forums.malwarebytes.com Open in urlscan Pro
143.204.98.123  Public Scan

90 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1644926805985%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.com%252Ftopic%252F262630-bitdefender-finding-a-mbamservice-file-suspicious%252F%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&liSync=true&e_ipv6=AQI5wT0Cd7hHgAAAAX79RykczLgsaoVOQvlODNjUVd-pUbTrQVe_ysf8w92A5_HU8fWGwQTp

Request Chain 45

• https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
• https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
• https://segments.company-target.com/log?vendor=choca&user_id=AAEBQU7EFy8AAHMNPVueOA HTTP 303
• https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEBQU7EFy8AAHMNPVueOA&verifyHash=6baf361725c1c24c13e212e6413ac6c20940e527

Request Chain 58

• https://www.pinterest.com/ct.html HTTP 302
• https://www.pinterest.de/ct.html

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/	175 KB 27 KB	1037ms 385ms	Document text/html	143.204.98.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.123 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-123.fra50.r.cloudfront.net Software Apache / Resource Hash c447496e416551f408040a14a538c530b2c03b9d5535020198dcbc00e7677248 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html;charset=UTF-8 content-length 26607 date Tue, 15 Feb 2022 12:06:45 GMT server Apache x-ips-loggedin 0 content-encoding gzip x-xss-protection 0 x-frame-options sameorigin content-security-policy frame-ancestors 'self' x-content-security-policy frame-ancestors 'self' referrer-policy strict-origin-when-cross-origin last-modified Tue, 15 Feb 2022 12:06:45 GMT expires Tue, 15 Feb 2022 12:21:45 GMT cache-control max-age=900, public, s-maxage=900, stale-while-revalidate, stale-if-error x-content-type-options nosniff vary Cookie,Accept-Encoding x-cache Miss from cloudfront via 1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-amz-cf-id BQf-pVFQEBY5FpVLh9xGURethMw4_rVxG3r5ghJmU7oT_OiZcs9gMA==
GET H2	200	fontawesome-webfont.woff2 forums.malwarebytes.com/applications/core/interface/font/	75 KB 76 KB	13ms 10ms	Font text/plain	143.204.98.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/applications/core/interface/font/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.123 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-123.fra50.r.cloudfront.net Software Apache / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Origin https://forums.malwarebytes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 03:35:50 GMT via 1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront) x-content-type-options nosniff last-modified Tue, 08 Feb 2022 09:09:11 GMT server Apache age 30655 etag "12d68-5d77e11f9fbc0" x-cache Hit from cloudfront x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 77160 x-amz-cf-id P9ExIFVcxEgV4Q3g8cGuR08Y2ea-90nUNlUccOEmkSYIZLseTevLnQ==
GET H2	200	css fonts.googleapis.com/	8 KB 1 KB	134ms 45ms	Stylesheet text/css	2a00:1450:4001:831::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,500,700,700i Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash eb5537408d5f96d4f93f55ca2a36d3de397281d7eaa5b791ba8c312b72157973 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 15 Feb 2022 10:07:01 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 15 Feb 2022 12:06:45 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 15 Feb 2022 12:06:45 GMT
GET H2	200	341e4a57816af3ba440d891ca87450ff_framework.css.gz content.invisioncic.com/Mmalware/css_built_28/	309 KB 56 KB	39ms 9ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/341e4a57816af3ba440d891ca87450ff_framework.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3d9f7037c5c011c20fecc9790f4a1365cb1f0c73b7df00dabd2892436d5a5a5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:00 GMT server AmazonS3 age 64480 etag "f4db52a153187e5a60ef4286ddebbf60" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 57342 x-amz-cf-id X4X9qOevQ6UQ7umKKY2xjNG_kv7vsAkaNoiJmICZub5VP0xp5iMlAg==
