 5012	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	89 KB
2	firstimpression.io ecdn.firstimpression.io — Cisco Umbrella Rank: 29771 cdn.firstimpression.io — Cisco Umbrella Rank: 28605	101 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	143 KB
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 940	284 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 836	522 B
1	iqzone.com xsync.iqzone.com — Cisco Umbrella Rank: 5130	748 B
1	sharethrough.com 1 redirects match.sharethrough.com — Cisco Umbrella Rank: 495	266 B
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 951	711 B
1	resetdigital.co 1 redirects sync.resetdigital.co — Cisco Umbrella Rank: 2045	418 B
1	stickyadstv.com 1 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 526	592 B
1	tremorhub.com 1 redirects connatix-supply-partners.tremorhub.com — Cisco Umbrella Rank: 10216	426 B
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 582	531 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 870	279 B
1	ctnsnet.com 1 redirects i.ctnsnet.com — Cisco Umbrella Rank: 5579	452 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 501	860 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 742	325 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258	468 B
1	escalated.io tag.escalated.io — Cisco Umbrella Rank: 39721	31 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1042	17 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	902 B
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2133	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1740	8 KB
1	hadronid.net cdn.hadronid.net — Cisco Umbrella Rank: 1790	10 KB
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 602	482 B
1	gstatic.com ssl.gstatic.com	6 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98
1	functionalfeather.com functionalfeather.com — Cisco Umbrella Rank: 37692	24 KB
1	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 2138	1 KB
1	analysis.fi ecdn.analysis.fi — Cisco Umbrella Rank: 32314	2 KB
1	malwarebytes.com www.malwarebytes.com — Cisco Umbrella Rank: 151646
1	malwarebytes.org 1 redirects www.malwarebytes.org	280 B
0	googleapis.com Failed imasdk.googleapis.com Failed
0	liadm.com Failed i.liadm.com Failed
0	colossusssp.com Failed sync.colossusssp.com Failed
0	rlcdn.com Failed id.rlcdn.com Failed
0	media.net Failed cs.media.net Failed
0	yellowblue.io Failed cs-server-s2s.yellowblue.io Failed
0	pubmatic.com Failed ads.pubmatic.com Failed
0	33across.com Failed ssc-cms.33across.com Failed
178	69

	Domain	Requested by
42	www.bleepingcomputer.com	www.bleepingcomputer.com
16	cks.connatix.com	blank
11	accounts.google.com	6 redirects www.bleepingcomputer.com blank apis.google.com
6	capi.connatix.com	1 redirects www.bleepingcomputer.com cds.connatix.com blank
6	sites.google.com	6 redirects
5	cds.connatix.com	cd.connatix.com cds.connatix.com
5	apis.google.com	www.bleepingcomputer.com apis.google.com accounts.google.com
5	www.bleepstatic.com	www.bleepingcomputer.com
4	mug.criteo.com	blank
4	gum.criteo.com	2 redirects
4	match.adsrvr.org	2 redirects a.pub.network
4	a.pub.network	www.bleepingcomputer.com a.pub.network
3	sync.1rx.io	3 redirects
3	id.hadron.ad.gt	cdn.hadronid.net a.pub.network
3	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
3	securepubads.g.doubleclick.net	a.pub.network securepubads.g.doubleclick.net cds.connatix.com
3	sb.scorecardresearch.com	1 redirects a.pub.network www.bleepingcomputer.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	t.skimresources.com	www.bleepingcomputer.com s.skimresources.com
3	ssl-proxy-updated.herokuapp.com	www.bleepingcomputer.com
2	merequartz.com	blank
2	vop.sundaysky.com	2 redirects
2	pixel.tapad.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	secure.adnxs.com	2 redirects
2	eb2.3lift.com	2 redirects
2	ad.turn.com	2 redirects
2	match.prod.bidr.io	1 redirects blank
2	ssum.casalemedia.com	2 redirects
2	id5-sync.com	cdn.id5-sync.com
2	oajs.openx.net	1 redirects blank
2	bcp.crwdcntrl.net	tags.crwdcntrl.net
2	cdn.id5-sync.com	securepubads.g.doubleclick.net www.bleepingcomputer.com
2	tags.crwdcntrl.net	securepubads.g.doubleclick.net cds.connatix.com
2	ls.skimresources.com	s.skimresources.com
2	optimise.net	a.pub.network
2	p.skimresources.com	www.bleepingcomputer.com
2	connect.facebook.net	www.bleepingcomputer.com connect.facebook.net
2	www.googletagmanager.com	www.bleepingcomputer.com www.googletagmanager.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	sync.ipredictive.com	1 redirects
1	xsync.iqzone.com	cds.connatix.com
1	match.sharethrough.com	1 redirects
1	sync.go.sonobi.com	1 redirects
1	sync.resetdigital.co	1 redirects
1	ads.stickyadstv.com	1 redirects
1	connatix-supply-partners.tremorhub.com	1 redirects
1	ads.yieldmo.com	1 redirects
1	sync.crwdcntrl.net	1 redirects
1	csync.loopme.me	1 redirects
1	i.ctnsnet.com	1 redirects
1	bh.contextweb.com	1 redirects
1	eus.rubiconproject.com	cds.connatix.com
1	secure-assets.rubiconproject.com	1 redirects
1	ssbsync.smartadserver.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	ins.connatix.com	cds.connatix.com
1	tag.escalated.io	ecdn.firstimpression.io
1	secure.cdn.fastclick.net	www.bleepingcomputer.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	sync1.intentiq.com	www.bleepingcomputer.com
1	sync.intentiq.com	1 redirects www.bleepingcomputer.com
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.hadronid.net	a.pub.network
1	static.adsafeprotected.com	www.bleepingcomputer.com
1	ssl.gstatic.com	accounts.google.com
1	www.facebook.com	connect.facebook.net
1	cdn.firstimpression.io	ecdn.firstimpression.io
1	functionalfeather.com	a.pub.network
1	widgets.outbrain.com	www.bleepingcomputer.com
1	ad.doubleclick.net	www.bleepingcomputer.com
1	d.pub.network	www.bleepingcomputer.com
1	r.skimresources.com	s.skimresources.com
1	cd.connatix.com	www.bleepingcomputer.com
1	ecdn.firstimpression.io	www.bleepingcomputer.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	s.skimresources.com	www.bleepingcomputer.com
1	www.malwarebytes.com	www.bleepingcomputer.com
1	www.malwarebytes.org	1 redirects
0	vid.connatix.com Failed	cds.connatix.com
0	imasdk.googleapis.com Failed	cds.connatix.com
0	i.liadm.com Failed	www.bleepingcomputer.com
0	sync.colossusssp.com Failed	www.bleepingcomputer.com
0	id.rlcdn.com Failed	www.bleepingcomputer.com
0	cs.media.net Failed	www.bleepingcomputer.com
0	us-u.openx.net Failed	www.bleepingcomputer.com
0	cs-server-s2s.yellowblue.io Failed	cds.connatix.com
0	ads.pubmatic.com Failed	cds.connatix.com
0	ssc-cms.33across.com Failed	cds.connatix.com
0	api.intentiq.com Failed	a.pub.network
0	developers.google.com Failed	apis.google.com
178	93

This site contains no links.

Subject Issuer	Validity	Valid
bleepingcomputer.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-04` - `2024-05-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-16` - `2024-04-15`	a year	crt.sh
*.herokuapp.com Amazon RSA 2048 M01	`2023-04-02` - `2024-04-30`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.skimresources.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-11-07`	a year	crt.sh
analysis.fi Amazon RSA 2048 M01	`2023-10-04` - `2024-10-31`	a year	crt.sh
*.firstimpression.io Sectigo RSA Domain Validation Secure Server CA	`2023-11-28` - `2024-12-05`	a year	crt.sh
connatix.com GTS CA 1P5	`2023-11-04` - `2024-02-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-06` - `2024-01-04`	3 months	crt.sh
d.pub.network GTS CA 1D4	`2023-12-03` - `2024-03-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
functionalfeather.com R3	`2023-10-14` - `2024-01-12`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
optimise.net GTS CA 1D4	`2023-11-19` - `2024-02-17`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2023-12-11` - `2024-12-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
hadronid.net GTS CA 1P5	`2023-12-03` - `2024-03-02`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-12-23` - `2024-03-22`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
secure.cdn.fastclick.net DigiCert TLS RSA SHA256 2020 CA1	`2023-10-03` - `2024-10-03`	a year	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.escalated.io Amazon RSA 2048 M01	`2023-03-28` - `2024-04-25`	a year	crt.sh
*.rubiconproject.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-07` - `2024-04-03`	a year	crt.sh
*.iqzone.com Go Daddy Secure Certificate Authority - G2	`2023-04-05` - `2024-05-06`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
merequartz.com R3	`2023-12-05` - `2024-03-04`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Frame ID: 044C791FB967A352EFC022E54F26A9E0
Requests: 144 HTTP requests in this frame

Frame: https://cd.connatix.com/connatix.playspace.js
Frame ID: 279F7D70EDCB101DF2F31F7FC4DD5B1A
Requests: 17 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6230140835449425
Frame ID: DECDE0685513C390B1D9E11FAC5FB3B7
Requests: 1 HTTP requests in this frame

Frame: https://developers.google.com/
Frame ID: 6F417C4EA321F6A856389980D0A2F9DE
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__
Frame ID: 635A7489385FDEE59D5C11AF80140386
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east&gdpr=0
Frame ID: D5B54CFAB68D442E76CE43D91B048F02
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002y7TWTAA2&ru=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D37%26UserId%3D4aa687c0ea4749108f738a5e7bd6d0e5%26DemandPartnerName%3D_33Across%26tier%3D2%26DemandPartnerUserId%3D33XUSERID33X&gdpr=0
Frame ID: 8CF673E282B6F92B70C2DE2DE51A937C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156592&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3D4aa687c0ea4749108f738a5e7bd6d0e5%26DemandPartnerName%3DPubmatic%26tier%3D2%26DemandPartnerUserId%3D&gdpr=0
Frame ID: 9F4C701456B20CCC270E3C0EE4685CE5
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr={gdpr}&gdpr_consent={gdpr_consent}&redirect=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d24%26ev%3d4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3dIronSource%26api-tier%3d2%26uid%3d{partnerId}%26direct%3D1
Frame ID: F05B40CA8192904B59DF3A2A91ACE3A1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

script.aculo.us (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/(?:scriptaculous|protoaculous)(?:\.js|/)

Page Statistics

178
Requests

75 %
HTTPS

27 %
IPv6

69
Domains

93
Subdomains

52
IPs

9
Countries

1987 kB
Transfer

7101 kB
Size

63
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/Minion%20Welcome.jpg HTTP 302
https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion+Welcome.jpg HTTP 302
https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-formatting/Minion%2BWelcome.jpg&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-formatting/Minion%2BWelcome.jpg HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-formatting/Minion%2BWelcome.jpg&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-formatting/Minion%2BWelcome.jpg&passive=1209600&service=jotspot&ifkv=ASKXGp1gQO6es2Q59iBrMWp2hyYJ-h5uW0TI7PlmVYfQ7TKcQ3PMckdK0RYaAg-uif_hZDuISeEzHQ HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&ifkv=ASKXGp240npZE7NsbU8FY8DNG87qg1J3asWu0nNvvpLBWHRe1vbV98Pa8Gco_mUiUe7KvCMTkQgbZA&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385206373%3A1703732597579792&theme=glif

Request Chain 22

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif HTTP 302
https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif HTTP 302
https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/farbar-recovery-scan-tool/FRST.gif&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/farbar-recovery-scan-tool/FRST.gif HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/farbar-recovery-scan-tool/FRST.gif&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/farbar-recovery-scan-tool/FRST.gif&passive=1209600&service=jotspot&ifkv=ASKXGp3qspD7rxJWBzbHoz2lLjLyU65QpPj7kCsOIwxYLk2icaqJ4f-SG4_trSMa58Xo2i7kVVQLSw HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&ifkv=ASKXGp2KrOxKNjEEK_QewIaGC12OFbhTUUTA2ZwzCWGnq2hd2ZW4tRieb-mFzxnhUgY9uqpm_EwV6g&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S520891970%3A1703732598573617&theme=glif

Request Chain 23

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg HTTP 302
https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg HTTP 302
https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg&followup=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg&passive=1209600&service=jotspot&ifkv=ASKXGp1PlfhqFu3GaIf3BJyYTWBuAgg0VYRkNmYE-khZFpDpIDWwXvGzjX0xMLISi-O9SZWSDtGmUw HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&ifkv=ASKXGp12EJft54M2O0clXiWPe0nJOeD3vFfIPt9rrOAXuKsECJ5OnunCXX_dMPiksCd-dBRoiBouVg&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-33114427%3A1703732598355181&theme=glif

Request Chain 24

https://www.malwarebytes.org/images/staff.png HTTP 301
https://www.malwarebytes.com/images/staff.png

Request Chain 68

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__ HTTP 301
https://developers.google.com/

Request Chain 94

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1703732597390&ns_c=windows-1252&cs_ucfr=&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&c8=Computer%20infected%20w%2F%20rootkit%20from%20Gmer%20scan%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1703732597390&ns_c=windows-1252&cs_ucfr=&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&c8=Computer%20infected%20w%2F%20rootkit%20from%20Gmer%20scan%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&c9=

Request Chain 101

https://capi.connatix.com/core/sync HTTP 302
https://capi.connatix.com/core/sync?final=true&UserScoringType=Enabled&ImplementationType=0

Request Chain 113

https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=398745&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&tsrnd=502_1703732597633&vrref=www.bleepingcomputer.com&jsver=5.4&abtp=95&abtg=A HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=398745&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&tsrnd=502_1703732597633&vrref=www.bleepingcomputer.com&jsver=5.4&abtp=95&abtg=A&ckls=true&ci=Jhunkzb9iq&nc=false&trid=1062855676

Request Chain 120

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&rid=esp&cc=1

Request Chain 126

https://ssum.casalemedia.com/usermatchredir?s=190549&cb=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D17%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DIndex%26api-tier%3D2%26uid%3D&gdpr=0 HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D17%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DIndex%26api-tier%3D2%26uid%3D&gdpr=0&s=190549&C=1 HTTP 302
https://cks.connatix.com/cks?pid=17&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Index&api-tier=2&uid=ZYzldSySS0asMmrfjUX57AAA%265463

Request Chain 127

https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&gdpr=0 HTTP 303
https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&gdpr=0&_bee_ppp=1

Request Chain 128

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gapzaid&ttd_tpi=1&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gapzaid&ttd_tpi=1&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=19&uid=6d989a68-f294-476a-b80c-00b5eeb960b2&ttl=1706324597

Request Chain 129

https://ad.turn.com/r/cs?pid=67&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D21%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DAmobee%26api-tier%3D2%26uid%3D%23USER_ID%23&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=21&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Amobee&api-tier=2&uid=7581128887850851282

Request Chain 130

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D25%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DTripleLift%26api-tier%3D2%26uid%3D%24UID&gdpr=0 HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D25%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DTripleLift%26api-tier%3D2%26uid%3D%24UID HTTP 302
https://cks.connatix.com/cks?pid=25&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=TripleLift&api-tier=2&uid=765688554414051114869

Request Chain 131

https://secure.adnxs.com/getuid?https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D6%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DAppNexus%26api-tier%3D2%26uid%3D%24UID=&gdpr=0 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcks.connatix.com%252Fcks%253Fpid%253D6%2526ev%253D4aa687c0ea4749108f738a5e7bd6d0e5%2526pname%253DAppNexus%2526api-tier%253D2%2526uid%253D%2524UID%3D%26gdpr%3D0 HTTP 302
https://cks.connatix.com/cks?pid=6&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=AppNexus&api-tier=2&uid=4490771283231374823=&gdpr=0

Request Chain 132

https://sync.1rx.io/usersync2/rmpssp?sub=connatix&gdpr=0 HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=connatix&zcc=1&cb=1703732598217 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=4502834451 HTTP 302
https://sync.1rx.io/usersync/turn/7581128887850851282?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004?redir=https%3A%2F%2Fcapi.connatix.com%2Fus%2Fpixel%3Fpuid%3DRX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004%26pId%3D44 HTTP 302
https://capi.connatix.com/us/pixel?puid=RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004&pId=44

Request Chain 133

https://ssbsync.smartadserver.com/api/sync?callerId=6&gdpr=0&gdpr_consent=null HTTP 302
https://capi.connatix.com/us/pixel?puid=8233903385909417739&pId=40&gdpr=0&gdpr_consent=

Request Chain 134

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=19564_2&endpoint=us-east&gdpr=0 HTTP 301
https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east&gdpr=0

Request Chain 137

https://bh.contextweb.com/bh/rtset?pid=561340&daaqp=1&ev=1&rurl=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D13%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DPulsePoint%26api-tier%3D2%26uid%3D%25%25VGUID%25%25&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=13&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=PulsePoint&api-tier=2&uid=fYkYDhl0dn01

Request Chain 138

https://i.ctnsnet.com/int/cm?exc=24&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D28%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCrimtan%26api-tier%3D2%26uid%3D%5Buser_id%5D&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=28&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Crimtan&api-tier=2&uid=899ad57f65394947a30b95e28a05bf7d

Request Chain 139

https://csync.loopme.me/?redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D18%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DLoopMe%26api-tier%3D2%26uid%3D%7Bdevice_id%7D%26pubid%3D11186&gdpr=0 HTTP 307
https://cks.connatix.com/cks?pid=18&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=LoopMe&api-tier=2&uid=51ab54d4-6840-43a8-a3b9-a6c928d70207&pubid=11186&gdpr=0

Request Chain 140

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=105&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCentro%26api-tier%3D2%26uid%3D%7BuserId%7D&gdpr=0 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=105&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCentro%26api-tier%3D2%26uid%3D%7BuserId%7D&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50%26partner_url%3Dhttps%253A%252F%252Fcks.connatix.com%252Fcks%253Fpid%253D9%2526ev%253D4aa687c0ea4749108f738a5e7bd6d0e5%2526pname%253DCentro%2526api-tier%253D2%2526uid%253D84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50%2526gdpr%253D0 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&partner_url=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCentro%26api-tier%3D2%26uid%3D84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50%26gdpr%3D0 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&partner_url=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCentro%26api-tier%3D2%26uid%3D84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50%26gdpr%3D0 HTTP 302
https://cks.connatix.com/cks?pid=9&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Centro&api-tier=2&uid=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&gdpr=0

Request Chain 141

https://ads.yieldmo.com/pbsync?is=smartnews&redirectUri=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D39%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DYieldMo%26api-tier%3D2%26uid%3D%24UID&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=39&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=YieldMo&api-tier=2&uid=3zA7mLL__uLP8nROGOoo&gdpr=0

Request Chain 142

https://connatix-supply-partners.tremorhub.com/sync?UISCX=4aa687c0ea4749108f738a5e7bd6d0e5&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D5%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DTelaria%26api-tier%3D2%26uid%3D%5BTVUSER_ID%5D&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=5&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Telaria&api-tier=2&uid=9236d94323db4abbbb4a9eaf6d475044

Request Chain 143

https://ads.stickyadstv.com/user-matching?id=3672&_fw_gdpr=0&_fw_gdpr_consent=null&gdpr=0 HTTP 302
https://capi.connatix.com/core/us?DemandPartner=33&DemandPartnerName=FreeWheel&DemandPartnerUserId=2cf7911d33a9a2f0ce9e7170558a19ec&_fw_gdpr=0&_fw_gdpr_consent=null&gdpr=0

Request Chain 146

https://vop.sundaysky.com/sync/dmp?redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D1%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DSundaySky%26api-tier%3D2%26uid%3D%24%7Bssky_uuid%7D&gdpr=0 HTTP 302
https://vop.sundaysky.com/sync/dmp?redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D1%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DSundaySky%26api-tier%3D2%26uid%3D%24%7Bssky_uuid%7D&gdpr=0&_cvt=t HTTP 302
https://cks.connatix.com/cks?pid=1&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=SundaySky&api-tier=2&uid=d6.e9ec8ad6ae74465aae267c01b7cee4b8

Request Chain 147

https://sync.resetdigital.co/csync?pid=connatix&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D35%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DResetDigital%26api-tier%3D2%26uid%3D%24USER_ID&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=35&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=ResetDigital&api-tier=2&uid=0000012521995E07

Request Chain 148

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D43%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DSonobi%26api-tier%3D2%26uid%3D%5BUID%5D&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=43&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Sonobi&api-tier=2&uid=51be1691-f25f-4506-83b5-862231b1dcef

Request Chain 149

https://match.sharethrough.com/universal/v1?supply_id=WIMKYDH0&gdpr=0&gdpr_consent=null&redirectUri=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d45%26ev%3d4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3dSharethrough%26api-tier%3d2%26uid%3d%7BUSER_ID%7D HTTP 302
https://cks.connatix.com/cks?pid=45&pname=Sharethrough&api-tier=1&uid=e78820b5-ab0b-4ea5-97f1-0bcf0815a326&gdpr=0&gdpr_consent=null

Request Chain 151

https://sync.ipredictive.com/d/sync/cookie/generic?partner=connatix&cspid=25&append=0&cb=%24%7BADELPHIC_CACHE_BUSTER%7D&redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D29%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DAdelphic%26api-tier%3D2%26uid%3D%24%7BADELPHIC_CUID%7D&gdpr=0 HTTP 302
https://cks.connatix.com/cks?pid=29&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Adelphic&api-tier=2&uid=73c16ecd-8a66-4df8-be6c-fae435e1b034

Request Chain 164

https://gum.criteo.com/sid/json?origin=prebid&topUrl=about%3A%2F%2F%2F&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=VrnhvnxoaWw4RGFhMnp0VjEwTHc2OFhZUmlTcHdXcStYUTl4V3U4Nk9JVHdSRnltT29GWUNkakFodEt6M293bFVYSzB6a1YwVjI5QUlNMFJFRWZLWk9zMWxlL01KKzJ2OGpZK1BXYU9VMzUvb0FlT0FJMXhaVU9jR0JlcTlTMzBzbHp5bkdSQlNlYlRWMFFMWmFmQ29kdXdpMkR6c1pvSG1xUFlRNkk1bVRDeEVyZ3A0WkgzV2p6cU51Uk0yeE9Hc3RJQXhLQVQvZEdoUDZrNGN2aWpIK2xnNkUrNUxicWZuR0J4a1BtcFIraGNYbTljPXw&cppv=2

Request Chain 170

https://gum.criteo.com/sid/json?origin=prebid&topUrl=about%3A%2F%2F%2F&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=iR2mS3xpdWtRL01ORXVXS2tSRUxFYUpiTkZXSVEzMHByVmk0Y2ozdjY2MG13RFk5aUs3Vlo1SW5oZzN2WDR3MGovVEtoS0E0WVhubHVkeE5OazN4ZS9UTjBnb0dvMmtpSE1qRGQwK2RZUGxIQm1OSUs0M0xnSUF2VWJPMEpKSDNuS0ZvUXY1UitUMjZsczVKZm42dmJNK20yQ2dmbWI2cm11Z3RFVmh0dUVGdkVvSGdFRUwzcmhsUGhkTUpINWFyMnpjak5FUE4vS0RneitHdUFlQnlIaTZ1YytMMG5sa0MyRmpwbjJxeXJaNmdUb3B3PXw&cppv=2

178 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/ 679 KB
86 KB 1749ms
1731ms Document
text/html 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf9e4cc3a5c30d57608480b928ea7c31021daf14680b4a5c13067488da6b0e22

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 83c691a52ab36857-NRT
content-encoding: br
content-security-policy: upgrade-insecure-requests;
content-type: text/html;charset=ISO-8859-1
date: Thu, 28 Dec 2023 03:03:15 GMT
expires: Wed, 27 Dec 2023 03:03:14 GMT
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN

GET
H2 200 prettify.css
www.bleepingcomputer.com/forums/public/style_css/ 2 KB
921 B 715ms
714ms Stylesheet
text/css 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/prettify.css?ipbv=cb53151ab62e5d8ff023919d3e70b208

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ecd7e00640c4115ea9864b429613b8406b81ee877baf7a797fe5a35abb18d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
etag: W/"89f-4dddda0323b00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=18000
cf-ray: 83c691affaf96857-NRT

GET
H2 200 prototype.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 177 KB
42 KB 923ms
923ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prototype.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48a4fd51466ac55d081ff932371021b328f118f74ee6ba93c0ec8fd163e34a30

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
etag: W/"2c25d-4dddd9fb82900-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b02b166857-NRT

GET
H2 200 ipb.js Show response
www.bleepingcomputer.com/forums/public/js/ 126 KB
31 KB 890ms
888ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=cb53151ab62e5d8ff023919d3e70b208&load=quickpm,hovercard,sharelinks,topic,like

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21780a2358e35c5221799a6842efb1c7240c0b4058b58858f99317d76c1084a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 15 Nov 2020 20:33:38 GMT
server: cloudflare
etag: W/"1f780-5b42b2d2db890-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b02b176857-NRT

GET
H2 200 scriptaculous-cache.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/ 78 KB
19 KB 875ms
873ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/scriptaculous-cache.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91cdba6793ef924b0d8436e1172cbcd6d25f1a35b015b54617a2b4f889e209a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 16 Nov 2020 16:14:01 GMT
server: cloudflare
etag: W/"13722-5b43baa8f0d38-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b02b196857-NRT

GET
H2 200 ipb.lang.js Show response
www.bleepingcomputer.com/forums/cache/lang_cache/1/ 29 KB
8 KB 698ms
697ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/cache/lang_cache/1/ipb.lang.js?nck=4b93cd7f1f76df9c2c1783aae5cc39b1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84089e98c276cff16c54b36d4784d469fbeb50be7f865fe6d7b5b3dcbc8adef8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 27 Apr 2023 17:53:06 GMT
server: cloudflare
etag: W/"75ae-5fa550765e065-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b02b1b6857-NRT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 132 KB
51 KB 200ms
46ms Script
application/javascript 2404:6800:4004:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:824::2008 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b80d4639f035aad6b47fdcefcf6cea9c66c853fd65ca4cd89f3ccaa8b28b8f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 51597
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Dec 2023 03:03:17 GMT

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/ 575 B
799 B 17ms
16ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe9d30276e3d66a71219ad2b0ed5a9663020a5c534557dd0f5c8ba71da4ebd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2252100
cf-polished: status=not_needed
content-length: 575
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "23f-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691b02b1c6857-NRT
expires: Mon, 01 Jan 2024 01:28:15 GMT

GET
H2 200 forum-logo.png
www.bleepstatic.com/logo/ 5 KB
5 KB 145ms
10ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logo/forum-logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e5a1148e6ba00dec0218671857bc04820e1a4628a6de00a659ece715a6ed2f6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1099395
cf-polished: origFmt=png, origSize=9361
content-disposition: inline; filename="forum-logo.webp"
content-length: 4656
cf-bgj: imgq:85,h2pri
last-modified: Fri, 26 Nov 2010 18:53:37 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5iAVK9t6LUlX%2FQoqgGVn9r2phejGYOlXz0H104ufSXXIU3f1iCdTOOB1WgszLotdogn8ha9vOrtHBEFV3DRwNZWab3UutnZPLbIEz%2Bj4WE%2Bhq%2FM1dj5NFM%2FMS%2B9SsZ47uzVGvY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691b108b62083-NRT
expires: Sun, 14 Jan 2024 09:39:59 GMT

GET
H2 200 useropts_arrow.png
www.bleepingcomputer.com/forums/public/style_images/master/ 81 B
221 B 19ms
18ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/useropts_arrow.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7451690fed2a104bf6ff86e5ab0b3a7d8393d26a859a4bad6ba81b1d7aa339d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2515022
cf-polished: origSize=129, status=vary_header_present
content-length: 81
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "81-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691b04b2d6857-NRT
expires: Fri, 29 Dec 2023 00:26:13 GMT

GET
H2 200 default_large.png
www.bleepingcomputer.com/forums/public/style_images/master/profile/ 2 KB
3 KB 20ms
19ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/profile/default_large.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f7ad438c88cd0653af6066d4c148e00824961112a865f9611e258b9f3cc0981

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 11088
cf-polished: origSize=2589, status=vary_header_present
content-length: 2456
cf-bgj: imgq:85,h2pri
last-modified: Wed, 09 Mar 2011 20:59:50 GMT
server: cloudflare
etag: "a1d-49e13027a9d80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691b06b3b6857-NRT
expires: Fri, 26 Jan 2024 23:58:27 GMT

GET
H2 200 lock.png
www.bleepingcomputer.com/forums/public/style_images/master/ 729 B
811 B 19ms
18ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lock.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28119ca11bc23f972f8e463761547044174823430b09a0f1fbfed91acbeb35d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:15 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 11088
cf-polished: status=not_needed
content-length: 729
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "2d9-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691b08b566857-NRT
expires: Fri, 26 Jan 2024 23:58:27 GMT

GET
H2 200 icon_share.png
www.bleepingcomputer.com/forums/public/style_images/master/ 188 B
421 B 19ms
12ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_share.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1832b7da0292ab076dfe046f8b1c2d5fcfd1bfb5628b7e21a3754a20308aa57

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1762645
cf-polished: origSize=1201, status=vary_header_present
content-length: 188
cf-bgj: imgq:85,h2pri
last-modified: Fri, 12 Oct 2012 09:31:38 GMT
server: cloudflare
etag: "4b1-4cbd95ac45280"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab706857-NRT
expires: Sat, 06 Jan 2024 17:25:51 GMT

GET
H2 200 post_top.png
www.bleepstatic.com/skin_images/bc/ 226 B
630 B 16ms
9ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/skin_images/bc/post_top.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efc6361ebe5a559578c83bf197d5407b7f6bf44f74d35c4ee8eb22c810fb34a7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 96713
cf-polished: origFmt=png, origSize=3076
content-disposition: inline; filename="post_top.webp"
content-length: 226
cf-bgj: imgq:85,h2pri
last-modified: Wed, 09 Jun 2010 03:08:32 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TQl0wSZ2WtKh1RrP%2FJ%2FamDuAomBiiLGrnYY%2BgcyLUPP4AJVM%2BLrC3nI28GCyKHFQIYQhCwktUNUwP1i7n%2By1eu6UAbsvI0kaPAyp5%2BL93752dlQJ095GD9ko34kzhy7qCmANey8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baaf1d2083-NRT
expires: Fri, 26 Jan 2024 00:11:22 GMT

GET
H2 200 bot.jpg
www.bleepstatic.com/images/site/forum/bots/ 934 B
1 KB 18ms
11ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/forum/bots/bot.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63e2dfceaeeb7e8b933fa7fe96048fac66ad3fab6ab270b8e4a28ce02c1b73ab

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 599227
cf-polished: qual=85, origFmt=jpeg, origSize=1566
content-disposition: inline; filename="bot.webp"
content-length: 934
cf-bgj: imgq:85,h2pri
last-modified: Tue, 20 Oct 2009 04:08:57 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SM5rZHCERNGwpELArdindsCzPtHU9cE9c%2F68h38fEcm4dCh1W7wtt6K56SB8BI7uGEq36%2FlfTEAORx3mgQwq6tPUZiMGS9iCMu%2FJJw9GrihIEV39n8sJyT%2FF3nJ0tEAu%2FvMiDxs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baaf1f2083-NRT
expires: Sat, 20 Jan 2024 04:36:08 GMT

GET
H2 200 photo-thumb-161049.gif
www.bleepingcomputer.com/forums/uploads/profile/ 3 KB
3 KB 22ms
15ms Image
image/gif 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-161049.gif?_r=0

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30f0c5746f4bd3d2c8afc6c38510ad98ba59e7b1aa1164a52e7bd419cb5f88b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 24179
cf-polished: origSize=2650, status=vary_header_present
content-length: 2636
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Feb 2013 13:24:50 GMT
server: cloudflare
etag: "a5a-4d5225e078c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab726857-NRT
expires: Fri, 26 Jan 2024 20:20:17 GMT

GET
H2 200 step1.gif
www.bleepstatic.com/images/site/icons/steps/ 442 B
795 B 362ms
355ms Image
image/gif 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/icons/steps/step1.gif
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ead3246ea931609ced3cda533e5fb5ab10fd0db4096518b7625b001c096120a7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
cf-cache-status: MISS
last-modified: Wed, 20 Feb 2013 15:09:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b49a5fcZJlYOLAp%2F2uOOU9B%2FDBGSUO3LGbXKQ1Rxh8ZXRckowuf7H28FdsSIa%2FvgOOttqI1%2B%2FgENo0zgVVogCcGZOgwv3owCm%2BuWY41p7QhktV20ps9A5FISHjLUhdB8zRfG07U%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baaf202083-NRT
content-length: 442
expires: Sat, 27 Jan 2024 03:03:16 GMT

GET
H2 200 step2.gif
www.bleepstatic.com/images/site/icons/steps/ 242 B
613 B 19ms
12ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/icons/steps/step2.gif
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccf8cf2000c24d05cf0ee07e617dbc85d6bd9d70910619de942fabc62fee783c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 96713
cf-polished: origFmt=gif, origSize=309
content-disposition: inline; filename="step2.webp"
content-length: 242
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Feb 2013 15:09:42 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jdLgyK3XRrtllLg%2BNbsgpKV6HDkFXZRY%2FXpgRtGPDUZ4im2vPVBlQ1ZtOgeCRkAHvItzY3%2FKKZHSjEC3JfKSTQs4ttwqvkp4ZA3lFo4Qltgz1sbdO32w9rXQdWTD9btRemUKP1M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baaf222083-NRT
expires: Fri, 26 Jan 2024 00:11:23 GMT

GET
H2 200 photo-thumb-844010.jpg
www.bleepingcomputer.com/forums/uploads/profile/ 3 KB
3 KB 198ms
192ms Image
image/jpeg 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-844010.jpg?_r=1416467043

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9dcf30654d309fb20f6de97f33da231a22df2d74b5c66bc84437ff9917fb2da

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: MISS
last-modified: Thu, 20 Nov 2014 07:04:03 GMT
server: cloudflare
etag: "cf8-50844eeef1ec0"
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab756857-NRT
content-length: 3320
expires: Sat, 27 Jan 2024 03:03:17 GMT

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/Minion%20Welcome.jpg
https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion+Welcome.jpg
https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-formattin...
https://accounts.google.com/InteractiveLogin?continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-formatting/Minion%2BWelcome.jpg&follo...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formattin...

0
0

49ms
48ms

Image
text/html

2404:6800:4004:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&ifkv=ASKXGp240npZE7NsbU8FY8DNG87qg1J3asWu0nNvvpLBWHRe1vbV98Pa8Gco_mUiUe7KvCMTkQgbZA&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385206373%3A1703732597579792&theme=glif
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H3
Server: 2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-gwYqS1mQJzRCHPGqKqOeJQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 478
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&ifkv=ASKXGp240npZE7NsbU8FY8DNG87qg1J3asWu0nNvvpLBWHRe1vbV98Pa8Gco_mUiUe7KvCMTkQgbZA&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385206373%3A1703732597579792&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 smile.png
www.bleepingcomputer.com/forums/public/style_emoticons/default/ 1014 B
1 KB 26ms
20ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/smile.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f39834f6bd6f36f1a3c67dfd46bc4703cc68d8b51ed762d59adba905c8ad68c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2163354
cf-polished: origSize=1042, status=vary_header_present
content-length: 1014
cf-bgj: imgq:85,h2pri
last-modified: Wed, 18 May 2011 11:51:58 GMT
server: cloudflare
etag: "412-4a38b840bf380"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab766857-NRT
expires: Tue, 02 Jan 2024 02:07:21 GMT

GET
H/1.1 200
OK /
ssl-proxy-updated.herokuapp.com/add8dfd5c2f239f63a69c080c17c5fa872485c37/687474703a2f2f666f72756d2e70726f6772616d6f73792e706c2f696d616765732f736d696c6965732f69636f6e5f6172726f772e676966/ 689 B
2 KB 1117ms
604ms Image
image/gif 18.211.231.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl-proxy-updated.herokuapp.com/add8dfd5c2f239f63a69c080c17c5fa872485c37/687474703a2f2f666f72756d2e70726f6772616d6f73792e706c2f696d616765732f736d696c6965732f69636f6e5f6172726f772e676966/

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.231.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-231-38.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

1a5a6b82298915e1c7042dc805fdac769f013e0596443d44c1b9727a3fb67cfc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Security-Policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 28 Dec 2023 03:03:17 GMT
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via: 1.1 vegur
Camo-Host: ssl-proxy-updated
Connection: keep-alive
Content-Length: 689
X-Xss-Protection: 1; mode=block
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1703732597&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=Uqm9OQFyCqeQ6Pi3uaCTBfJJQrwHhboz6p7FGwsjd2I%3D
Last-Modified: Sun, 11 Jan 2009 22:28:50 GMT
Server: Cowboy
Etag: "2b1-496a72a2-40418c5;;;"
X-Frame-Options: deny
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1703732597&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=Uqm9OQFyCqeQ6Pi3uaCTBfJJQrwHhboz6p7FGwsjd2I%3D"}]}
Content-Type: image/gif
Cache-Control: public, max-age=604800
Expires: Thu, 04 Jan 2024 03:03:17 GMT

GET
H/1.1 200
OK /
ssl-proxy-updated.herokuapp.com/ace9472fb3975e52ffe8d47fdedd8095310b1d23/687474703a2f2f666f72756d2e70726f6772616d6f73792e706c2f696d616765732f736d696c6965732f69636f6e5f696465612e676966/ 1 KB
2 KB 1117ms
604ms Image
image/gif 18.211.231.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl-proxy-updated.herokuapp.com/ace9472fb3975e52ffe8d47fdedd8095310b1d23/687474703a2f2f666f72756d2e70726f6772616d6f73792e706c2f696d616765732f736d696c6965732f69636f6e5f696465612e676966/

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.231.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-231-38.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

e1ad7f5257de0d0742a2542df4645d783585055bba1de42b1d94cbd3f2584ab8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Security-Policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 28 Dec 2023 03:03:17 GMT
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via: 1.1 vegur
Camo-Host: ssl-proxy-updated
Connection: keep-alive
Content-Length: 1044
X-Xss-Protection: 1; mode=block
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1703732597&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=Uqm9OQFyCqeQ6Pi3uaCTBfJJQrwHhboz6p7FGwsjd2I%3D
Last-Modified: Sun, 11 Jan 2009 22:26:45 GMT
Server: Cowboy
Etag: "414-496a7225-40418d9;;;"
X-Frame-Options: deny
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1703732597&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=Uqm9OQFyCqeQ6Pi3uaCTBfJJQrwHhboz6p7FGwsjd2I%3D"}]}
Content-Type: image/gif
Cache-Control: public, max-age=604800
Expires: Thu, 04 Jan 2024 03:03:17 GMT

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif
https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/farbar-recovery-scan-tool/FR...
https://accounts.google.com/InteractiveLogin?continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/farbar-recovery-scan-tool/FRST.gif&followup=https://site...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFR...