GET H2	200	05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	35 KB 7 KB	46ms 17ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2e592ea8a71afaa0b9fae4c7838c22d89acde0cf142142460d615090127ddd95 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:00 GMT server AmazonS3 age 64480 etag "64e5ea3fbe43b82dd8289e9a5f00bb33" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 6750 x-amz-cf-id Oe15EUof_C49ruhk-R5nMMYmbq0PLE1rOUc_SOLJK5cBDy7iVJFPsg==
GET H2	200	90eb5adf50a8c640f633d47fd7eb1778_core.css.gz content.invisioncic.com/Mmalware/css_built_28/	18 KB 5 KB	48ms 19ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/90eb5adf50a8c640f633d47fd7eb1778_core.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 20d6117a0208b33e002eaa0043ecebd143b58acdb8598d719b61c200332887fd Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:00 GMT server AmazonS3 age 64480 etag "b747917a1d2821fb48d987a4d2979dbb" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 4490 x-amz-cf-id VjSAFBDBtrIoiQYrXtC5BhoON5e_Ajsa3fE6Z23YcyO49lKAv-udMg==
GET H2	200	5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	5 KB 2 KB	48ms 19ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4e0f39543ae4c15cfe3222f68e358c416dc79cb262c16c8d5b46281a5d850f40 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:00 GMT server AmazonS3 age 64480 etag "5c3c523b949cbb61acd0828c69748124" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 1204 x-amz-cf-id EPcDG4QAlCB85JVXvLPvMdTiG83482EZmTqOe3e-2NFEBR1sagFrQw==
GET H2	200	62e269ced0fdab7e30e026f1d30ae516_forums.css.gz content.invisioncic.com/Mmalware/css_built_28/	17 KB 4 KB	47ms 18ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/62e269ced0fdab7e30e026f1d30ae516_forums.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b89bf2837649ddee4db1c378ce5fce75f999da1308457aeb1e595ae33a0912c7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:03 GMT server AmazonS3 age 64480 etag "0c50588884562053349c5946e31e51a7" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 3794 x-amz-cf-id aEISTM13-pHT_6Jm6rnGTsfNW-fhHQ_bCH81ggNLPj3VAtPMdBGhhg==
GET H2	200	76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	7 KB 2 KB	47ms 18ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 07fbbfd8f908b547a39cbb53d85c204d4668ac45979862d8ca49892085669dea Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:03 GMT server AmazonS3 age 64480 etag "fd6252f9621681a87b55e87c32a1c96d" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 1435 x-amz-cf-id n5g07UojAv8gKi5AgIc1EF8oFCQX9wdBLeqUbGd-51oqwXbYXaMpig==
GET H2	200	ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz content.invisioncic.com/Mmalware/css_built_28/	3 KB 1 KB	46ms 17ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9bde20f23db841b077e3392fb8fbaac4c6fe1392bfd7b8f0947e3ee32f41f6d0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:32 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:04 GMT server AmazonS3 age 64453 etag "179f44143d9f001cfe0953cddb82c253" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 927 x-amz-cf-id rWdeiAJn6A_Oi5pB5FxajTxlyYA6YnPdkZhAm_PcC_QiozStEH2Q3g==
GET H2	200	258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz content.invisioncic.com/Mmalware/css_built_28/	921 B 842 B	46ms 18ms	Stylesheet text/css	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz?v=d815db93211644862318 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0e36308a13aa06d085ad95ecf45f9dfa5352f683f6fb03c27fc35887bcf6f678 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 14 Feb 2022 18:12:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:05 GMT server AmazonS3 age 64480 etag "888870628c8044a41eb685cab13f6d18" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/css content-length 453 x-amz-cf-id 9xuv536PIWtGguC1ypl4KHakPBBAb-UXXVpaxZeKIPjlo60nR78gjg==
GET H2	200	MWB4_FreeDownload_728x90_v1.jpg.b80b620cce83ef5649ae4740e701210c.jpg content.invisioncic.com/Mmalware/monthly_2020_08/	16 KB 16 KB	32ms 28ms	Image image/jpeg	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_08/MWB4_FreeDownload_728x90_v1.jpg.b80b620cce83ef5649ae4740e701210c.jpg Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 73c6d9bea582fd9ea44e6f647006f9ef8b4af0c15199ff20bd524186913eb9e2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 14 Oct 2021 13:22:40 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Tue, 25 Aug 2020 00:38:45 GMT server AmazonS3 age 10709046 etag "f0356d9351192b59bc7db4b160684b81" x-cache Hit from cloudfront x-amz-version-id gZw59MumHC3jdRWKPrDF1l.WFGbejRR2 cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/jpeg content-length 16292 x-amz-cf-id F-kNwRPLiamauGYFfIYkgaTmI-x71cbyyvcK0mned6F8JIIPIz7hCw==
GET H2	200	gtm.js Show response www.googletagmanager.com/	295 KB 92 KB	135ms 48ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 5ff4734c538e60a71d44a5fd7deaaccaf04252e6a5f6f0791e4fb876a398f473 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:45 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 93410 x-xss-protection 0 expires Tue, 15 Feb 2022 12:06:45 GMT
GET DATA	200 OK	truncated /	283 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1ae82a4f688f7a34146650666c5ba35c93a1cb4741544f9eda57d8b623dd5b79 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	1260260717_MWBStaffLogoShort.png.f3c2333c547d547e6017599aa8a67ca1.png content.invisioncic.com/Mmalware/monthly_2020_11/	3 KB 3 KB	32ms 29ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_11/1260260717_MWBStaffLogoShort.png.f3c2333c547d547e6017599aa8a67ca1.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 24c13cdea638620ec96bc3b7ba1bdef0cbe3ad0847b2ddc6f041df1fa24cffa4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 14 Oct 2021 14:56:58 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Fri, 06 Nov 2020 22:32:31 GMT server AmazonS3 age 10703388 etag "840107c60632e151d3d4ed52457243db" x-cache Hit from cloudfront x-amz-version-id kkF87fI5uAZJzW7sjjAxYuKYhJxSe.Q. cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 2919 x-amz-cf-id rgz9BsHNtBwboO2P_oEVmpJEpO7ZzB754sSCkDfAE-Tu5fvvtJhzUw==
GET H2	200	01.png.b5d35a7f741304af55222fae30c9f9d4.png content.invisioncic.com/Mmalware/monthly_2020_04/	36 KB 37 KB	32ms 29ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_04/01.png.b5d35a7f741304af55222fae30c9f9d4.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 63697670130d8a8fb5c2c9e39bcf7ff9966094cda2cc2e1f1fa7dd8cf37ab158 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Sat, 16 Oct 2021 16:23:53 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 16 Apr 2020 20:33:20 GMT server AmazonS3 age 10525373 etag "2515d0f1818a8967668cafe041438af3" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 37065 x-amz-cf-id owCyZUBLBApPYb_gRpdMpBDNjai6XsAxFyjDsCFaIDP-g26MxBix5A==
GET H2	200	02.png.cf8eadb3e8b45e11d9e46e0de89ac80a.png content.invisioncic.com/Mmalware/monthly_2020_04/	59 KB 59 KB	37ms 34ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_04/02.png.cf8eadb3e8b45e11d9e46e0de89ac80a.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f6afc9dbcd2cf75193e1db5419f486db1d273aafcbd6268097d10a3606df8599 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Sat, 16 Oct 2021 16:23:53 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 16 Apr 2020 20:33:22 GMT server AmazonS3 age 10525373 etag "8f0fc0660c95a6859814aef8c26d993e" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 60400 x-amz-cf-id -FYbw6qf4tX_Jn-pxHV43_qkH05jmYr466dtWWf8QylRVX2g4rIMwA==