0
0

54ms
53ms

Image
text/html

2404:6800:4004:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&ifkv=ASKXGp2KrOxKNjEEK_QewIaGC12OFbhTUUTA2ZwzCWGnq2hd2ZW4tRieb-mFzxnhUgY9uqpm_EwV6g&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S520891970%3A1703732598573617&theme=glif
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 28 Dec 2023 03:03:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-drYqMam6N4vAJL-jO7OABw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 470
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&ifkv=ASKXGp2KrOxKNjEEK_QewIaGC12OFbhTUUTA2ZwzCWGnq2hd2ZW4tRieb-mFzxnhUgY9uqpm_EwV6g&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S520891970%3A1703732598573617&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path=%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg
https://accounts.google.com/ServiceLogin?service=jotspot&passive=1209600&continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-tools/Run...
https://accounts.google.com/InteractiveLogin?continue=https://sites.google.com/site/sites/system/errors/WebspaceNotFound?path%3D/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg&followup=https:/...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FR...

0
0

52ms
52ms

Image
text/html

2404:6800:4004:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&ifkv=ASKXGp12EJft54M2O0clXiWPe0nJOeD3vFfIPt9rrOAXuKsECJ5OnunCXX_dMPiksCd-dBRoiBouVg&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-33114427%3A1703732598355181&theme=glif
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 28 Dec 2023 03:03:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-jvceJyF9ubdEWrXtLYoLgw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 465
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&ifkv=ASKXGp12EJft54M2O0clXiWPe0nJOeD3vFfIPt9rrOAXuKsECJ5OnunCXX_dMPiksCd-dBRoiBouVg&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-33114427%3A1703732598355181&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

404

staff.png
www.malwarebytes.com/images/
Redirect Chain

https://www.malwarebytes.org/images/staff.png
https://www.malwarebytes.com/images/staff.png

0
0

294ms
160ms

Image
text/html

192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwarebytes.com/images/staff.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Server: 192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Wed, 27 Dec 2023 09:24:59 GMT
via: 1.1 b837267595110a1135bf4fb036d71e1e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: LAX50-C1
age: 63498
x-cache: Hit from cloudfront
location: https://www.malwarebytes.com/images/staff.png
cache-control: max-age=86400
content-length: 0
x-amz-cf-id: W1jWdaHF-dRXXX546oJa5L9BV-rZwk_HPj6lCWq6duqpxbvlhv8wAw==

GET
H/1.1 200
OK /
ssl-proxy-updated.herokuapp.com/3e63f1ccc8c1103ef9d3f967a41438855c6008fc/687474703a2f2f75702e70726f6772616d6f73792e706c2f666f746f2f636b7363616e6e65722e6a7067/ 816 B
2 KB 1381ms
868ms Image
image/jpeg 18.211.231.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl-proxy-updated.herokuapp.com/3e63f1ccc8c1103ef9d3f967a41438855c6008fc/687474703a2f2f75702e70726f6772616d6f73792e706c2f666f746f2f636b7363616e6e65722e6a7067/

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.231.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-231-38.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

c14ae7cb53b0ac633d320695598595bb9425b7ed1678612f2e33a082a4b49ad9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Security-Policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 28 Dec 2023 03:03:18 GMT
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via: 1.1 vegur
Camo-Host: ssl-proxy-updated
Connection: keep-alive
Content-Length: 816
X-Xss-Protection: 1; mode=block
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1703732597&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=Uqm9OQFyCqeQ6Pi3uaCTBfJJQrwHhboz6p7FGwsjd2I%3D
Last-Modified: Sat, 24 May 2014 15:24:58 GMT
Server: Cowboy
Etag: "330-5380b9ca-4c9174d8;;;"
X-Frame-Options: deny
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1703732597&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=Uqm9OQFyCqeQ6Pi3uaCTBfJJQrwHhboz6p7FGwsjd2I%3D"}]}
Content-Type: image/jpeg
Cache-Control: public, max-age=604800
Expires: Thu, 04 Jan 2024 03:03:18 GMT

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 575 B
686 B 24ms
19ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe9d30276e3d66a71219ad2b0ed5a9663020a5c534557dd0f5c8ba71da4ebd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2517927
cf-polished: status=not_needed
content-length: 575
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "23f-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab776857-NRT
expires: Thu, 28 Dec 2023 23:37:49 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 56 KB
22 KB 97ms
54ms Script
text/javascript 2404:6800:4004:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:808::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 03:03:15 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21930
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "198f19c141a8a438"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:03:15 GMT

GET
H2 200 digg.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 357 B
493 B 23ms
19ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/digg.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f33585b10bb5487bd6c92f53018de62cb147ab48b829334b7f97437015aae557

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1558577
cf-polished: origSize=431, status=vary_header_present
content-length: 357
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "1af-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab786857-NRT
expires: Tue, 09 Jan 2024 02:06:59 GMT

GET
H2 200 delicious.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 305 B
471 B 21ms
17ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/delicious.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9f912b0e7a50c12745f52ec2848dce5b779369999c6d35e6c297c713ce53d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1558577
cf-polished: origSize=308, status=vary_header_present
content-length: 305
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "134-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab796857-NRT
expires: Tue, 09 Jan 2024 02:06:59 GMT

GET
H2 200 reddit.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 611 B
834 B 38ms
34ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/reddit.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9019adc6ec44d2cd4f38c97b8319b0ae8da8f03b3bd646d4f86707f23f8935a0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 677770
cf-polished: origSize=614, status=vary_header_present
content-length: 611
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "266-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab7a6857-NRT
expires: Fri, 19 Jan 2024 06:47:06 GMT

GET
H2 200 stumble.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 458 B
600 B 22ms
18ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/stumble.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e2a136c594c939d55752e9abb70e6cc550b10bc3bc350c0d46d23d5947c20d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2444424
cf-polished: origSize=519, status=vary_header_present
content-length: 458
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "207-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab7b6857-NRT
expires: Fri, 29 Dec 2023 20:02:52 GMT

GET
H2 200 email.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 481 B
705 B 23ms
19ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/email.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

453d30f69cc2a6f3013254a0faed039d49cf9c5b004d5482fb5365e99702c149

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1473560
cf-polished: origSize=530, status=vary_header_present
content-length: 481
cf-bgj: imgq:85,h2pri
last-modified: Thu, 04 Feb 2010 11:47:46 GMT
server: cloudflare
etag: "212-47ec4e74b3c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab7d6857-NRT
expires: Wed, 10 Jan 2024 01:43:55 GMT

GET
H2 200 print.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 268 B
381 B 41ms
38ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/print.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6aeb9f7542993c71c548ac254766824ef86c68f0d6fa13f293bd016b9cfc9dc6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2335336
cf-polished: origSize=409, status=vary_header_present
content-length: 268
cf-bgj: imgq:85,h2pri
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
etag: "199-4857b96a96c80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab7f6857-NRT
expires: Sun, 31 Dec 2023 02:21:00 GMT

GET
H2 200 download.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 646 B
794 B 21ms
18ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/download.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386f87a6e6fcb89c6b046f988d18def949d1cc1f6a9fa4177858aa11da7a5bda

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2529129
cf-polished: status=not_needed
content-length: 646
cf-bgj: imgq:85,h2pri
last-modified: Fri, 12 Feb 2010 14:33:56 GMT
server: cloudflare
etag: "286-47f6828485d00"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab806857-NRT
expires: Thu, 28 Dec 2023 20:31:07 GMT

GET
H2 200 prettify.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 14 KB
7 KB 716ms
716ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/prettify.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f48d85c6ea701e417a857cd9292de12c2c0ff795c5ba45f7127c51cc6a97cf3d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
etag: W/"38d7-4dddda0323b00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b21c7c6857-NRT

GET
H2 200 lang-sql.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 2 KB
1 KB 702ms
702ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/lang-sql.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a046e88b3c0aefbb2323ff3df78856878784ec501eb11ff53ab705fd0834c43

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
etag: W/"70a-4dddda0323b00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b2bd146857-NRT

GET
H2 200 top.png
www.bleepingcomputer.com/forums/public/style_images/master/ 145 B
280 B 26ms
22ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/top.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db311c11353d5628e6e28d260bca9b8935b23440964d7c6bc4914edcda08472a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2099358
cf-polished: origSize=207, status=vary_header_present
content-length: 145
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Jun 2011 17:25:44 GMT
server: cloudflare
etag: "cf-4a54abe32b600"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab816857-NRT
expires: Tue, 02 Jan 2024 19:53:58 GMT

GET
H2 200 feed.png
www.bleepingcomputer.com/forums/public/style_images/master/ 680 B
791 B 24ms
21ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/feed.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9320021507b35e189d2190eea673cbc21f7d368f6ecbfb5dc89d773a28cd015d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2099358
cf-polished: status=not_needed
content-length: 680
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "2a8-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab836857-NRT
expires: Tue, 02 Jan 2024 19:53:58 GMT

GET
H2 200 lightbox.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 10 KB
3 KB 690ms
690ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/lightbox.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c906bdc3a71888b9fc63bea64c63afd45676a5de1139fa5388b1b17c989178d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 15 Nov 2020 22:30:01 GMT
server: cloudflare
etag: W/"27f3-5b42ccd71fd03-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b698096857-NRT

GET
H/1.1 200
OK 3687X620620.skimlinks.js Show response
s.skimresources.com/js/ 42 KB
16 KB 169ms
5ms Script
application/octet-stream 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/3687X620620.skimlinks.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: ab77e2587d8e6251a1fc4517cb1d0f48a94abc948521fb684b503c06749bd21c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:03:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jun 2023 15:01:03 GMT
Server: AmazonS3
x-amz-request-id: GMYJJX4D0FN4AHTG
ETag: "67ee271babdb3af941dd731eb4dbb7d4"
X-HW: 1703732596.cds236.tk2.hn,1703732596.cds216.tk2.c
Content-Type: application/octet-stream
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15578
x-amz-id-2: CxJU2Z7OkW9OROoQ1pa1Yywhy4IChJE+l761RDFMubIxzecxWZV87+JhS8MI70GVcIbryRf+qbo=

GET
H2 200 ips.quickpm.js Show response
www.bleepingcomputer.com/forums/public/js/ 7 KB
2 KB 701ms
700ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.quickpm.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=cb53151ab62e5d8ff023919d3e70b208&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3c511c542343b5cb0d2bedfdf92b8d53ff26fcf3c91f2804a277503b2c4d45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
etag: W/"1c8a-4dddda0323b00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b61f686857-NRT

GET
H2 200 ips.hovercard.js Show response
www.bleepingcomputer.com/forums/public/js/ 12 KB
4 KB 720ms
719ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.hovercard.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=cb53151ab62e5d8ff023919d3e70b208&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e177a1bde76bb6f5e522ac01d3e9cb30567ea8c970ed5a65a363d7364ea3b5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
etag: W/"3120-4dddda0323b00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b61f696857-NRT

GET
H2 200 ips.sharelinks.js Show response
www.bleepingcomputer.com/forums/public/js/ 6 KB
2 KB 718ms
717ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.sharelinks.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=cb53151ab62e5d8ff023919d3e70b208&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f7381b30323b432ee308d5de7052ee4205398aacc552f9118eb4e2d910b73fb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
etag: W/"16ed-4dddd9fb82900-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b61f6a6857-NRT

GET
H2 200 ips.topic.js Show response
www.bleepingcomputer.com/forums/public/js/ 45 KB
10 KB 718ms
718ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.topic.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=cb53151ab62e5d8ff023919d3e70b208&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d62080b79e1ebaccbef2084363bca746504e03700b6f439e2e614a73af19828

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Tue, 29 Dec 2015 18:39:43 GMT
server: cloudflare
etag: W/"b255-5280dbeb879c0-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b61f6b6857-NRT

GET
H2 200 ips.like.js Show response
www.bleepingcomputer.com/forums/public/js/ 6 KB
2 KB 693ms
693ms Script
application/javascript 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.like.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=cb53151ab62e5d8ff023919d3e70b208&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b2529ef68fffedbba19ce16a724f3c444e72950126aa38837ff48be704a666c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
etag: W/"188f-4dddd9fb82900-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 83c691b61f6c6857-NRT

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 51 KB
19 KB 173ms
28ms Script
application/javascript 2606:4700::6812:14ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c86ba948e061cb417b899d7fbf72df56c3d26b897041a13868f9f7fa81a82b3

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 490673
x-guploader-uploadid: ABPtcPqY9aYkQZSFWlAGlm6INlFQsL2MBtk3_N44_JqCxpwdpX7KLmXfIlF457aFmcsPM2-vASQwxfdTKw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Wed, 20 Dec 2023 19:06:03 GMT
server: cloudflare
etag: W/"9736e4cdfa887ed345a431219d60b454"
vary: Accept-Encoding
x-goog-hash: crc32c=VlOZLQ==, md5=lzbkzfqIftNFpDEhnWC0VA==
x-goog-generation: 1703099163822575
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=1800
x-goog-stored-content-length: 52327
cf-ray: 83c691bb88e6e362-NRT
link: <https://d.pub.network/v2/sites/bleepingcomputer-com/configs?env=PROD>; rel="preload"; as="fetch"; crossorigin="use-credentials", <https://optimise.net>; rel="preconnect", <https://api.floors.dev>; rel="preconnect"
expires: Thu, 28 Dec 2023 03:33:17 GMT

GET
H2 200 fab.js Show response
ecdn.analysis.fi/static/js/ 4 KB
2 KB 150ms
3ms Script
application/javascript 13.33.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-174-105.nrt57.r.cloudfront.net
Software: Apache/2.4.54 (Debian) /
Resource Hash: d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:00:33 GMT
content-encoding: gzip
via: 1.1 53d9d56dd0a523b5894842ad66a68756.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT57-C2
age: 164
x-cache: Hit from cloudfront
content-length: 1696
last-modified: Mon, 07 Aug 2023 11:07:01 GMT
server: Apache/2.4.54 (Debian)
etag: "1090-602533ee4ff40-gzip"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: a4wRtICA2G-EnaVcGiki5on_CXA6ML7Zv186hlnPiXKo-xojbpvQQQ==

GET
H/1.1 200
OK fi_client.js Show response
ecdn.firstimpression.io/ 349 KB
92 KB 72ms
4ms Script
application/javascript 99.84.55.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ecdn.firstimpression.io/fi_client.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.84.55.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-55-102.nrt20.r.cloudfront.net

Software

Apache/2.4.54 (Debian) / PHP/8.2.0

Resource Hash

3377089d83c689c748f262a49f5dee88f158fe8380e482204d9fff568c80a0b2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 02:13:36 GMT
Content-Encoding: br
Via: 1.1 e799d090941c58e2047ed3ec40553f52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: NRT20-C3
Age: 2981
X-Powered-By: PHP/8.2.0
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 0
Last-Modified: Thu,28 Dec 2023 02:13:36 UTC
Server: Apache/2.4.54 (Debian)
ETag: W/"5df1eaf07edcfa9c4a31ab516ac937a4"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
X-Amz-Cf-Id: 5YFA6j91jeNHy1XR24wfguanq7tFCFf5ED32djYNAAYXuru2Lt0-WA==

GET
H2 200 ipb_print.css
www.bleepingcomputer.com/forums/public/style_css/css_7/ 3 KB
1 KB 705ms
703ms Stylesheet
text/css 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/css_7/ipb_print.css

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20d00db7eba3ff7c68842af57d33e82edfbc2082aec5c11e06a00d710e812e9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-security-policy: upgrade-insecure-requests;
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 14 Dec 2022 03:24:28 GMT
server: cloudflare
etag: W/"c56-5efc1463265b4-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=18000
cf-ray: 83c691baab8c6857-NRT

GET
H2 200 user_navigation.png
www.bleepingcomputer.com/forums/public/style_images/master/ 189 B
354 B 25ms
23ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/user_navigation.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e6274abac1820c8bd99f826cf35a60aeaa56b962500486acc5665f98005031e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2335336
cf-polished: origSize=282, status=vary_header_present
content-length: 189
cf-bgj: imgq:85,h2pri
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
etag: "11a-49d6c2153a000"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab846857-NRT
expires: Sun, 31 Dec 2023 02:21:00 GMT

GET
H2 200 advanced_search.png
www.bleepingcomputer.com/forums/public/style_images/master/ 261 B
403 B 27ms
25ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/advanced_search.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14dcce7abfc690cecd57a737a8af6fd712c2b7fec668b772d9f014f6ded77ef8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2529129
cf-polished: origSize=293, status=vary_header_present
content-length: 261
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "125-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab856857-NRT
expires: Thu, 28 Dec 2023 20:31:07 GMT

GET
H2 200 search_icon.png
www.bleepingcomputer.com/forums/public/style_images/master/ 202 B
337 B 22ms
20ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/search_icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 1558577
cf-polished: origSize=223, status=vary_header_present
content-length: 202
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "df-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab866857-NRT
expires: Tue, 09 Jan 2024 02:06:59 GMT

GET
H2 200 icon_quicknav.png
www.bleepingcomputer.com/forums/public/style_images/master/ 489 B
608 B 25ms
24ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_quicknav.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1731db9016f326daff11d0045c86fd068ec9e72cc4c6ec56a7c856a3a3d28c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2335336
cf-polished: status=not_needed
content-length: 489
cf-bgj: imgq:85,h2pri
last-modified: Fri, 01 Jul 2011 10:17:42 GMT
server: cloudflare
etag: "1e9-4a6ff53f0bd80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab886857-NRT
expires: Sun, 31 Dec 2023 02:21:00 GMT

GET
H2 200 topic_button_closed.png
www.bleepingcomputer.com/forums/public/style_images/master/ 168 B
340 B 22ms
20ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/topic_button_closed.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e58ef84b3994aa5d6238df46b20e480c270cdd6094a41166583f7491665152a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 341611
cf-polished: origSize=251, status=vary_header_present
content-length: 168
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Apr 2011 17:38:04 GMT
server: cloudflare
etag: "fb-4a15d163d7700"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab896857-NRT
expires: Tue, 23 Jan 2024 04:09:45 GMT

GET
H2 200 maintitle.png
www.bleepingcomputer.com/forums/public/style_images/master/ 192 B
327 B 33ms
31ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/maintitle.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85a2c5bd701224851deca6029998517a35d091922217a90241fd0c7f244e8f11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:16 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2335336
cf-polished: origSize=295, status=vary_header_present
content-length: 192
cf-bgj: imgq:85,h2pri
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
etag: "127-49d6c2153a000"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691baab8a6857-NRT
expires: Sun, 31 Dec 2023 02:21:00 GMT