GET H2	200	03.png.2709bb1652b7b37a23569e4b25a5df30.png content.invisioncic.com/Mmalware/monthly_2020_04/	38 KB 38 KB	33ms 30ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_04/03.png.2709bb1652b7b37a23569e4b25a5df30.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a81cb343a241d2e5f60b3b5a435a838cadb4ea59032f832aae72b47ea51e78f3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Fri, 04 Feb 2022 08:59:05 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 16 Apr 2020 20:33:24 GMT server AmazonS3 age 961661 etag "ea7b2fe4bbb763afd6f57e20bc191b4f" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 38896 x-amz-cf-id rzJR2ykh2IAUdT-EWkk4nZhTg1R3ZVpddistZL-QTlNaH990j4R33A==
GET H2	200	04.png.65f35501c48c630f794d3636da70bc80.png content.invisioncic.com/Mmalware/monthly_2020_04/	39 KB 40 KB	39ms 36ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_04/04.png.65f35501c48c630f794d3636da70bc80.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d725bf2f28458acb89304186afe956d9857ec8cc21cad852ae2b9cd8a369c234 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Sat, 16 Oct 2021 16:23:53 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 16 Apr 2020 20:33:26 GMT server AmazonS3 age 10525373 etag "08e092a10e91b05201c3845ce558ca1f" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 40129 x-amz-cf-id J6zgo2vGOFHvBJT2nBXvTkvSU0-Q_tfiQ5HHT1xb4pTzSbBL6WwLmA==
GET H2	200	05.png.b4c44a25bad7353f8cea874c1c90ec87.png content.invisioncic.com/Mmalware/monthly_2020_04/	35 KB 36 KB	34ms 31ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_04/05.png.b4c44a25bad7353f8cea874c1c90ec87.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7d55d24cccbd4c375e574868b358bee47389049724c95f78854b994013cba319 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 18 Oct 2021 10:18:58 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 16 Apr 2020 20:33:29 GMT server AmazonS3 age 10374468 etag "d83be15ecec6bdfeae3768a23c66ce9e" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 36066 x-amz-cf-id nAf07VWyLcilOIWUnBld4vQzqpnI9HETk0Ukc-H6F7XqWSKkhsQLkQ==
GET H2	200	06.png.df6cd5476ac40f66220c6194c8c2bc4c.png content.invisioncic.com/Mmalware/monthly_2020_04/	39 KB 40 KB	38ms 35ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_04/06.png.df6cd5476ac40f66220c6194c8c2bc4c.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 91acbdb5837a57a9efce7ff72bdf47c87f31d47f10679dd66ed285a49be480c6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 18 Oct 2021 10:18:58 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 16 Apr 2020 20:33:31 GMT server AmazonS3 age 10374468 etag "5d7cfb8f6c22aa1c0ea38b6298087676" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 40404 x-amz-cf-id NzYxm8cHklZxNLChISuaex-9eagLg1ocKJB90DsztRmJn6_SA69y6A==
GET H2	200	MWB4_FreeDownload_728x90_v1.jpg.5b008278530bf816655dbb1ec796173c.jpg content.invisioncic.com/Mmalware/monthly_2020_08/	16 KB 16 KB	32ms 29ms	Image image/jpeg	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_08/MWB4_FreeDownload_728x90_v1.jpg.5b008278530bf816655dbb1ec796173c.jpg Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 73c6d9bea582fd9ea44e6f647006f9ef8b4af0c15199ff20bd524186913eb9e2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 14 Oct 2021 13:20:38 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Tue, 25 Aug 2020 00:41:21 GMT server AmazonS3 age 10709168 etag "f0356d9351192b59bc7db4b160684b81" x-cache Hit from cloudfront x-amz-version-id MNnZHAJMYhDJUF.vMbK1qXLuHRyyzGm1 cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/jpeg content-length 16292 x-amz-cf-id AbEJBefCfVGwd55VpGSMSvzRlNt1yDHNbsAx4yFWWc1oLzwZ1KWJEQ==
GET H2	200	root_library.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	389 KB 129 KB	15ms 12ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 031997d2a8c38787ba9043e2cd8bc08b152e316f01521d658daef96e579ea1ef Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:00 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:02 GMT server AmazonS3 age 34965 etag "756a67251283e5dabc18ce69ca6d7835" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 131263 x-amz-cf-id 90Cq8RaBlRoVXD7a-WHuQyV4fSFheovKVQmOxyhXRguvICdZuQZ-jw==