GET
H2 200 connatix.playspace.js Show response
cd.connatix.com/ Frame 279F 8 KB
4 KB 78ms
16ms Script
application/javascript 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cd.connatix.com/connatix.playspace.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5785c2e0f447816027486eef1d3112f5b764b22551aa526fbae4c98b002f658

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 83c691bc1bf425ff-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 10ms
3ms Script
application/x-javascript 2a03:2880:f00f:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ffee16547d584e1a6d338cbd36195fec4e4d12837e5f3794f2d7e07ab63f2317

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 03:03:17 GMT
content-md5: oN/vpvuj6ZZQeMUs6bThjg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
reporting-endpoints
x-fb-debug: vRcNsD8YjFgo+vfNyLRVWK17aNaZ+vtXF3F3l22DKmtLgJEUEWud0FMsEC466/bzWA45FJyA1kl0Bp8dvw360A==
x-fb-content-md5: 29422939925c9c2587531e2278e4e67e
cross-origin-opener-policy: same-origin-allow-popups
etag: "651ae3b8477e55b3277c78993bddf031"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:14:58 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/ 158 KB
55 KB 4ms
3ms Script
text/javascript 2404:6800:4004:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:808::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb1609e85d8370b7259775c76a2ba7456ee2ed72cb45cb68e59f14d3a6b0a0a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 23 Dec 2023 10:42:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 404449
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55872
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 19:05:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 22 Dec 2024 10:42:28 GMT

GET
H2 200 icon_warning.png
www.bleepingcomputer.com/forums/public/style_images/master/ 268 B
470 B 16ms
14ms Image
image/png 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_warning.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5028e223096a25034d4d95863f89374a4b205e86354c5e4461e00272e7fab4d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 343179
cf-polished: origSize=408, status=vary_header_present
content-length: 268
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Apr 2011 21:00:34 GMT
server: cloudflare
etag: "198-4a15fea6fc080"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691bb8c3a6857-NRT
expires: Tue, 23 Jan 2024 03:43:38 GMT

POST
H2 200 / Show response
r.skimresources.com/api/ 206 B
397 B 128ms
77ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.19.9.1 /

Resource Hash

526289b9ab7fb45c5d39463b46c7884778c00565f868548e953a511477705c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: openresty/1.19.9.1
via: 1.1 google
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame DECD 0
123 B 275ms
81ms Image
text/plain 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6230140835449425
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
cache-control: private, no-store
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain

GET
H2 200 px.gif
p.skimresources.com/ 43 B
267 B 100ms
82ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=1.6713400356995944
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
93 B 81ms
80ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=1.6713400356995944
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 configs
d.pub.network/v2/sites/bleepingcomputer-com/ 74 KB
7 KB 63ms
51ms Other
application/json 34.160.152.31
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/v2/sites/bleepingcomputer-com/configs?env=PROD
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 31.152.160.34.bc.googleusercontent.com
Software: /
Resource Hash: e8d61b3c986ed1185b6fc5a110ccae33ee42e2bd8f0785901fa67d20513f54cf

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 loading.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 2 KB
2 KB 12ms
11ms Image
image/gif 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/loading.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 677770
cf-polished: origSize=2767, status=vary_header_present
content-length: 1588
cf-bgj: imgq:85,h2pri
last-modified: Thu, 18 Dec 2008 14:27:04 GMT
server: cloudflare
etag: "acf-45e52fc88de00"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691bbec786857-NRT
expires: Fri, 19 Jan 2024 06:47:07 GMT

GET
H2 200 closelabel.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 471 B
636 B 18ms
17ms Image
image/gif 104.20.59.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/closelabel.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-security-policy: upgrade-insecure-requests;
cf-cache-status: HIT
age: 2428179
cf-polished: origSize=483, status=vary_header_present
content-length: 471
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
etag: "1e3-485b90722ae80"
vary: User-Agent, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 83c691bbfc7a6857-NRT
expires: Sat, 30 Dec 2023 00:33:38 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/ 97 KB
34 KB 4ms
3ms Script
text/javascript 2404:6800:4004:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_1?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4004:808::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30f3855dafef7d28d65e1969f2d8c7c651b92f590fb2946f80c818064742745b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 03:37:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84350
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34350
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 19:05:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Dec 2024 03:37:27 GMT

GET

/
developers.google.com/ Frame 6F41
Redirect Chain

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F55...
https://developers.google.com/

0
0

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 49ms
3ms Image
image/x-icon 172.217.26.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.26.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt12s51-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 12:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52215
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 12:33:02 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 990 B
1 KB 15ms
2ms Image
image/svg+xml 23.40.153.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.153.132 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-40-153-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Sat, 27 Jan 2024 03:03:17 GMT
date: Thu, 28 Dec 2023 03:03:17 GMT
last-modified: Tue, 05 Dec 2023 07:28:21 GMT
server: AkamaiNetStorage
etag: "5ab8e16b5f46213840bcd403e349419c:1701762077.100249"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 990
access-control-request-headers: X-OB-STG,X-OB-PRD

GET
H2 200 6156d0cce9f4b89727f9c6f4c5513b2 Show response
functionalfeather.com/files/f580523/ 68 KB
24 KB 230ms
42ms Script
text/javascript 2600:1901:0:7416::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://functionalfeather.com/files/f580523/6156d0cce9f4b89727f9c6f4c5513b2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

6f0bafa37c6f5dbd1d92d91eb3b235eb0c5e2320d4b376b591a8750c786fb1ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Thu, 28 Dec 2023 03:03:17 GMT
x-datacenter: gce-asia-east1
etag: "4a4245115a7622ea4d0274532fa514b0b6dd1e05a8c6e6a73b4b30848340bf71"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-asia-east1-6340
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 1072352451
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 304 KB
86 KB 6ms
3ms Script
application/x-javascript 2a03:2880:f00f:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=d32858404cb64734766259bac94dd4b9

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

578e85a00d2097636113b5d4ff37047e17a85af0c5dc1b63cfebc7787d986ecc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 03:03:17 GMT
content-md5: sxeJUDEu0qN4xme0uNbHhg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87803
reporting-endpoints
x-fb-debug: WAYgO8nEHJLtN2eWCvZ9txCW70w6+PglQRxVs0y8rDCMEREMlm32R77WD/seSt+58Cmf0nbcR7gSlgU4QGRRRg==
x-fb-content-md5: e072127b9303f9c542d196ad23708793
cross-origin-opener-policy: same-origin-allow-popups
etag: "9f34bc8288a098968c8139e0d435aca8"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 Dec 2024 02:31:56 GMT

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 635A 565 B
877 B 140ms
99ms Document
text/html 2404:6800:4004:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_1?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8342fbc0994dc70bfcd5b86b060eed1a1ff51b89585edf3eb57836a64b3d1f6e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1RfizLoS6MFYbLyA7N4_nA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport require-trusted-types-for 'script';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-1RfizLoS6MFYbLyA7N4_nA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport require-trusted-types-for 'script';report-uri /o/cspreport
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Thu, 28 Dec 2023 03:03:17 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 46ms
45ms Script
application/javascript 2404:6800:4004:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GD465VRQLD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:824::2008 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9fc658aa5b54caa553788aefb4a4dd4df8131bd606477cbdc6267c7caf1f4d75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93892
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Dec 2023 03:03:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 48ms
2ms Script
text/javascript 2404:6800:4004:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 02:42:49 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1228
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 28 Dec 2023 04:42:49 GMT

OPTIONS
H2 200 /
optimise.net/ Frame 0
0 61ms
42ms Preflight 34.111.152.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://optimise.net/?k=0&d=bleepingcomputer.com&t=desktop

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.152.111.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload;

Request headers

Accept: */*
Access-Control-Request-Headers: x-api-key
Access-Control-Request-Method: GET
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
access-control-allow-methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: fs-client-rtt
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
date: Thu, 28 Dec 2023 03:03:17 GMT
expires: 0
fs-client-rtt: 2
pragma: no-cache
strict-transport-security: max-age=31536000;includeSubDomains;preload;
via: 1.1 google

GET
H3 200 / Show response
optimise.net/ 6 KB
6 KB 12ms
4ms Fetch
application/json 34.111.152.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://optimise.net/?k=0&d=bleepingcomputer.com&t=desktop

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.152.111.34.bc.googleusercontent.com

Software

Resource Hash

abe3e45856ae3f4fa0971868d7733796c88bc2b83de2d91f2dc00d491a661dd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload;

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
x-api-key: 4e799501-b8b6-4ef1-bad5-225b3dd1aa8d

Response headers

strict-transport-security: max-age=31536000;includeSubDomains;preload;
via: 1.1 google
date: Thu, 28 Dec 2023 03:02:43 GMT
fs-client-rtt: 3
age: 34
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5769
pragma: no-cache
access-control-max-age: 3600
access-control-allow-methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: fs-client-rtt
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
expires: 0

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 59ms
5ms Script
application/javascript 18.172.52.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.52.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-52-40.nrt20.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:02:29 GMT
content-encoding: gzip
via: 1.1 b101a9331666b8f65bfdfc26e686a81e.cloudfront.net (CloudFront)
last-modified: Thu, 07 Dec 2023 12:13:41 GMT
server: AmazonS3
x-amz-cf-pop: NRT20-P2
age: 4210
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ICjopcw8mZNmcTCX4_NlVdhgj8T4Fr_TDmZREYjt67PlDnoSz3_tNA==

GET
H2 200 pubfig.engine.js Show response
a.pub.network/core/pubfig/5.28.1/ 364 KB
110 KB 13ms
12ms Script
application/javascript 2606:4700::6812:14ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/5.28.1/pubfig.engine.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb749a0d19b2e271d07ee67bbef154d49dfef1b47bf22bc76fe3d52bc6cd9d8f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 491521
x-guploader-uploadid: ABPtcPpW-aGKQnF7qfD-ydvuF7cSGtEoHIrpn2zFXs91y8SL8GD9HAlkVSNGcWneaTNomE3jIcFZ4xHWyw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
last-modified: Tue, 19 Dec 2023 23:24:07 GMT
server: cloudflare
etag: W/"3b92c479cca7a7c9b5ae59d09dd55ea8"
vary: Accept-Encoding
x-goog-generation: 1703028247576078
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=RvBmeA==, md5=O5LEecynp8m1rlnQndVeqA==
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 373139
cf-ray: 83c691bca9ffe362-NRT
expires: Thu, 28 Dec 2023 04:03:17 GMT

GET
H2 200 connatix.playspace.js Show response
cds.connatix.com/p/399327/ Frame 279F 1 MB
304 KB 41ms
23ms Script
application/javascript 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/399327/connatix.playspace.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ad2e543195b6a0dd0a8cd93b61fdd4b20f5e86a4d4fecf1d13da49a2c0ecc7f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
x-amz-version-id: rl1dDssb5Ye6XR8_ewbPZYmg8YWlIIvr
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Dec 2023 10:09:10 GMT
server: cloudflare
etag: W/"5d4377e147e947ea7e0547f92451ff9c"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 83c691bd7d6625ff-NRT
access-control-allow-headers: range
expires: Fri, 27 Dec 2024 03:03:17 GMT

GET
H/1.1 200
OK spc_fi.php Show response
cdn.firstimpression.io/delivery/ 39 KB
8 KB 484ms
462ms XHR
application/json 99.84.55.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.firstimpression.io/delivery/spc_fi.php?id=5971&url=%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&charset=windows-1252&ch=12&ref=www.bleepingcomputer.com&viewerId=null&referer=&_firid=33559104
Requested by: Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.55.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-55-28.nrt20.r.cloudfront.net
Software: Apache/2.4.38 (Debian) /
Resource Hash: c361bb64cdee28346ef0fddc37f359204bccd9a7559a65401b905092af76514a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:03:17 GMT
Content-Encoding: gzip
Via: 1.1 67ca433c54bbb58bbc14d109449a1b64.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: NRT20-C3
X-Cache: Miss from cloudfront
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: keep-alive
Content-Length: 7807
Pragma: no-cache
Server: Apache/2.4.38 (Debian)
Vary: Accept-Encoding
Content-Type: application/json; charset=windows-1252
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
X-Amz-Cf-Id: qox_aiM1vnM6ApIpdksyjmwfG7ahwH750GkwpPcOyziBvPLEEOui8Q==
Expires: 0

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
79 B 157ms
82ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.11 aiohttp/3.8.6 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.11 aiohttp/3.8.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
382 B 156ms
82ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.11 aiohttp/3.8.6 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.11 aiohttp/3.8.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
warning: 299 - "Deprecated API"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H3 200 api Show response
ls.skimresources.com/ 2 B
22 B 241ms
236ms XHR
application/json 34.120.117.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ls.skimresources.com/api

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.117.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

212.117.120.34.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.6 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: application/json

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 206 api
ls.skimresources.com/ Frame 0
0 267ms
77ms Preflight
text/plain 34.120.117.212
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.skimresources.com/api
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.117.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 212.117.120.34.bc.googleusercontent.com
Software: Python/3.10 aiohttp/3.8.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain charset=UTF-8
date: Thu, 28 Dec 2023 03:03:17 GMT
server: Python/3.10 aiohttp/3.8.6
via: 1.1 google

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 163ms
157ms Fetch
text/plain 2a03:2880:f10f:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=942111685863795&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=d32858404cb64734766259bac94dd4b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f10f:83:face:b00c:0:25de Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), keyboard-map=()
strict-transport-security: max-age=15552000; preload
date: Thu, 28 Dec 2023 03:03:17 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
pragma: no-cache
x-fb-debug: 8eTtr6Nul/qjT45H22SgnE0EgvJSvyt4nx+URnTbGsLpDn7EYLdASTzutA4eyQM84pR49P6szWQvKDos7KtPbg==
fb-s: unknown
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 130ms
79ms Script
text/javascript 2404:6800:4004:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/pubfig/5.28.1/pubfig.engine.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:811::2002 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73d4b1a27d169f087f3af43923090fef3024d82ef32e023eaaa49716246e4f0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29386
x-xss-protection: 0
server: cafe
etag: 754 / 19719 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:03:17 GMT

GET
H2 200 prebid-analytics-8.27.0.js Show response
a.pub.network/core/ 687 KB
219 KB 18ms
17ms Script
text/javascript 2606:4700::6812:14ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-8.27.0.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/5.28.1/pubfig.engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 557bf30969f492df644712654641e08fb5ae880a9913bcfce4b0c4910592e73b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 59517
x-guploader-uploadid: ABPtcPr3Er7b3LbYaCJkdfvvSCBlFOD8G71TVKsVMV1iONMkTtNDt_r8j3iLe3qUyPguVsosF_I
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
last-modified: Thu, 14 Dec 2023 17:02:40 GMT
server: cloudflare
etag: W/"7e0c4234982f9ce38492007cc357beca"
vary: Accept-Encoding
x-goog-hash: crc32c=meKL5Q==, md5=fgxCNJgvnOOEkgB8w1e+yg==
x-goog-generation: 1702573360105265
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 703135
cf-ray: 83c691bcfa4de362-NRT
expires: Fri, 29 Dec 2023 03:03:17 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
212 B 42ms
41ms XHR
text/plain 2404:6800:4004:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=811939330&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&ul=en-us&de=windows-1252&dt=Computer%20infected%20w%2F%20rootkit%20from%20Gmer%20scan%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=931713332&gjid=444542267&cid=640960966.1703732597&tid=UA-91740-1&_gid=387919002.1703732597&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma=0&jsscut=1&z=137056732

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 42ms
42ms Ping
text/plain 2404:6800:4004:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-GD465VRQLD&gtm=45je3bt0v878037826&_p=1703732596897&gcd=11l1l1l1l1&dma=0&cid=640960966.1703732597&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1703732597&sct=1&seg=0&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&dt=Computer%20infected%20w%2F%20rootkit%20from%20Gmer%20scan%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&en=page_view&_fv=1&_ss=1&tfd=3904
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GD465VRQLD&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4004:824::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 cspreport
accounts.google.com/o/ Frame 635A 0
230 B 99ms
98ms Other
text/html 2404:6800:4004:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/cspreport

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'report-sample' 'nonce-eYiBUxw2u9aXlH38xaqSyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'report-sample' 'nonce-eYiBUxw2u9aXlH38xaqSyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 478691279-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 635A 12 KB
6 KB 46ms
2ms Script
text/javascript 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/478691279-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dba668b49a111527aac8f616b9053ea57c944e01a84ebdcd02a13da921223384

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 12:35:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52046
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5186
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 21:07:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
vary: Accept-Encoding
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Dec 2024 12:35:51 GMT

GET
H3 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 635A 18 KB
7 KB 56ms
56ms Script
text/javascript 2404:6800:4004:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4004:808::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fc0b1526533002c956ebf8e8c42c3ad3f96c41ace73fb4063cc89051944831

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 03:03:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "82744994a59c0fbb"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:03:17 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1703732597390&ns_c=windows-1252&cs_ucfr=&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fc...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1703732597390&ns_c=windows-1252&cs_ucfr=&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2F...