GET H2	200	root_js_lang_1.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	99 KB 31 KB	28ms 25ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_js_lang_1.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d97b23d6d87a3947de8a9046de5e1bc4faa365ec3f480f8eb210329138c5837c Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:00 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:01 GMT server AmazonS3 age 34965 etag "ba3434027bbf333751cf89ef5b08df44" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 31370 x-amz-cf-id gga8ZX9mejwPDa8GAMR_pICdSjy6AOE0S7QP4rPkExzetUDUqijtJw==
GET H2	200	root_framework.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	425 KB 97 KB	23ms 20ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_framework.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5c0c7f1852735855c196ec75b1ebd98f5e44b0187eec41f39975893af292d5ac Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:01 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:02 GMT server AmazonS3 age 34965 etag "65fcfdb0edb038f96e5bcd98738208f4" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 98647 x-amz-cf-id RS72tL95KYfnrNZDgSYul1fKc8j2x819ZH1-WbR5NfN_Y21WL7hi0w==
GET H2	200	global_global_core.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	36 KB 9 KB	31ms 27ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/global_global_core.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 419317ee9d2b18382073c6d3cc12d38280da97892aebe7c2897ad5534a05604a Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:01 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:02 GMT server AmazonS3 age 34965 etag "6af9f98bb78cb4ce8f0d77f6bfccc78b" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 8536 x-amz-cf-id XlMkN8S8eAd2qM_WlnEDzd9VIkBT0Tv6kX9ZP3ie7MVKiwobKogvJQ==
GET H2	200	root_front.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	101 KB 22 KB	30ms 27ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_front.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d6ad47ddb8db997e13e194a89792643cbdbcb787bbe929e2691057f23debc719 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:01 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:03 GMT server AmazonS3 age 34965 etag "2429fdf84470e66be8655d7ba76bb5d6" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 22445 x-amz-cf-id U0vk2e0Noik-uGxbsT7otusFeN6a5-WlRv1-wtvRKBhCiIbGYbSnng==
GET H2	200	front_front_core.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	29 KB 7 KB	30ms 27ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/front_front_core.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b35674228f9ead8fc11ad99377cdc307736257bc618caa275802e4abd08f36d4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:00 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:03 GMT server AmazonS3 age 34965 etag "fc77244a6bd1c13efe089e01393cdfb9" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 6920 x-amz-cf-id Sr2rZ4WTonTPjbhvaS4jmUwrtwNebm0FfdnPmXPQbIVxh1104d1ngQ==
GET H2	200	front_front_topic.js.gz Show response content.invisioncic.com/Mmalware/javascript_forums/	4 KB 1 KB	31ms 28ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_forums/front_front_topic.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1e353dd6f81b838bbc322417e995c5812bb61c1c891a31725da0acd0185efeaf Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:26:06 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:12:04 GMT server AmazonS3 age 34840 etag "994ac7e21afa71d446009d37cb840ae7" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 1108 x-amz-cf-id VFDS9Xu3vpANbcQQGIur0Ywwgy9TWjuL5CnmyisLk3CnvtiH-sOWzw==