0
224 B

450ms
449ms

Image
text/plain

18.172.52.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1703732597390&ns_c=windows-1252&cs_ucfr=&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&c8=Computer%20infected%20w%2F%20rootkit%20from%20Gmer%20scan%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&c9=
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Server: 18.172.52.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-52-40.nrt20.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
via: 1.1 b101a9331666b8f65bfdfc26e686a81e.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: NRT20-P2
x-amz-cf-id: 12sAyF3eUqV6MqWd_3sqS4BHs0WjF3vOuOias078zftOgnUHirbRJg==
x-cache: Miss from cloudfront

Redirect headers

date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 b101a9331666b8f65bfdfc26e686a81e.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: NRT20-P2
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1703732597390&ns_c=windows-1252&cs_ucfr=&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&c8=Computer%20infected%20w%2F%20rootkit%20from%20Gmer%20scan%20-%20Virus%2C%20Trojan%2C%20Spyware%2C%20and%20Malware%20Removal%20Help&c9=
content-length: 0
x-amz-cf-id: _-qnYBzlEyInhTZXv7FhXV-t0ZaavPhc_Yozk4Mnv2KmhfYcFYql_Q==

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/ Frame 635A 65 KB
23 KB 4ms
3ms Script
text/javascript 2404:6800:4004:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4004:808::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

639d75299973c7d3794eb7eb129e3b5a6139f9f521e1f14383abd0fd501219c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 23 Dec 2023 16:13:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 384577
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23557
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 19:05:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 22 Dec 2024 16:13:40 GMT

GET
H2 200 cSyncRemoteEntry.js Show response
cds.connatix.com/p/399327/ Frame 279F 3 KB
2 KB 12ms
11ms Script
application/javascript 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/399327/cSyncRemoteEntry.js
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f5cea81bb63d0214976da19bc823736066909b01efa7bf8cdb4d5de805eea93

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
x-amz-version-id: pnIKoz_H5OLsHqzKibzrbpZGMcs3QGIq
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Dec 2023 10:09:12 GMT
server: cloudflare
etag: W/"d60d811350d7df0f4503ae40d8a9728a"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 83c691be4e6325ff-NRT
access-control-allow-headers: range
expires: Fri, 27 Dec 2024 03:03:17 GMT

GET
H2 200 connatix.playspace.css
cds.connatix.com/p/399327/ 117 KB
18 KB 18ms
18ms Stylesheet
text/css 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/399327/connatix.playspace.css
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5105a671b848a36111043b2f18410e4cd83d59d468bec58f09b53fa9ed299ab2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
x-amz-version-id: PzuK7RwwI3I3YmGq9OhoB189ev0zM4AR
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Dec 2023 10:09:10 GMT
server: cloudflare
etag: W/"51785f5f49379f3482dd6343e1332a96"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 83c691be4e6925ff-NRT
access-control-allow-headers: range
expires: Fri, 27 Dec 2024 03:03:17 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 392ms
124ms Image
image/gif 2600:9000:2163:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adslot=jgniz_728x90_
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2163:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:29:44 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront)
x-amz-cf-pop: HIO50-C1
age: 1416814
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: VanrvYgmCwH9iXb9xPHhQc-0p7AWERUxoXqDV3V9wtcHylWovEkG7A==

GET
H3 200 952.js Show response
cds.connatix.com/p/399327/ Frame 279F 76 KB
19 KB 14ms
14ms Script
application/javascript 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/399327/952.js
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/cSyncRemoteEntry.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe917cd13fd4d9f376fd1cfa6ee6d31d6c7a89a5e7129dc8511b6e2aec860fa1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
x-amz-version-id: bu8XUquubhDkm2pljOSwe9gWGdu4DQoy
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Dec 2023 10:09:12 GMT
server: cloudflare
etag: W/"57846254bbd200f9201061ef4191f1e3"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 83c691be5c0eaf2b-NRT
access-control-allow-headers: range
expires: Fri, 27 Dec 2024 03:03:17 GMT

GET
H3 200 402.js Show response
cds.connatix.com/p/399327/ Frame 279F 45 KB
10 KB 13ms
13ms Script
application/javascript 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/399327/402.js
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/cSyncRemoteEntry.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a453ade31af0118629c4b7686eaae4e4248a1768b707e033d8d0f4eaf177c01a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
x-amz-version-id: lzSeJSagckPQLOk5ZgoGz8LqSw6yjZmI
content-encoding: br
cf-cache-status: HIT
x-amz-replication-status: FAILED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Dec 2023 10:09:12 GMT
server: cloudflare
etag: W/"0bfdcab785ef6b9a586feebcbe69419f"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age: 86400
cf-ray: 83c691be5c10af2b-NRT
access-control-allow-headers: range
expires: Fri, 27 Dec 2024 03:03:17 GMT

GET
H2

200

sync Show response
capi.connatix.com/core/ Frame 279F
Redirect Chain

https://capi.connatix.com/core/sync
https://capi.connatix.com/core/sync?final=true&UserScoringType=Enabled&ImplementationType=0

6 KB
2 KB

127ms
126ms

XHR
application/json

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/sync?final=true&UserScoringType=Enabled&ImplementationType=0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 621f054b728017194550d8ac2bb8ff26856be1fee58128cf8c495a0cb7fe1ae9

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691bf7fba25ff-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 28 Dec 2023 03:03:17 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-protobuf
location: https://capi.connatix.com:443/core/sync?final=true&UserScoringType=Enabled&ImplementationType=0
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691be9ecf25ff-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length: 27
alt-svc: h3=":443"; ma=86400

POST
H2 200 story Show response
capi.connatix.com/core/ Frame 279F 28 KB
8 KB 195ms
189ms XHR
application/x-protobuf 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/story?v=399327
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c80c390a9636e8d6990aac95a4b8f078a39eba99dadb14a10fbe72d9d5de70

Request headers

Referer
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691be9ed025ff-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 431 KB
135 KB 2ms
2ms Script
text/javascript 2404:6800:4004:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:811::2002 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 00:52:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7828
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138180
x-xss-protection: 0
server: cafe
etag: 6854214708762155125
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 27 Dec 2024 00:52:49 GMT

GET
H2 200 hadron.js Show response
cdn.hadronid.net/ 55 KB
10 KB 36ms
15ms Script
application/javascript 2606:4700:10::6816:34ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&ref=&_it=freestar&partner_id=474&ha=_hadron
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/5.28.1/pubfig.engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:34ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 Nov 2023 15:31:45 GMT
server: cloudflare
x-amz-request-id: 01CC8G5F16RM7B26
age: 5149
etag: W/"13043c1bbaf21ccc6e8ed474a744d3f2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 83c691bef944dfe9-NRT
x-amz-id-2: HXRUR8HjAo6USwQLdtHY+PYQf8tGuqDCh/+7XnINsX6lV9HyCEeo0/fdHmm/D8O2xprGCoT8y84=

GET
H2 200 IIQUniversalID.js Show response
a.pub.network/core/intentIQ/20230622/ 55 KB
13 KB 17ms
17ms Script
text/javascript 2606:4700::6812:14ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/intentIQ/20230622/IIQUniversalID.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/5.28.1/pubfig.engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48c76c91f2d42a1668fee310da41b7c1f0d97d7ab0fa55fcf794e2cd3e412242

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 491521
x-guploader-uploadid: ABPtcPqeym_96wKEF4WNoclG6IbU49YRqXSwDsea3tGVov_d38XiJOGaZy0IfrSub05ft4wEKMpkBGlbmQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
last-modified: Thu, 22 Jun 2023 23:15:14 GMT
server: cloudflare
etag: W/"c45a15a8a50c2a275e14695cf631d08d"
vary: Accept-Encoding
x-goog-hash: crc32c=6m2COg==, md5=xFoVqKUMKideFGlc9jHQjQ==
x-goog-generation: 1687475714790007
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 56442
cf-ray: 83c691bedc55e362-NRT
expires: Thu, 28 Dec 2023 04:03:17 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 282 KB
70 KB 25ms
2ms Script
application/javascript 13.32.49.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/5.28.1/pubfig.engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.49.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-49-23.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9377a1bc58b397b00604d1ab99ec060647410a4e239f067b01158a2eb8ffc27b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:40:31 GMT
content-encoding: gzip
via: 1.1 9a57190cf6aa7b1142210e5f804431fc.cloudfront.net (CloudFront), 1.1 c29e436c21072b427d47688aaf874624.cloudfront.net (CloudFront)
last-modified: Tue, 12 Dec 2023 22:20:18 GMT
server: AmazonS3
x-amz-cf-pop: NRT57-P2, NRT57-C1
age: 1367
x-amz-server-side-encryption: AES256
etag: W/"bab82e5d8801f394c1ef53a45dc29542"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: Y5a4A0kgSj7eAYDm6sUWPel6dNdRo6OWmLXfQn75Dk8K8PJU5_eD8Q==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 21ms
4ms Script
text/javascript 18.65.185.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.185.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-185-71.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 22:15:15 GMT
content-encoding: gzip
via: 1.1 9bc02c0e66fba3c7d773b9367b192e40.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: NRT57-P2
age: 17283
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: -Zym2i6IgfeO-ApaYMgNgMvWnNrI7Dry9UeqMtT2wCHEvo1oDXkYhg==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 22ms
2ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 20:29:45 GMT
content-encoding: gzip
age: 2010812
x-guploader-uploadid: ABPtcPov-txRzSmQTRO-Tz408XDiITKVvPNRo9Mu4E3aZKZgOTVSS2nrvbBIooMmUkM8ZWHdCPvkPanRjsnrlPSgAeT94w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 03 Dec 2024 20:29:45 GMT

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 252ms
239ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 4226057917abbdcae053ae53f46a56f0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 152 KB
34 KB 26ms
12ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65d03eb82a79a732d7c0180593c4f5dc98a8fac5c20c3a5446c4f14bf93d280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 12:57:20 GMT
server: cloudflare
x-amz-request-id: HXAWE1XKD6Y4769B
age: 2417
etag: W/"5fcefeebf5ddc7b2ddf2435967e63de9"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 83c691bf38e6af67-NRT
x-amz-id-2: 6+s+oilUP8ypzvOnvqcsOWSC8MP4mCW5ry0h3GDnDreNibE4XcvSIgCNh45KeCgp2S4bB6uPb1dx6v0KJu3DpA==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
902 B 11ms
2ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 28 Dec 2023 03:03:17 GMT
x-content-type-options: nosniff
content-encoding: br
age: 23766
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230042-FRA, cache-nrt-rjtf7700021-NRT
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET ProfilesEngineServlet
api.intentiq.com/profiles_engine/ 0
0

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/
Redirect Chain

https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=398745&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&tsr...
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=398745&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&ts...

43 B
1 KB

627ms
506ms

Image
image/gif

18.65.185.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=398745&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&tsrnd=502_1703732597633&vrref=www.bleepingcomputer.com&jsver=5.4&abtp=95&abtg=A&ckls=true&ci=Jhunkzb9iq&nc=false&trid=1062855676
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Server: 18.65.185.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-185-71.nrt57.r.cloudfront.net
Software: /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:18 GMT
via: 1.1 80f9a735214ee6903d0442ea922d2030.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT57-P2
x-cache: Miss from cloudfront
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: LJyHc7WDTEoHKy1RTI4nYhoIZuZukTrkvzdeJnvePY856-_7vfWIAQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 80f9a735214ee6903d0442ea922d2030.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT57-P2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=398745&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&tsrnd=502_1703732597633&vrref=www.bleepingcomputer.com&jsver=5.4&abtp=95&abtg=A&ckls=true&ci=Jhunkzb9iq&nc=false&trid=1062855676
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: gZZWBVUPtdTmrMa5PoC9VKilyBNkPt7_YtvKgvzc3s3W1Y4E7eZ1bA==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 hadron.json Show response
id.hadron.ad.gt/v1/ 105 B
293 B 120ms
120ms XHR
application/json 2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.bleepingcomputer.com&url=https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&ref=&_it=freestar&partner_id=474&ha=_hadron
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89dc770764a5fab0c6dc74a737beb3a408bde6f302b5a516fa3bb107e9edfedb

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: private,max-age=30
access-control-allow-credentials: true
debug: NON-OPTIONS
access-control-allow-headers: authorization
cf-ray: 83c691c02ee83c0b-NRT

OPTIONS
H2 200 hadron.json
id.hadron.ad.gt/v1/ Frame 0
0 145ms
120ms Preflight
application/json 2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.bleepingcomputer.com&url=https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST, OPTIONS, GET
cf-cache-status: DYNAMIC
cf-ray: 83c691bf6e073c0b-NRT
content-length: 0
content-type: application/json
date: Thu, 28 Dec 2023 03:03:17 GMT
debug: OPTIONS block
server: cloudflare

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 156 B
621 B 239ms
86ms XHR
application/json 52.220.125.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.220.125.144 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-220-125-144.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: d7d4b702be0c9fabc24bb10e72e279655868a55f420bf4a50366d8ec9311a52b

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
x-server: 10.42.27.241
access-control-allow-credentials: true
content-length: 156
expires: 0

GET
H2 200 0ab198dd-b265-462a-ae36-74e163ad6159 Show response
config.aps.amazon-adsystem.com/configs/ 564 B
830 B 23ms
3ms Script
application/javascript 143.204.86.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/0ab198dd-b265-462a-ae36-74e163ad6159
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.86.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-86-24.nrt12.r.cloudfront.net
Software: CloudFront /
Resource Hash: c6d37be64ee1eb7b8168b048a77a21db12910242805262168a61c7b1f8659dda

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:07:59 GMT
via: 1.1 3fa2b0ecfcbadde1c11e5ba46e1b6308.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: NRT12-C2
age: 3318
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 564
x-amz-cf-id: 6Hkp2CN-85v2MzB3Kg2JhbmAwY7MLtQ_vs1TWdycRSMtCCkWPlBlFQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
1 KB 4ms
3ms XHR
application/json 13.32.49.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com&pubid=0ab198dd-b265-462a-ae36-74e163ad6159
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.49.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-49-23.nrt57.r.cloudfront.net
Software: Server /
Resource Hash: 0eda13bf855220cdec6aaace454f32733f52fcac0bacb575e459b5b081ee9c52

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:16:30 GMT
via: 1.1 c29e436c21072b427d47688aaf874624.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: NRT57-C1
age: 2807
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1054
x-amz-cf-id: BthkglXY0DfL5qFUR526bPIijscOrv42wpI_yJRMX4QMQftMg6UruA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 13ms
5ms XHR
application/javascript 13.32.49.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.49.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-49-23.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 71f3694b51f52454b351b50afa530cfe.cloudfront.net (CloudFront)
date: Wed, 27 Dec 2023 07:01:36 GMT
x-amz-cf-pop: NRT57-C1
age: 72102
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: K2gVm1x3_PM2bRpg6Ql3KkZfhXPMwwK_CSeNw9WqSJJ0Z__V4SfYZQ==

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&rid=esp&cc=1

85 B
193 B

150ms
149ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&rid=esp&cc=1
Requested by: Host: blank
URL: about:blank
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 907f872bc058d1dd31c379650a2530c8381933202cfdfa713f678b9300372856

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-Kn4OIJP8QGy4gi9vlS33wExiv4c"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.bleepingcomputer.com
location: /esp?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F550535%2Fcomputer-infected-w-rootkit-from-gmer-scan%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 54 KB
17 KB 16ms
1ms Script
application/javascript 2.18.148.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.148.25 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-148-25.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ba6a49b4567c1d0abb7d066626b3290cc404a5214712d90685743ee20b3ecb94

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
server: Apache
etag: "d734-5f2f3919e751f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17407
expires: Thu, 28 Dec 2023 03:18:17 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 151 KB
33 KB 7ms
7ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/550535/computer-infected-w-rootkit-from-gmer-scan/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ba93db33de679d443dc28aee4a2190b580b8ad3fc53216d5bb2678d4e17f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: SW5P2TH3APD31CNJ
age: 21
x-amz-server-side-encryption: AES256
x-amz-id-2: eCDd838EuMQX+Vc2F3GzgtdGf9x9modflCP1EqDY3nHx5Yh9CF36oR2bxnEHPTTwYeiU2J6Tdb4nJKsopzYU8A==
last-modified: Thu, 07 Dec 2023 12:57:20 GMT
server: cloudflare
etag: W/"7229163a9092e2cee472ddee92dcb6ba"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 83c691bf694eaf67-NRT
expires: Thu, 28 Dec 2023 04:03:17 GMT

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
240 B 740ms
243ms XHR
text/plain 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.bleepingcomputer.com
date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1 200
OK / Show response
tag.escalated.io/ 72 KB
31 KB 494ms
126ms Script
application/javascript 3.109.191.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.escalated.io/?i=KxxajmhPPCsT&d=www.bleepingcomputer.com&type=display&cust=5971&sid=direct&c=&cust2=direct
Requested by: Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.109.191.131 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-109-191-131.ap-south-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f38bddf9810579138c76467d6b202d0a83fc7070bc962b8370a2ead189cac811

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:03:18 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Sep 2023 15:12:11 GMT
Server: nginx
ETag: W/"6501d14b-1207a"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 insights.bin Show response
ins.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/24f9422d-b7e4-4f6b-94ca-0c9c397f404d/ Frame 279F 612 B
672 B 33ms
12ms XHR
application/x-protobuf 172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/24f9422d-b7e4-4f6b-94ca-0c9c397f404d/insights.bin
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/connatix.playspace.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 111251147a0b2c467f4ca1ee54aac77dfabb37b0012d08c492d17909179694d6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 27 Dec 2023 23:57:20 GMT
server: cloudflare
etag: W/"de92b833e3d8886b30804abaf57c3042"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/x-protobuf
access-control-allow-origin: *
cache-control: public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
vary: Accept-Encoding
cf-ray: 83c691bff905736d-NRT
alt-svc: h3=":443"; ma=86400
expires: Fri, 27 Dec 2024 03:03:17 GMT

GET
H2

200

cks Show response
cks.connatix.com/
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=190549&cb=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D17%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DIndex%26api-tier%3D2%26uid%3D&gdpr=0
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D17%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DIndex%26api-tier%3D2%26uid%3D&gdpr=0&s=190549&C=1
https://cks.connatix.com/cks?pid=17&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Index&api-tier=2&uid=ZYzldSySS0asMmrfjUX57AAA%265463

139 B
158 B

22ms
10ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=17&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Index&api-tier=2&uid=ZYzldSySS0asMmrfjUX57AAA%265463
Requested by: Host: blank
URL: about:blank
Protocol: H2
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92776410d02eb8f26f82827b21fe84d6c37db8c1e1ea4afa3dbde544a898fb0e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c0f9ad25ff-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ask1M98YJfx%2F3S7%2FApTnZrfOTBTV4R18CNG8sfjC4QKNh%2FMd2rx6n12NpGnS6WeJu6BhXZZS7c%2B080vfGsOnuRAbfTIJW%2BvUpl1oDJ86NdinVVLdrWdwJGZaWDFaoZI3bZ1wF1Fx"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cks.connatix.com/cks?pid=17&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Index&api-tier=2&uid=ZYzldSySS0asMmrfjUX57AAA%265463
cache-control: no-cache
cf-ray: 83c691c0d8862080-NRT
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1

400
Bad Request

connatix
match.prod.bidr.io/cookie-sync/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&g...
https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&g...