GET H2	200	root_map.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	1 KB 666 B	31ms 28ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_map.js.gz?v=d815db93211644891823 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c689f54cad129b7ff82758abb4a95c8ff59444dcb8b83d7c420a4faec3b8e06a Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:01 GMT content-encoding gzip last-modified Tue, 15 Feb 2022 02:23:44 GMT server AmazonS3 age 34965 etag "2939c495578cc728eb379d1520337cf3" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 273 x-amz-cf-id UO0s-1TVqpouQ2wd-fGA1fjthunddvWLnyofMT1IZol4fyxg4ElSsg==
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v7/	37 KB 38 KB	134ms 41ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v7/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,500,700,700i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash acdc8f60059cbf557957869f544dce756689a499c506856522204b3ea06be8c7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://forums.malwarebytes.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 14:44:06 GMT x-content-type-options nosniff age 508959 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37780 x-xss-protection 0 last-modified Wed, 10 Nov 2021 17:59:20 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 09 Feb 2023 14:44:06 GMT
GET H2	200	1.thumb.png.095f9468952e1039a0ed1d432c5e81da.png content.invisioncic.com/Mmalware/monthly_2017_12/	10 KB 10 KB	15ms 14ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2017_12/1.thumb.png.095f9468952e1039a0ed1d432c5e81da.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 48c100d848664ab8cc54a2453962247814e8dd9b4a9833d30b6e9d129533b20a Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 14 Oct 2021 13:20:30 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Wed, 30 May 2018 06:22:03 GMT server AmazonS3 age 10709176 etag "1ebc22119198c100e66efe343fdfda4a" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 10027 x-amz-cf-id Kaqo_h1-p10cddR415Pzb4X2t8YU3UnPvGZvZRQz3ANNIFu4HJcEug==
GET H2	200	2021-06-25_13h42_15.thumb.png.1335d6a99dcf0633d1032d96ce48bdfc.png content.invisioncic.com/Mmalware/monthly_2021_06/	42 KB 42 KB	11ms 11ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2021_06/2021-06-25_13h42_15.thumb.png.1335d6a99dcf0633d1032d96ce48bdfc.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0adac79eeb001dfe7a4f034ccec64d24aed78d14ef830e142c5a66033fb3c73d Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 14 Oct 2021 13:20:30 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Fri, 25 Jun 2021 18:46:07 GMT server AmazonS3 age 10709176 etag "26a283f2670dc7cd88113c6595abc8ff" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 42571 x-amz-cf-id t8Hz2L6NFSS6oakkxWz7Js1vqFVrqPQce0RQSsPIeYpi_FLQgqPdqQ==
GET H2	200	344894148_RedXBlueForums.thumb.png.8974fedc583ecd861df74ac9b58a33cc.png content.invisioncic.com/Mmalware/monthly_2020_02/	32 KB 33 KB	12ms 12ms	Image image/png	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_02/344894148_RedXBlueForums.thumb.png.8974fedc583ecd861df74ac9b58a33cc.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a1e5218d1512238e05398eb9c12b3a605b28d1af6c22eea3bff975802ae25e34 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Thu, 14 Oct 2021 14:42:46 GMT via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) last-modified Thu, 27 Feb 2020 03:18:34 GMT server AmazonS3 age 10704240 etag "11c11097fa59a0cbda30fc37b3132d4d" x-cache Hit from cloudfront x-amz-version-id null cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type image/png content-length 33124 x-amz-cf-id 5xYos3WE0vhE3Vypco63xQa_vzJZYjrRg_VfsNqH95aBDus-N7eRSg==
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	5 KB 2 KB	38ms 14ms	Script application/x-javascript	2a02:26f0:6c00::210:ba0a AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Tue, 15 Feb 2022 12:06:45 GMT Content-Encoding gzip Last-Modified Wed, 29 Sep 2021 19:17:49 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=81491 Connection keep-alive Accept-Ranges bytes Content-Length 2036