0
0

5ms
4ms

Script
text/plain

54.92.19.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&gdpr=0&_bee_ppp=1

Requested by

Host: blank
URL: about:blank

Protocol

HTTP/1.1

Server

54.92.19.245 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-92-19-245.ap-northeast-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 25
content-type: text/plain

Redirect headers

location: https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&gdpr=0&_bee_ppp=1
Date: Thu, 28 Dec 2023 03:03:17 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2

200

cks Show response
cks.connatix.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gapzaid&ttd_tpi=1&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gapzaid&ttd_tpi=1&gdpr=0
https://cks.connatix.com/cks?pid=19&uid=6d989a68-f294-476a-b80c-00b5eeb960b2&ttl=1706324597

146 B
164 B

15ms
9ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=19&uid=6d989a68-f294-476a-b80c-00b5eeb960b2&ttl=1706324597
Requested by: Host: blank
URL: about:blank
Protocol: H2
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ed28bdfdc1475c542335881f506b62f71e88527b202b1914d9b02f3b455024c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c0f9ac25ff-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=19&uid=6d989a68-f294-476a-b80c-00b5eeb960b2&ttl=1706324597
date: Thu, 28 Dec 2023 03:03:17 GMT
server: Kestrel
content-length: 213

GET
H2

200

cks Show response
cks.connatix.com/
Redirect Chain

https://ad.turn.com/r/cs?pid=67&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D21%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DAmobee%26api-tier%3D2%26uid%3D%23USER_ID%23&gdpr=0
https://cks.connatix.com/cks?pid=21&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Amobee&api-tier=2&uid=7581128887850851282

129 B
169 B

16ms
16ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=21&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Amobee&api-tier=2&uid=7581128887850851282
Requested by: Host: blank
URL: about:blank
Protocol: H2
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 436073a29f686e3f7e261d1b812f8df5efac0c2649be299220b1815fb34632b2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c29b8c25ff-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=21&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Amobee&api-tier=2&uid=7581128887850851282
pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D25%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DTripleLift%26api-tier%3D2%26uid%3D%24UID&gdpr=0
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D25%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DTripleLift%26api-tier%3D2%26uid%...
https://cks.connatix.com/cks?pid=25&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=TripleLift&api-tier=2&uid=765688554414051114869

131 B
242 B

14ms
10ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=25&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=TripleLift&api-tier=2&uid=765688554414051114869
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 312817a63b18679c10acc2fe875d40f1d0bfccd49a09dfd444ea9a7d8c6928f6

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c33b7b34b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=25&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=TripleLift&api-tier=2&uid=765688554414051114869
date: Thu, 28 Dec 2023 03:03:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D6%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DAppNexus%26api-tier%3D2%26uid%3D%24UID=&gdpr=0
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcks.connatix.com%252Fcks%253Fpid%253D6%2526ev%253D4aa687c0ea4749108f738a5e7bd6d0e5%2526pname%253DAppNexus%2526api-tier%253D2%2526uid%...
https://cks.connatix.com/cks?pid=6&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=AppNexus&api-tier=2&uid=4490771283231374823=&gdpr=0

129 B
278 B

11ms
9ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=6&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=AppNexus&api-tier=2&uid=4490771283231374823=&gdpr=0
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03703e5dd372ac81a64e02ab9c3a0c197c0543acfc5fd6031cc40be1c6e4b857

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c32b6a34b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:18 GMT
an-x-request-uuid: 3e2825b3-1590-4d7f-a6cc-98f66627dc2d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cks.connatix.com/cks?pid=6&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=AppNexus&api-tier=2&uid=4490771283231374823=&gdpr=0
x-proxy-origin: 31.204.145.170; 31.204.145.170; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel Show response
capi.connatix.com/us/
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=connatix&gdpr=0
https://sync.1rx.io/usersync2/rmpssp?sub=connatix&zcc=1&cb=1703732598217
https://ad.turn.com/r/cs?pid=45&rndcb=4502834451
https://sync.1rx.io/usersync/turn/7581128887850851282?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004?redir=https%3A%2F%2Fcapi.connatix.com%2Fus%2Fpixel%3Fpuid%3DRX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004%26pI...
https://capi.connatix.com/us/pixel?puid=RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004&pId=44

82 B
373 B

117ms
116ms

Script
image/gif

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/us/pixel?puid=RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004&pId=44
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f28e33d6a65a4269a7f4e327a177ead60fea39cb13129a35c4b24fef84f5af

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
cf-cache-status: DYNAMIC
server: cloudflare
surrogate-control: no-cache, no-store, must-revalidate, max-age=0
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 83c691c5ebac25e7-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://capi.connatix.com/us/pixel?puid=RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004&pId=44
date: Thu, 28 Dec 2023 03:03:18 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX8db40515283c47d7ad4d88ee9c3667b7004
content-type: text/html

GET
H3

200

pixel Show response
capi.connatix.com/us/
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=6&gdpr=0&gdpr_consent=null
https://capi.connatix.com/us/pixel?puid=8233903385909417739&pId=40&gdpr=0&gdpr_consent=

82 B
409 B

118ms
118ms

Script
image/gif

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/us/pixel?puid=8233903385909417739&pId=40&gdpr=0&gdpr_consent=
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f28e33d6a65a4269a7f4e327a177ead60fea39cb13129a35c4b24fef84f5af

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
cf-cache-status: DYNAMIC
server: cloudflare
surrogate-control: no-cache, no-store, must-revalidate, max-age=0
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 83c691c4099225e7-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://capi.connatix.com/us/pixel?puid=8233903385909417739&pId=40&gdpr=0&gdpr_consent=
date: Thu, 28 Dec 2023 03:03:17 GMT
content-length: 0

GET
H/1.1

200
OK

usync.html
eus.rubiconproject.com/ Frame D5B5
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=19564_2&endpoint=us-east&gdpr=0
https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east&gdpr=0

0
0

11ms
2ms

Document
text/html

23.40.149.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east&gdpr=0
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/402.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.149.60 Tokyo, Japan, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-40-149-60.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 28 Dec 2023 03:03:17 GMT
ETag: "20525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 28 Dec 2023 03:03:17 GMT
location: https://eus.rubiconproject.com/usync.html?p=19564_2&endpoint=us-east&gdpr=0
server: AkamaiGHost

GET /
ssc-cms.33across.com/ps/ Frame 8CF6 0
0

GET user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9F4C 0
0

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=561340&daaqp=1&ev=1&rurl=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D13%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DPulsePoint%26api-tier%3D2%26uid%3D%...
https://cks.connatix.com/cks?pid=13&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=PulsePoint&api-tier=2&uid=fYkYDhl0dn01

122 B
236 B

20ms
18ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=13&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=PulsePoint&api-tier=2&uid=fYkYDhl0dn01
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c2d587358699a1d8df6350dfb6ab37a7ce71f8346f2cd36c1cad290569f17f7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c68e0734b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: jp-JP
location: https://cks.connatix.com/cks?pid=13&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=PulsePoint&api-tier=2&uid=fYkYDhl0dn01
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7fc76965fd-x59xc
expires: -1

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://i.ctnsnet.com/int/cm?exc=24&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D28%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCrimtan%26api-tier%3D2%26uid%3D%5Buser_id%5D&gdpr=0
https://cks.connatix.com/cks?pid=28&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Crimtan&api-tier=2&uid=899ad57f65394947a30b95e28a05bf7d

142 B
251 B

16ms
15ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=28&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Crimtan&api-tier=2&uid=899ad57f65394947a30b95e28a05bf7d
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2b356067069b506d8a533167492f705e7ef5f60e3838a52de9bce98c518064c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c39bc234b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cks.connatix.com/cks?pid=28&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Crimtan&api-tier=2&uid=899ad57f65394947a30b95e28a05bf7d
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D18%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DLoopMe%26api-tier%3D2%26uid%3D%7Bdevice_id%7D%26pubid%3D11186&gdpr=0
https://cks.connatix.com/cks?pid=18&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=LoopMe&api-tier=2&uid=51ab54d4-6840-43a8-a3b9-a6c928d70207&pubid=11186&gdpr=0

146 B
254 B

10ms
10ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=18&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=LoopMe&api-tier=2&uid=51ab54d4-6840-43a8-a3b9-a6c928d70207&pubid=11186&gdpr=0
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8586f0ecb339976502223d2b25812632a44e5699824fa91df1e6fad0b376de1e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c7eef834b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=18&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=LoopMe&api-tier=2&uid=51ab54d4-6840-43a8-a3b9-a6c928d70207&pubid=11186&gdpr=0
date: Thu, 28 Dec 2023 03:03:18 GMT
server: _
content-length: 0

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=105&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCentro%26api-tier%3D2%26uid%3D%7BuserId...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=105&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DCentro%26api-tier%3D2%26uid%3...
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&partner_url=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4aa687c...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&partner_url=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D9%26ev%3D4...
https://cks.connatix.com/cks?pid=9&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Centro&api-tier=2&uid=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&gdpr=0

159 B
264 B

11ms
10ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=9&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Centro&api-tier=2&uid=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&gdpr=0
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b42c77d845581f827371cf8274c9cc3eaac8a14887608726578f4a295951b73

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691cb395834b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 28 Dec 2023 03:03:19 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://cks.connatix.com/cks?pid=9&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Centro&api-tier=2&uid=84e9b23e-427e-4955-80f6-63b0c8c8f4da-658ce576-4a50&gdpr=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://ads.yieldmo.com/pbsync?is=smartnews&redirectUri=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D39%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DYieldMo%26api-tier%3D2%26uid%3D%24UID&gdpr=0
https://cks.connatix.com/cks?pid=39&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=YieldMo&api-tier=2&uid=3zA7mLL__uLP8nROGOoo&gdpr=0

130 B
246 B

10ms
9ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=39&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=YieldMo&api-tier=2&uid=3zA7mLL__uLP8nROGOoo&gdpr=0
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26ae3ddd450ca115be5a358af54b1d62e7b0f858a8791963e67c8f2aaafb7d66

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c5bd6334b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:18 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cks.connatix.com/cks?pid=39&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=YieldMo&api-tier=2&uid=3zA7mLL__uLP8nROGOoo&gdpr=0
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://connatix-supply-partners.tremorhub.com/sync?UISCX=4aa687c0ea4749108f738a5e7bd6d0e5&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D5%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DTel...
https://cks.connatix.com/cks?pid=5&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Telaria&api-tier=2&uid=9236d94323db4abbbb4a9eaf6d475044

141 B
249 B

12ms
12ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=5&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Telaria&api-tier=2&uid=9236d94323db4abbbb4a9eaf6d475044
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46020e5bef768bb3cd9a54dcd712062696cfcec5e8d586268b0e08af127d5a61

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c7deec34b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=5&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Telaria&api-tier=2&uid=9236d94323db4abbbb4a9eaf6d475044
date: Thu, 28 Dec 2023 03:03:18 GMT
server: nginx
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H3

200

us Show response
capi.connatix.com/core/
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=3672&_fw_gdpr=0&_fw_gdpr_consent=null&gdpr=0
https://capi.connatix.com/core/us?DemandPartner=33&DemandPartnerName=FreeWheel&DemandPartnerUserId=2cf7911d33a9a2f0ce9e7170558a19ec&_fw_gdpr=0&_fw_gdpr_consent=null&gdpr=0

0
231 B

119ms
118ms

Script
application/json

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/us?DemandPartner=33&DemandPartnerName=FreeWheel&DemandPartnerUserId=2cf7911d33a9a2f0ce9e7170558a19ec&_fw_gdpr=0&_fw_gdpr_consent=null&gdpr=0
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/json
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c68c6225e7-NRT
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length: 0
alt-svc: h3=":443"; ma=86400

Redirect headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 03:03:18 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://capi.connatix.com/core/us?DemandPartner=33&DemandPartnerName=FreeWheel&DemandPartnerUserId=2cf7911d33a9a2f0ce9e7170558a19ec&_fw_gdpr=0&_fw_gdpr_consent=null&gdpr=0
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1703732598750000-56

GET sync-iframe
cs-server-s2s.yellowblue.io/ Frame F05B 0
0

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/17331/ 39 KB
12 KB 4ms
3ms Script
text/javascript 18.65.185.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/17331/sync.min.js?gdpr=0
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/402.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.185.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-185-71.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60cafa05c97da06116c9164ae946addfe8812d8b104b0d4260cfd5e3884eeab7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 12:56:47 GMT
content-encoding: gzip
via: 1.1 9bc02c0e66fba3c7d773b9367b192e40.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 16:12:35 GMT
server: AmazonS3
x-amz-cf-pop: NRT57-P2
age: 50791
x-amz-server-side-encryption: AES256
etag: W/"24dc2bbea0cff17e96e133440043ddb8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: iq8f2d7xnqizwLJBqde5-q5R_YqpH09cRzs0XkyvL1HXYjXpxxIxEQ==

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://vop.sundaysky.com/sync/dmp?redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D1%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DSundaySky%26api-tier%3D2%26uid%3D%24%7Bssky_uuid%7D&gdpr=0
https://vop.sundaysky.com/sync/dmp?redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D1%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DSundaySky%26api-tier%3D2%26uid%3D%24%7Bssky_uuid%7D&gdpr...
https://cks.connatix.com/cks?pid=1&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=SundaySky&api-tier=2&uid=d6.e9ec8ad6ae74465aae267c01b7cee4b8

144 B
252 B

11ms
11ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=1&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=SundaySky&api-tier=2&uid=d6.e9ec8ad6ae74465aae267c01b7cee4b8
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: addb8aad44fb4ae9bddd16de4e417fde5a32b88bd6a9802873d995ec666b391b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c8dfa334b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=1&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=SundaySky&api-tier=2&uid=d6.e9ec8ad6ae74465aae267c01b7cee4b8
date: Thu, 28 Dec 2023 03:03:19 GMT
x-content-type-options: nosniff
content-length: 0
x-frame-options: DENY

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://sync.resetdigital.co/csync?pid=connatix&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D35%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DResetDigital%26api-tier%3D2%26uid%3D%24USER_I...
https://cks.connatix.com/cks?pid=35&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=ResetDigital&api-tier=2&uid=0000012521995E07

126 B
239 B

8ms
8ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=35&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=ResetDigital&api-tier=2&uid=0000012521995E07
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9d16a7c165724cff33a398d9981f628f4e230e43485e89b9b0edf441df94f29

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c85f5034b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=35&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=ResetDigital&api-tier=2&uid=0000012521995E07
date: Thu, 28 Dec 2023 03:03:18 GMT
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 0
content-type: text/html

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D43%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DSonobi%26api-tier%3D2%26uid%3D%5BUID%5D&gdpr=0
https://cks.connatix.com/cks?pid=43&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Sonobi&api-tier=2&uid=51be1691-f25f-4506-83b5-862231b1dcef

146 B
254 B

9ms
8ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=43&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Sonobi&api-tier=2&uid=51be1691-f25f-4506-83b5-862231b1dcef
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd7483fc3c88b737fd1af850fa38c9406244bd539fac012f718c54fb1df18f7f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691cc09e834b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 03:03:19 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-lax-1-5-94
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cks.connatix.com/cks?pid=43&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Sonobi&api-tier=2&uid=51be1691-f25f-4506-83b5-862231b1dcef
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://match.sharethrough.com/universal/v1?supply_id=WIMKYDH0&gdpr=0&gdpr_consent=null&redirectUri=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d45%26ev%3d4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3...
https://cks.connatix.com/cks?pid=45&pname=Sharethrough&api-tier=1&uid=e78820b5-ab0b-4ea5-97f1-0bcf0815a326&gdpr=0&gdpr_consent=null

146 B
254 B

13ms
13ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=45&pname=Sharethrough&api-tier=1&uid=e78820b5-ab0b-4ea5-97f1-0bcf0815a326&gdpr=0&gdpr_consent=null
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1718115905fd0f83871b81f517b0c5103257fde62f7541e76cf5b38d690c0a8a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691c74e8334b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

location: https://cks.connatix.com/cks?pid=45&pname=Sharethrough&api-tier=1&uid=e78820b5-ab0b-4ea5-97f1-0bcf0815a326&gdpr=0&gdpr_consent=null
date: Thu, 28 Dec 2023 03:03:18 GMT
content-length: 0

GET
H/1.1 200
OK psync Show response
xsync.iqzone.com/ 42 B
748 B 888ms
227ms Script
image/gif 142.234.204.77
LEASEWEB-USA-NYC

General

Check archive.org

Show headers Download Go to

Full URL: https://xsync.iqzone.com/psync?t=s&e=376&cb=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D42%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DIqZone%26api-tier%3D2%26uid%3D%25USER_ID%25&gdpr=0
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/402.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 142.234.204.77 Edison, United States, ASN396362 (LEASEWEB-USA-NYC, US),
Reverse DNS
Software: nginx /
Resource Hash: ff4da87481fe5b7192508bf706e1ad69def9cbd967f86789cdf41147de939401

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:03:19 GMT
Server: nginx
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST,PUT,HEAD,DELETE,OPTIONS, GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true, true
Connection: keep-alive
Access-Control-Allow-Headers: content-Type,x-requested-with, DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H3

200

cks Show response
cks.connatix.com/
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=connatix&cspid=25&append=0&cb=%24%7BADELPHIC_CACHE_BUSTER%7D&redirect=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D29%26ev%3D4aa687c0ea474...
https://cks.connatix.com/cks?pid=29&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Adelphic&api-tier=2&uid=73c16ecd-8a66-4df8-be6c-fae435e1b034

146 B
253 B

8ms
8ms

Script
application/javascript

172.64.146.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cks.connatix.com/cks?pid=29&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Adelphic&api-tier=2&uid=73c16ecd-8a66-4df8-be6c-fae435e1b034
Requested by: Host: blank
URL: about:blank
Protocol: H3
Server: 172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31d7701f62f02e0a3565735cf84761ab176fa42c6354acb3744550be0d35c951

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:19 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 83c691cd1ab434b1-NRT
alt-svc: h3=":443"; ma=86400

Redirect headers

Location: https://cks.connatix.com/cks?pid=29&ev=4aa687c0ea4749108f738a5e7bd6d0e5&pname=Adelphic&api-tier=2&uid=73c16ecd-8a66-4df8-be6c-fae435e1b034
Date: Thu, 28 Dec 2023 03:03:19 GMT
Connection: keep-alive
X-CI-RTID: f5805614-9916-42a5-99d4-acc5c63af083
Content-Length: 177
Content-Type: text/html; charset=utf-8

GET cm
us-u.openx.net/w/1.0/ Frame 279F 0
0

GET cksync
cs.media.net/ Frame 279F 0
0

GET 712202.gif
id.rlcdn.com/ Frame 279F 0
0

GET pixel
capi.connatix.com/us/google/ Frame 279F 0
0

GET 1a1c07e870d45c05896c3f9e9973d4b4.gif
sync.colossusssp.com/ Frame 279F 0
0

GET ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 279F 0
0

GET 81549
i.liadm.com/s/ Frame 279F 0
0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 61ms
61ms Script
text/javascript 2404:6800:4004:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/399327/connatix.playspace.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4004:811::2002 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5672f8f90be2af6ef03bc3d8ea40cb0f2fef1b2a81e26cff101512c91adc97a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:03:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29387
x-xss-protection: 0
server: cafe
etag: 512 / 19719 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:03:17 GMT

GET ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 279F 0
0

GET 24f9422d-b7e4-4f6b-94ca-0c9c397f404d.bin
vid.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/ Frame 279F 0
0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
617 B 104ms
102ms XHR
application/json 52.220.125.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/17331/sync.min.js?gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.220.125.144 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-220-125-144.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 3f6e2b897e9a857e247e378c30ba45485a10675c7054a5211acc36ba26b37ddd

Request headers

Referer
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:17 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
x-server: 10.42.0.117
access-control-allow-credentials: true
content-length: 235
expires: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 489ms
161ms Preflight
application/json 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=about%3A%2F%2F%2F&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 28 Dec 2023 03:03:18 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 232134
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=about%3A%2F%2F%2F&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=VrnhvnxoaWw4RGFhMnp0VjEwTHc2OFhZUmlTcHdXcStYUTl4V3U4Nk9JVHdSRnltT29GWUNkakFodEt6M293bFVYSzB6a1YwVjI5QUlNMFJFRWZLWk9zMWxlL01KKzJ2OGpZK1BXYU9VMzUvb0FlT0FJMXhaVU9jR0JlcT...

303 B
610 B

481ms
160ms

Fetch
application/json

182.161.74.11
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=VrnhvnxoaWw4RGFhMnp0VjEwTHc2OFhZUmlTcHdXcStYUTl4V3U4Nk9JVHdSRnltT29GWUNkakFodEt6M293bFVYSzB6a1YwVjI5QUlNMFJFRWZLWk9zMWxlL01KKzJ2OGpZK1BXYU9VMzUvb0FlT0FJMXhaVU9jR0JlcTlTMzBzbHp5bkdSQlNlYlRWMFFMWmFmQ29kdXdpMkR6c1pvSG1xUFlRNkk1bVRDeEVyZ3A0WkgzV2p6cU51Uk0yeE9Hc3RJQXhLQVQvZEdoUDZrNGN2aWpIK2xnNkUrNUxicWZuR0J4a1BtcFIraGNYbTljPXw&cppv=2

Requested by

Host: blank
URL: about:blank

Protocol

Server

182.161.74.11 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4a7cc0aaec78bc6cca94a640933ff73ffa9d196bbfe321d3de9374c167e57946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:19 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 419037
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:18 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://mug.criteo.com/sid?cpp=VrnhvnxoaWw4RGFhMnp0VjEwTHc2OFhZUmlTcHdXcStYUTl4V3U4Nk9JVHdSRnltT29GWUNkakFodEt6M293bFVYSzB6a1YwVjI5QUlNMFJFRWZLWk9zMWxlL01KKzJ2OGpZK1BXYU9VMzUvb0FlT0FJMXhaVU9jR0JlcTlTMzBzbHp5bkdSQlNlYlRWMFFMWmFmQ29kdXdpMkR6c1pvSG1xUFlRNkk1bVRDeEVyZ3A0WkgzV2p6cU51Uk0yeE9Hc3RJQXhLQVQvZEdoUDZrNGN2aWpIK2xnNkUrNUxicWZuR0J4a1BtcFIraGNYbTljPXw&cppv=2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 556489
content-length: 0
expires: 0

GET
H2 200 pbhid Show response
id.hadron.ad.gt/api/v1/ 227 B
242 B 12ms
11ms Fetch
application/json 2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/api/v1/pbhid?partner_id=474&_it=prebid
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-8.27.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7522414b9a7d076f4978fd6d895b083a6c9131b477d315b481431caac9c5bb97

Request headers

Referer
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: gzip
server: cloudflare
allow: POST, OPTIONS, GET
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cf-ray: 83c691c269a93c0b-NRT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 rid Show response
match.adsrvr.org/track/ 108 B
677 B 5ms
4ms Fetch
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=6bjin1p&fmt=json
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-8.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 98b98f8fceff33a5a125c2ba1843f02ecfce956e6f623a372959803890dcdf20

Request headers

Referer
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: gzip
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires: Sat, 27 Jan 2024 03:03:18 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 166ms
160ms Preflight
application/json 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=about%3A%2F%2F%2F&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 28 Dec 2023 03:03:18 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 410723
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET ProfilesEngineServlet
api.intentiq.com/profiles_engine/ 0
0

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=about%3A%2F%2F%2F&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=iR2mS3xpdWtRL01ORXVXS2tSRUxFYUpiTkZXSVEzMHByVmk0Y2ozdjY2MG13RFk5aUs3Vlo1SW5oZzN2WDR3MGovVEtoS0E0WVhubHVkeE5OazN4ZS9UTjBnb0dvMmtpSE1qRGQwK2RZUGxIQm1OSUs0M0xnSUF2VWJPME...

287 B
595 B

482ms
161ms

Fetch
application/json

182.161.74.11
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=iR2mS3xpdWtRL01ORXVXS2tSRUxFYUpiTkZXSVEzMHByVmk0Y2ozdjY2MG13RFk5aUs3Vlo1SW5oZzN2WDR3MGovVEtoS0E0WVhubHVkeE5OazN4ZS9UTjBnb0dvMmtpSE1qRGQwK2RZUGxIQm1OSUs0M0xnSUF2VWJPMEpKSDNuS0ZvUXY1UitUMjZsczVKZm42dmJNK20yQ2dmbWI2cm11Z3RFVmh0dUVGdkVvSGdFRUwzcmhsUGhkTUpINWFyMnpjak5FUE4vS0RneitHdUFlQnlIaTZ1YytMMG5sa0MyRmpwbjJxeXJaNmdUb3B3PXw&cppv=2

Requested by

Host: blank
URL: about:blank

Protocol

Server

182.161.74.11 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

4bba0fd3b6680f78a6e8c15661cfae284c01d9b7938303de9a6b3bc7a33cda6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:19 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 593378
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:03:18 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://mug.criteo.com/sid?cpp=iR2mS3xpdWtRL01ORXVXS2tSRUxFYUpiTkZXSVEzMHByVmk0Y2ozdjY2MG13RFk5aUs3Vlo1SW5oZzN2WDR3MGovVEtoS0E0WVhubHVkeE5OazN4ZS9UTjBnb0dvMmtpSE1qRGQwK2RZUGxIQm1OSUs0M0xnSUF2VWJPMEpKSDNuS0ZvUXY1UitUMjZsczVKZm42dmJNK20yQ2dmbWI2cm11Z3RFVmh0dUVGdkVvSGdFRUwzcmhsUGhkTUpINWFyMnpjak5FUE4vS0RneitHdUFlQnlIaTZ1YytMMG5sa0MyRmpwbjJxeXJaNmdUb3B3PXw&cppv=2
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 445392
content-length: 0
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 108 B
677 B 5ms
4ms Fetch
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=6bjin1p&fmt=json
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-8.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 98b98f8fceff33a5a125c2ba1843f02ecfce956e6f623a372959803890dcdf20

Request headers

Referer
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 28 Dec 2023 03:03:18 GMT
content-encoding: gzip
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires: Sat, 27 Jan 2024 03:03:18 GMT

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
284 B 726ms
239ms Fetch
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

645c065659ece7c2bedc7d9ac105ed4c320c48a885199d1f1efff74b7c0b66c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: https://www.bleepingcomputer.com
date: Thu, 28 Dec 2023 03:03:18 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 504ms
165ms Preflight
application/json 182.161.74.11
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.11 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 28 Dec 2023 03:03:19 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 285587
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 503ms
164ms Preflight
application/json 182.161.74.11
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.74.11 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 28 Dec 2023 03:03:19 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 191710
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 v3 Show response
id5-sync.com/gm/ 698 B
1 KB 954ms
478ms XHR
application/json 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/gm/v3

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

3a94c8d5352201904bceed083ffa2e8bcb95f6792bd1e4fb1e0bc378a629fc5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.bleepingcomputer.com
date: Thu, 28 Dec 2023 03:03:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 px.gif
merequartz.com/aadetect/ 42 B
324 B 274ms
38ms Image
image/gif 2600:1901:0:2b56::1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://merequartz.com/aadetect/px.gif?ch=2&rn=7612

Requested by

Host: blank
URL: about:blank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:2b56::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
date: Thu, 28 Dec 2023 03:03:22 GMT
via: 1.1 google
last-modified: Fri, 22 Dec 2023 20:43:07 GMT
x-datacenter: gce-asia-east1
x-buildname: hoothoot
vary: Accept-Encoding
x-hostname: fen-hoothoot-asia-east1-6340
content-type: image/gif
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-buildnumber: 1072352451

GET
H2 200 px.gif
merequartz.com/aadetect/ 42 B
99 B 277ms
42ms Image
image/gif 2600:1901:0:2b56::1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://merequartz.com/aadetect/px.gif?ch=1&rn=7612

Requested by

Host: blank
URL: about:blank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:2b56::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
date: Thu, 28 Dec 2023 03:03:22 GMT
via: 1.1 google
last-modified: Fri, 22 Dec 2023 20:43:07 GMT
x-datacenter: gce-asia-east1
x-buildname: hoothoot
vary: Accept-Encoding
x-hostname: fen-hoothoot-asia-east1-6340
content-type: image/gif
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-buildnumber: 1072352451

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: developers.google.com
URL: https://developers.google.com/

Domain: api.intentiq.com
URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=999_1703732597632&cttl=43200000&rrtt=0&dud=0&abtg=A&vrref=www.bleepingcomputer.com&japbjs=true&japs=false

Domain: ssc-cms.33across.com
URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002y7TWTAA2&ru=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D37%26UserId%3D4aa687c0ea4749108f738a5e7bd6d0e5%26DemandPartnerName%3D_33Across%26tier%3D2%26DemandPartnerUserId%3D33XUSERID33X&gdpr=0

Domain: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156592&predirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D2%26UserId%3D4aa687c0ea4749108f738a5e7bd6d0e5%26DemandPartnerName%3DPubmatic%26tier%3D2%26DemandPartnerUserId%3D&gdpr=0

Domain: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr={gdpr}&gdpr_consent={gdpr_consent}&redirect=https%3a%2f%2fcks.connatix.com%2fcks%3fpid%3d24%26ev%3d4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3dIronSource%26api-tier%3d2%26uid%3d{partnerId}%26direct%3D1

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=7cf4c6c4-b915-4cbd-83cc-28c0f662a829&ph=51e220cb-8c97-4a65-b047-91c933b79b78&r=https%3a%2f%2fcapi.connatix.com%2fcore%2fus%3fDemandPartner%3d8%26UserId%3d4aa687c0ea4749108f738a5e7bd6d0e5%26DemandPartnerName%3dOpenX%26tier%3d2%26DemandPartnerUserId%3d

Domain: cs.media.net
URL: https://cs.media.net/cksync?cs=37&type=cn&redirect=https%3A%2F%2Fcapi.connatix.com%2Fcore%2Fus%3FDemandPartner%3D31%26UserId%3D4aa687c0ea4749108f738a5e7bd6d0e5%26DemandPartnerName%3DMediaNet%26tier%3D2%26DemandPartnerUserId%3D%3Cvsid%3E&gdpr=0

Domain: id.rlcdn.com
URL: https://id.rlcdn.com/712202.gif?cparams=4aa687c0ea4749108f738a5e7bd6d0e5&gdpr=0

Domain: capi.connatix.com
URL: https://capi.connatix.com/us/google/pixel?tier=2&gdpr=0

Domain: sync.colossusssp.com
URL: https://sync.colossusssp.com/1a1c07e870d45c05896c3f9e9973d4b4.gif?puid=4aa687c0ea4749108f738a5e7bd6d0e5&redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D34%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DColossus%26api-tier%3D2%26uid%3D%5BUID%5D&gdpr=0

Domain: sync.intentiq.com
URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=372401555&pcid=4aa687c0ea4749108f738a5e7bd6d0e5

Domain: i.liadm.com
URL: https://i.liadm.com/s/81549?bidder_id=246480&bidder_uuid=4aa687c0ea4749108f738a5e7bd6d0e5

Domain: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Domain: vid.connatix.com
URL: https://vid.connatix.com/pid-067e5169-ece3-4ce8-87ad-c7961b8bb396/d59f5d0c-2087-416a-821c-141798bc501e/24f9422d-b7e4-4f6b-94ca-0c9c397f404d.bin

Domain: api.intentiq.com
URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=786_1703732598502&cttl=43200000&rrtt=859&dud=0&abtg=A&vrref=www.bleepingcomputer.com&japbjs=true&japs=false

Verdicts & Comments Add Verdict or Comment

395 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

63 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bleepingcomputer.com/	1969-12-31 23:59:59	Name: session_id Value: 32fe42452457248f77a0bc73c42600ed
.google.com/	1970-01-20 21:39:03	Name: NID Value: 511=f2kHgQUg3TK1wzxA_2Vij_ZVY6R_cFMU5pmYZeiHJAOq7T6mIXxCeBq8eougBrrkuaw43Y0Sd0nlpZZUXYf8U6bp9VuMymI3fRITrL4r1tKZIjWrAYFveDQDaliGE3iV2X6U6hjzdNHUb02dW-3GYfwBBlaEqx53Mz7XQ3QfKgY
.pub.network/	1970-01-21 02:51:32	Name: _fsuid Value: 5a1835a3-70ca-4b8a-a1a5-cb392088840e
.bleepingcomputer.com/	1970-01-20 17:16:58	Name: _gid Value: GA1.2.387919002.1703732597
.bleepingcomputer.com/	1970-01-20 17:15:32	Name: _gat_gtag_UA_91740_1 Value: 1
.bleepingcomputer.com/	1970-01-21 02:51:32	Name: _ga_GD465VRQLD Value: GS1.1.1703732597.1.0.1703732597.0.0.0
.bleepingcomputer.com/	1970-01-21 02:51:32	Name: _ga Value: GA1.1.640960966.1703732597
.connatix.com/	1970-01-20 17:58:44	Name: cnx_userId Value: 4aa687c0ea4749108f738a5e7bd6d0e5
cdn.firstimpression.io/	1970-01-21 02:01:08	Name: OAID Value: 9cfd1c89d8c81a63d38485b2084c2f2b
www.bleepingcomputer.com/	1970-01-20 17:58:44	Name: cnx_userId Value: 4aa687c0ea4749108f738a5e7bd6d0e5
.openx.net/	1970-01-21 02:01:08	Name: i Value: fd68e451-b74b-4ba1-8fa7-c37fa3aa24d1\|1703732597
.scorecardresearch.com/	1970-01-21 02:51:32	Name: UID Value: 1E098eb2b79e62b5d3137f51703732597
.intentiq.com/	1970-01-21 02:51:32	Name: IQver Value: 1.9
.intentiq.com/	1970-01-21 02:51:32	Name: intentIQ Value: Jhunkzb9iq
.casalemedia.com/	1970-01-21 02:01:08	Name: CMID Value: ZYzldSySS0asMmrfjUX57AAA
.casalemedia.com/	1970-01-20 19:25:08	Name: CMPS Value: 5463
.casalemedia.com/	1970-01-20 19:25:08	Name: CMPRO Value: 5463
.crwdcntrl.net/	1970-01-20 23:44:20	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 23:44:20	Name: _cc_id Value: 13cbabafe6ca6ae08cf884c43b6a5faf
.bleepingcomputer.com/	1970-01-20 23:44:20	Name: _cc_id Value: 13cbabafe6ca6ae08cf884c43b6a5faf
.adsrvr.org/	1970-01-21 02:02:34	Name: TDID Value: 6d989a68-f294-476a-b80c-00b5eeb960b2
.bidr.io/	1970-01-21 02:44:02	Name: bito Value: AAHDyU7LGcsAABRho_WlWg
.bidr.io/	1970-01-21 02:44:02	Name: bitoIsSecure Value: ok
.adsrvr.org/	1970-01-21 02:02:34	Name: TDCPM Value: CAEYBSABKAIyCwiAwrnbiNfDPBAFOAE.
.bleepingcomputer.com/	1970-01-20 17:16:58	Name: panoramaId_expiry Value: 1703818997939
.bleepingcomputer.com/	1970-01-20 17:16:58	Name: panoramaId Value: 545845bca9d153a482d385c1e2c0a9fb927afbd3285b76e3c290a1a7106059bd
.bleepingcomputer.com/	1970-01-20 17:16:58	Name: panoramaIdType Value: panoDevice
.bleepingcomputer.com/	1970-01-20 17:55:51	Name: cookie Value: fea9f68b-5d70-4869-a840-4542f2856d3f
.bleepingcomputer.com/	1970-01-20 17:55:51	Name: cookie_cst Value: zix7LPQsHA%3D%3D
.turn.com/	1970-01-20 21:34:44	Name: uid Value: 7581128887850851282
.adnxs.com/	1970-01-20 19:25:08	Name: uuid2 Value: 4490771283231374823
.3lift.com/	1970-01-20 19:25:08	Name: tluid Value: 765688554414051114869
.ctnsnet.com/	1970-01-21 02:01:08	Name: cid_899ad57f65394947a30b95e28a05bf7d Value: 1
.smartadserver.com/	1970-01-21 02:45:46	Name: pid Value: 8233903385909417739
.intentiq.com/	1970-01-21 02:51:32	Name: ASDT Value: 0
.intentiq.com/	1970-01-21 02:51:32	Name: intentIQCDate Value: 1703732598398
.intentiq.com/	1970-01-21 02:51:32	Name: IQPData Value: 533500330#1703732598397#0#1703732598397
.intentiq.com/	1970-01-21 02:51:32	Name: CSDT Value: UEQ6MTUwNzJfMCZUemhRTTJn
.1rx.io/	1970-01-21 02:01:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004%22%2C%22nxtrdr%22%3Afalse%7D
.yieldmo.com/	1970-01-21 02:01:08	Name: yieldmo_id Value: 3zA7mLL__uLP8nROGOoo%7C1703721600000%7C0
.targeting.unrulymedia.com/	1970-01-21 02:01:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004%22%7D
.contextweb.com/	1970-01-21 01:53:56	Name: V Value: fYkYDhl0dn01
.contextweb.com/	1970-01-21 02:01:08	Name: pb_rtb_ev Value: 3-1osm\|7Xz.0.1
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: ce09c8741d224ec2
.ads.stickyadstv.com/	1970-01-20 17:58:44	Name: UID Value: 2cf7911d33a9a2f0ce9e7170558a19ec
.sharethrough.com/	1970-01-20 17:58:44	Name: stx_user_id Value: e78820b5-ab0b-4ea5-97f1-0bcf0815a326
.sitescout.com/	1970-01-21 02:01:08	Name: ssi Value: 84e9b23e-427e-4955-80f6-63b0c8c8f4da#1703732598873
.sundaysky.com/	1970-01-21 02:51:32	Name: sskyu Value: d6.e9ec8ad6ae74465aae267c01b7cee4b8
.sundaysky.com/	1970-01-21 02:51:32	Name: sskyCreationTime Value: 1703732598923
.tremorhub.com/	1970-01-21 02:01:29	Name: tvid Value: 9236d94323db4abbbb4a9eaf6d475044
.tremorhub.com/	1970-01-21 02:51:32	Name: tv_UISCX Value: 4aa687c0ea4749108f738a5e7bd6d0e5
.csync.loopme.me/	1970-01-20 19:26:34	Name: viewer_token Value: 51ab54d4-6840-43a8-a3b9-a6c928d70207
.resetdigital.co/	1970-01-20 19:25:08	Name: ckbk Value: 0000012521995E07
.sundaysky.com/	1970-01-20 17:25:37	Name: sskya Value: "e2N4Ont0czoiNDYzeHRqIix0OiJuaSJ9fQ=="
.sitescout.com/	1970-01-20 17:58:44	Name: _ssuma Value: eyIzOSI6MTcwMzczMjU5OTEwMSwiNyI6MTcwMzczMjU5OTEwMX0
.tapad.com/	1970-01-20 18:41:56	Name: TapAd_TS Value: 1703732599487
.tapad.com/	1970-01-20 18:41:56	Name: TapAd_DID Value: b3a8b813-13dc-4a1a-b780-a79d1cb5f6ac
.tapad.com/	1970-01-20 18:41:56	Name: TapAd_3WAY_SYNCS Value:
.go.sonobi.com/	1970-01-20 17:58:44	Name: __uis Value: 51be1691-f25f-4506-83b5-862231b1dcef
.iqzone.com/	1970-01-21 02:01:08	Name: xuid Value: f63df408-3cff-4199-8b2e-2f8d55f7d057
.ipredictive.com/	1970-01-21 02:01:08	Name: cu Value: 73c16ecd-8a66-4df8-be6c-fae435e1b034\|1703732599770
.id5-sync.com/	1970-01-20 19:25:08	Name: 3pi Value:
.id5-sync.com/	1970-01-20 19:25:08	Name: id5 Value: 12e264bf-9f4f-7964-b56c-0e49e6deb61b#1703732600032#1

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://www.malwarebytes.com/images/staff.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-formatting%2FMinion%2BWelcome.jpg&ifkv=ASKXGp240npZE7NsbU8FY8DNG87qg1J3asWu0nNvvpLBWHRe1vbV98Pa8Gco_mUiUe7KvCMTkQgbZA&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-385206373%3A1703732597579792&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://match.prod.bidr.io/cookie-sync/connatix?redir=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D15%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DBeeswax%26api-tier%3D2%26uid%3D%7Buserid%7D&gdpr=0&_bee_ppp=1 Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Fhome%2Fhosted-images-tools%2FRunAsAdmin.jpg&ifkv=ASKXGp12EJft54M2O0clXiWPe0nJOeD3vFfIPt9rrOAXuKsECJ5OnunCXX_dMPiksCd-dBRoiBouVg&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-33114427%3A1703732598355181&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: about:blank Message: Access to XMLHttpRequest at 'https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=999_1703732597632&cttl=43200000&rrtt=0&dud=0&abtg=A&vrref=www.bleepingcomputer.com&japbjs=true&japs=false' from origin 'https://www.bleepingcomputer.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=999_1703732597632&cttl=43200000&rrtt=0&dud=0&abtg=A&vrref=www.bleepingcomputer.com&japbjs=true&japs=false Message: Failed to load resource: net::ERR_FAILED
security	error	URL: about:blank Message: Refused to execute script from 'https://capi.connatix.com/us/pixel?puid=8233903385909417739&pId=40&gdpr=0&gdpr_consent=' because its MIME type ('image/gif') is not executable.
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&followup=https%3A%2F%2Fsites.google.com%2Fsite%2Fsites%2Fsystem%2Ferrors%2FWebspaceNotFound%3Fpath%3D%2Fcannedfixes%2Ffarbar-recovery-scan-tool%2FFRST.gif&ifkv=ASKXGp2KrOxKNjEEK_QewIaGC12OFbhTUUTA2ZwzCWGnq2hd2ZW4tRieb-mFzxnhUgY9uqpm_EwV6g&passive=1209600&service=jotspot&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S520891970%3A1703732598573617&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: about:blank Message: Access to XMLHttpRequest at 'https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=786_1703732598502&cttl=43200000&rrtt=859&dud=0&abtg=A&vrref=www.bleepingcomputer.com&japbjs=true&japs=false' from origin 'https://www.bleepingcomputer.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=2cda9692-e64e-404c-be9a-c4358b77735f&iiqpciddate=1703732597632&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=786_1703732598502&cttl=43200000&rrtt=859&dud=0&abtg=A&vrref=www.bleepingcomputer.com&japbjs=true&japs=false Message: Failed to load resource: net::ERR_FAILED
security	error	URL: about:blank Message: Refused to execute script from 'https://capi.connatix.com/us/pixel?puid=RX-8db40515-283c-47d7-ad4d-88ee9c3667b7-004&pId=44' because its MIME type ('image/gif') is not executable.
security	error	URL: about:blank Message: Refused to execute script from 'https://xsync.iqzone.com/psync?t=s&e=376&cb=https%3A%2F%2Fcks.connatix.com%2Fcks%3Fpid%3D42%26ev%3D4aa687c0ea4749108f738a5e7bd6d0e5%26pname%3DIqZone%26api-tier%3D2%26uid%3D%25USER_ID%25&gdpr=0' because its MIME type ('image/gif') is not executable.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
accounts.google.com
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
ads.stickyadstv.com
ads.yieldmo.com
api.intentiq.com
apis.google.com
bcp.crwdcntrl.net
bh.contextweb.com
c.amazon-adsystem.com
capi.connatix.com
cd.connatix.com
cdn.firstimpression.io
cdn.hadronid.net
cdn.id5-sync.com
cdn.jsdelivr.net
cds.connatix.com
cks.connatix.com
config.aps.amazon-adsystem.com
connatix-supply-partners.tremorhub.com
connect.facebook.net
cs-server-s2s.yellowblue.io
cs.media.net
csync.loopme.me
d.pub.network
developers.google.com
eb2.3lift.com
ecdn.analysis.fi
ecdn.firstimpression.io
eus.rubiconproject.com
functionalfeather.com
gum.criteo.com
i.ctnsnet.com
i.liadm.com
id.hadron.ad.gt
id.rlcdn.com
id5-sync.com
imasdk.googleapis.com
ins.connatix.com
invstatic101.creativecdn.com
lb.eu-1-id5-sync.com
ls.skimresources.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
merequartz.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
optimise.net
p.skimresources.com
pixel-sync.sitescout.com
pixel.tapad.com
r.skimresources.com
s.skimresources.com
sb.scorecardresearch.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
sites.google.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssl-proxy-updated.herokuapp.com
ssl.gstatic.com
ssum.casalemedia.com
static.adsafeprotected.com
sync.1rx.io
sync.colossusssp.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.intentiq.com
sync.ipredictive.com
sync.resetdigital.co
sync.targeting.unrulymedia.com
sync1.intentiq.com
t.skimresources.com
tag.escalated.io
tags.crwdcntrl.net
us-u.openx.net
vid.connatix.com
vop.sundaysky.com
widgets.outbrain.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.malwarebytes.com
www.malwarebytes.org
xsync.iqzone.com
ads.pubmatic.com
api.intentiq.com
capi.connatix.com
cs-server-s2s.yellowblue.io
cs.media.net
developers.google.com
i.liadm.com
id.rlcdn.com
imasdk.googleapis.com
ssc-cms.33across.com
sync.colossusssp.com
sync.intentiq.com
us-u.openx.net
vid.connatix.com
103.43.89.4
104.20.59.209
104.26.13.6
13.226.210.65
13.32.49.23
13.33.174.105
139.99.123.207
141.95.98.65
142.234.204.77
143.204.86.24
151.139.128.10
159.203.147.11
162.19.138.118
172.217.26.230
172.64.146.152
172.64.151.101
18.172.52.40
18.211.231.38
18.65.185.71
182.161.74.11
192.0.66.233
2.18.148.25
2001:df2:a300:bbbb::135
23.106.127.164
23.208.233.60
23.40.149.60
23.40.153.132
2404:6800:4004:801::200d
2404:6800:4004:808::200e
2404:6800:4004:811::2002
2404:6800:4004:820::2003
2404:6800:4004:820::200e
2404:6800:4004:824::2008
2404:6800:4004:824::200e
2600:1901:0:2b56::1
2600:1901:0:7416::1
2600:1f18:612b:4216:17ab:830b:3ca7:8552
2600:9000:2163:7800:8:48e:53c0:93a1
2606:4700:10::6816:34ad
2606:4700:10::ac43:17ea
2606:4700:10::ac43:266a
2606:4700::6812:14ce
2620:100:a001::c
2a03:2880:f00f:8:face:b00c:0:1
2a03:2880:f10f:83:face:b00c:0:25de
2a04:4e42::485
3.109.191.131
3.227.155.145
34.102.146.192
34.111.113.62
34.111.152.239
34.120.117.212
34.120.135.53
34.160.152.31
34.96.70.87
35.186.193.173
35.190.59.101
35.190.91.160
35.201.67.47
35.214.242.157
35.71.178.8
52.220.125.144
52.223.40.198
52.45.111.235
52.76.225.212
52.77.167.172
54.92.19.245
72.34.250.75
74.118.186.107
74.214.196.131
98.98.134.241
99.84.55.102
99.84.55.28
03703e5dd372ac81a64e02ab9c3a0c197c0543acfc5fd6031cc40be1c6e4b857
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0ad2e543195b6a0dd0a8cd93b61fdd4b20f5e86a4d4fecf1d13da49a2c0ecc7f
0b42c77d845581f827371cf8274c9cc3eaac8a14887608726578f4a295951b73
0e2a136c594c939d55752e9abb70e6cc550b10bc3bc350c0d46d23d5947c20d1
0eda13bf855220cdec6aaace454f32733f52fcac0bacb575e459b5b081ee9c52
0f39834f6bd6f36f1a3c67dfd46bc4703cc68d8b51ed762d59adba905c8ad68c
0f5cea81bb63d0214976da19bc823736066909b01efa7bf8cdb4d5de805eea93
108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea
111251147a0b2c467f4ca1ee54aac77dfabb37b0012d08c492d17909179694d6
12ba93db33de679d443dc28aee4a2190b580b8ad3fc53216d5bb2678d4e17f29
14dcce7abfc690cecd57a737a8af6fd712c2b7fec668b772d9f014f6ded77ef8
1718115905fd0f83871b81f517b0c5103257fde62f7541e76cf5b38d690c0a8a
1a5a6b82298915e1c7042dc805fdac769f013e0596443d44c1b9727a3fb67cfc
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
20d00db7eba3ff7c68842af57d33e82edfbc2082aec5c11e06a00d710e812e9a
21780a2358e35c5221799a6842efb1c7240c0b4058b58858f99317d76c1084a8
2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2
26ae3ddd450ca115be5a358af54b1d62e7b0f858a8791963e67c8f2aaafb7d66
2a046e88b3c0aefbb2323ff3df78856878784ec501eb11ff53ab705fd0834c43
30f0c5746f4bd3d2c8afc6c38510ad98ba59e7b1aa1164a52e7bd419cb5f88b2
30f3855dafef7d28d65e1969f2d8c7c651b92f590fb2946f80c818064742745b
312817a63b18679c10acc2fe875d40f1d0bfccd49a09dfd444ea9a7d8c6928f6
31d7701f62f02e0a3565735cf84761ab176fa42c6354acb3744550be0d35c951
3377089d83c689c748f262a49f5dee88f158fe8380e482204d9fff568c80a0b2
386f87a6e6fcb89c6b046f988d18def949d1cc1f6a9fa4177858aa11da7a5bda
3a94c8d5352201904bceed083ffa2e8bcb95f6792bd1e4fb1e0bc378a629fc5d
3e6274abac1820c8bd99f826cf35a60aeaa56b962500486acc5665f98005031e
3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0
3f6e2b897e9a857e247e378c30ba45485a10675c7054a5211acc36ba26b37ddd
40c80c390a9636e8d6990aac95a4b8f078a39eba99dadb14a10fbe72d9d5de70
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
436073a29f686e3f7e261d1b812f8df5efac0c2649be299220b1815fb34632b2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453d30f69cc2a6f3013254a0faed039d49cf9c5b004d5482fb5365e99702c149
46020e5bef768bb3cd9a54dcd712062696cfcec5e8d586268b0e08af127d5a61
48a4fd51466ac55d081ff932371021b328f118f74ee6ba93c0ec8fd163e34a30
48c76c91f2d42a1668fee310da41b7c1f0d97d7ab0fa55fcf794e2cd3e412242
4a7cc0aaec78bc6cca94a640933ff73ffa9d196bbfe321d3de9374c167e57946
4b9f912b0e7a50c12745f52ec2848dce5b779369999c6d35e6c297c713ce53d3
4bba0fd3b6680f78a6e8c15661cfae284c01d9b7938303de9a6b3bc7a33cda6b
4d62080b79e1ebaccbef2084363bca746504e03700b6f439e2e614a73af19828
4e177a1bde76bb6f5e522ac01d3e9cb30567ea8c970ed5a65a363d7364ea3b5b
4f7381b30323b432ee308d5de7052ee4205398aacc552f9118eb4e2d910b73fb
5028e223096a25034d4d95863f89374a4b205e86354c5e4461e00272e7fab4d9
5105a671b848a36111043b2f18410e4cd83d59d468bec58f09b53fa9ed299ab2
51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21
526289b9ab7fb45c5d39463b46c7884778c00565f868548e953a511477705c2e
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
557bf30969f492df644712654641e08fb5ae880a9913bcfce4b0c4910592e73b
5672f8f90be2af6ef03bc3d8ea40cb0f2fef1b2a81e26cff101512c91adc97a5
578e85a00d2097636113b5d4ff37047e17a85af0c5dc1b63cfebc7787d986ecc
60cafa05c97da06116c9164ae946addfe8812d8b104b0d4260cfd5e3884eeab7
61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e
621f054b728017194550d8ac2bb8ff26856be1fee58128cf8c495a0cb7fe1ae9
63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5
639d75299973c7d3794eb7eb129e3b5a6139f9f521e1f14383abd0fd501219c9
63e2dfceaeeb7e8b933fa7fe96048fac66ad3fab6ab270b8e4a28ce02c1b73ab
645c065659ece7c2bedc7d9ac105ed4c320c48a885199d1f1efff74b7c0b66c0
65d03eb82a79a732d7c0180593c4f5dc98a8fac5c20c3a5446c4f14bf93d280a
6aeb9f7542993c71c548ac254766824ef86c68f0d6fa13f293bd016b9cfc9dc6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c906bdc3a71888b9fc63bea64c63afd45676a5de1139fa5388b1b17c989178d
6f0bafa37c6f5dbd1d92d91eb3b235eb0c5e2320d4b376b591a8750c786fb1ca
73d4b1a27d169f087f3af43923090fef3024d82ef32e023eaaa49716246e4f0b
7522414b9a7d076f4978fd6d895b083a6c9131b477d315b481431caac9c5bb97
7b80d4639f035aad6b47fdcefcf6cea9c66c853fd65ca4cd89f3ccaa8b28b8f6
7c2d587358699a1d8df6350dfb6ab37a7ce71f8346f2cd36c1cad290569f17f7
7e58ef84b3994aa5d6238df46b20e480c270cdd6094a41166583f7491665152a
8342fbc0994dc70bfcd5b86b060eed1a1ff51b89585edf3eb57836a64b3d1f6e
84089e98c276cff16c54b36d4784d469fbeb50be7f865fe6d7b5b3dcbc8adef8
8586f0ecb339976502223d2b25812632a44e5699824fa91df1e6fad0b376de1e
85a2c5bd701224851deca6029998517a35d091922217a90241fd0c7f244e8f11
89dc770764a5fab0c6dc74a737beb3a408bde6f302b5a516fa3bb107e9edfedb
8b2529ef68fffedbba19ce16a724f3c444e72950126aa38837ff48be704a666c
8c86ba948e061cb417b899d7fbf72df56c3d26b897041a13868f9f7fa81a82b3
8ed28bdfdc1475c542335881f506b62f71e88527b202b1914d9b02f3b455024c
8f7ad438c88cd0653af6066d4c148e00824961112a865f9611e258b9f3cc0981
9019adc6ec44d2cd4f38c97b8319b0ae8da8f03b3bd646d4f86707f23f8935a0
907f872bc058d1dd31c379650a2530c8381933202cfdfa713f678b9300372856
91cdba6793ef924b0d8436e1172cbcd6d25f1a35b015b54617a2b4f889e209a4
92776410d02eb8f26f82827b21fe84d6c37db8c1e1ea4afa3dbde544a898fb0e
9320021507b35e189d2190eea673cbc21f7d368f6ecbfb5dc89d773a28cd015d
9377a1bc58b397b00604d1ab99ec060647410a4e239f067b01158a2eb8ffc27b
98b98f8fceff33a5a125c2ba1843f02ecfce956e6f623a372959803890dcdf20
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
9e5a1148e6ba00dec0218671857bc04820e1a4628a6de00a659ece715a6ed2f6
9fc658aa5b54caa553788aefb4a4dd4df8131bd606477cbdc6267c7caf1f4d75
a28119ca11bc23f972f8e463761547044174823430b09a0f1fbfed91acbeb35d
a453ade31af0118629c4b7686eaae4e4248a1768b707e033d8d0f4eaf177c01a
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a7f28e33d6a65a4269a7f4e327a177ead60fea39cb13129a35c4b24fef84f5af
ab77e2587d8e6251a1fc4517cb1d0f48a94abc948521fb684b503c06749bd21c
abe3e45856ae3f4fa0971868d7733796c88bc2b83de2d91f2dc00d491a661dd6
abe9d30276e3d66a71219ad2b0ed5a9663020a5c534557dd0f5c8ba71da4ebd4
addb8aad44fb4ae9bddd16de4e417fde5a32b88bd6a9802873d995ec666b391b
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
ba6a49b4567c1d0abb7d066626b3290cc404a5214712d90685743ee20b3ecb94
bb1609e85d8370b7259775c76a2ba7456ee2ed72cb45cb68e59f14d3a6b0a0a5
bd7483fc3c88b737fd1af850fa38c9406244bd539fac012f718c54fb1df18f7f
c14ae7cb53b0ac633d320695598595bb9425b7ed1678612f2e33a082a4b49ad9
c2b356067069b506d8a533167492f705e7ef5f60e3838a52de9bce98c518064c
c361bb64cdee28346ef0fddc37f359204bccd9a7559a65401b905092af76514a
c6d37be64ee1eb7b8168b048a77a21db12910242805262168a61c7b1f8659dda
c6ecd7e00640c4115ea9864b429613b8406b81ee877baf7a797fe5a35abb18d1
c7451690fed2a104bf6ff86e5ab0b3a7d8393d26a859a4bad6ba81b1d7aa339d
c7fc0b1526533002c956ebf8e8c42c3ad3f96c41ace73fb4063cc89051944831
c9dcf30654d309fb20f6de97f33da231a22df2d74b5c66bc84437ff9917fb2da
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ccf8cf2000c24d05cf0ee07e617dbc85d6bd9d70910619de942fabc62fee783c
cf9e4cc3a5c30d57608480b928ea7c31021daf14680b4a5c13067488da6b0e22
d1731db9016f326daff11d0045c86fd068ec9e72cc4c6ec56a7c856a3a3d28c7
d1832b7da0292ab076dfe046f8b1c2d5fcfd1bfb5628b7e21a3754a20308aa57
d5785c2e0f447816027486eef1d3112f5b764b22551aa526fbae4c98b002f658
d7d4b702be0c9fabc24bb10e72e279655868a55f420bf4a50366d8ec9311a52b
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9d16a7c165724cff33a398d9981f628f4e230e43485e89b9b0edf441df94f29
db311c11353d5628e6e28d260bca9b8935b23440964d7c6bc4914edcda08472a
dba668b49a111527aac8f616b9053ea57c944e01a84ebdcd02a13da921223384
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1ad7f5257de0d0742a2542df4645d783585055bba1de42b1d94cbd3f2584ab8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e8d61b3c986ed1185b6fc5a110ccae33ee42e2bd8f0785901fa67d20513f54cf
ead3246ea931609ced3cda533e5fb5ab10fd0db4096518b7625b001c096120a7
eb749a0d19b2e271d07ee67bbef154d49dfef1b47bf22bc76fe3d52bc6cd9d8f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efc6361ebe5a559578c83bf197d5407b7f6bf44f74d35c4ee8eb22c810fb34a7
f33585b10bb5487bd6c92f53018de62cb147ab48b829334b7f97437015aae557
f38bddf9810579138c76467d6b202d0a83fc7070bc962b8370a2ead189cac811
f3c511c542343b5cb0d2bedfdf92b8d53ff26fcf3c91f2804a277503b2c4d45d
f48d85c6ea701e417a857cd9292de12c2c0ff795c5ba45f7127c51cc6a97cf3d
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fe917cd13fd4d9f376fd1cfa6ee6d31d6c7a89a5e7129dc8511b6e2aec860fa1
ff4da87481fe5b7192508bf706e1ad69def9cbd967f86789cdf41147de939401
ffee16547d584e1a6d338cbd36195fec4e4d12837e5f3794f2d7e07ab63f2317

www.bleepingcomputer.com Open in urlscan Pro 104.20.59.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

178 Requests

75 %HTTPS

27 %IPv6

69 Domains

93 Subdomains

52 IPs

9 Countries

1987 kBTransfer

7101 kBSize

63 Cookies

0 Outgoing links

Redirected requests

178 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Screenshot
Live screenshot

Full Image

178
Requests

75 %
HTTPS

27 %
IPv6

69
Domains

93
Subdomains

52
IPs

9
Countries

1987 kB
Transfer

7101 kB
Size

63
Cookies

178 HTTP transactions
1 data transactions