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	99 KB 26 KB	23ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 26236 x-xss-protection 0 pragma public x-fb-debug 05SgKOIl1j5avlfJRleoYatmIVMJp2Lqir1bqzsZBrcsqCWCNgD7WB02jX+auDWi9qrtlcYvUtg2yo/o4Ws8LA== x-fb-trip-id 686109401 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 15 Feb 2022 12:06:45 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	124ms 38ms	Script text/javascript	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 114 date Tue, 15 Feb 2022 12:04:52 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Tue, 15 Feb 2022 14:04:52 GMT
GET H2	200	HWyTnY16.min.js Show response scripts.demandbase.com/	68 KB 19 KB	89ms 9ms	Script application/javascript	143.204.98.115 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://scripts.demandbase.com/HWyTnY16.min.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.115 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-115.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 12f46bf313ff21a4fac0790b6e64341fcd6aef89a4caa79319642175cc7270fd Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-amz-version-id 0S6xeYfTgycJTVlyQOAqPukB53Sbc00D content-encoding gzip etag W/"3299defff701121e57fbd91d33fde0c9" age 512 x-cache Hit from cloudfront vary Accept-Encoding last-modified Fri, 04 Feb 2022 16:03:21 GMT server AmazonS3 date Tue, 15 Feb 2022 11:58:33 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/javascript; charset=utf-8 via 1.1 b44e2902bb3501d47514e51618f1bda4.cloudfront.net (CloudFront) cache-control public, max-age=3600 permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-pop FRA50-C1 x-amz-cf-id wU7whjBKuEHmE9zNqGZSXSzuc5vj5996Lehoux9j_tkcVX3xIr31Zg==
GET H2	200	web-vitals.umd.js Show response unpkg.com/web-vitals@1.1.0/dist/	4 KB 2 KB	49ms 21ms	Script application/javascript	2606:4700::6810:7baf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:45 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT age 1829530 fly-request-id 01FT83NECYH4NMSFMW23A7HC9B content-encoding br vary Accept-Encoding last-modified Sat, 26 Oct 1985 08:15:00 GMT server cloudflare etag W/"1060-9qPq4bqeRCeFWudNuS98Bp0PQDY" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 6dde69795c108fc5-FRA
GET H2	200	core.js Show response s.pinimg.com/ct/	1 KB 1 KB	85ms 24ms	Script application/javascript	2a04:4e42:54::84 FASTLY
General Check archive.org Show headers Download Go to Full URL https://s.pinimg.com/ct/core.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:54::84 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT fastly-restarts 1 x-cdn fastly etag "c4a0eea377c5e0da574e46f4d6e838e5" vary Accept-Encoding, Origin access-control-allow-methods GET content-type application/javascript access-control-allow-origin * access-control-max-age 86400 cache-control max-age=7200 content-length 1142 access-control-expose-headers X-CDN
GET H2	200	demandbase-forms.js Show response www.malwarebytes.com/js/	3 KB 1 KB	68ms 9ms	Script application/javascript	2600:9000:2156:1c00:16:26c7:ff80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:1c00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=63072000 content-encoding gzip last-modified Tue, 20 Jul 2021 23:12:41 GMT server Microsoft-IIS/10.0 age 463 x-powered-by ASP.NET etag W/"178b70bdbc7dd71:0" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront) cache-control max-age=900 date Tue, 15 Feb 2022 11:59:02 GMT x-amz-cf-pop FRA50-C1 x-amz-cf-id aeNepsZ_LhgxZz1uW5LyIxUzWISEVHvXNva5-oRq6ZvAEmEZfbRAmg==
GET H2	200	identity.js Show response connect.facebook.net/signals/plugins/	64 KB 20 KB	8ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/plugins/identity.js?v=2.9.52 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 20661 x-xss-protection 0 pragma public x-fb-debug Va8luJpX7TKDOAye63KNeDk3oujSkrqdkdz1lRr/vgUfl3fMp8K7WbGbwk70Gs2Cm2SmFmLaNrRm7kmuGpnBTw== x-fb-trip-id 686109401 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Tue, 15 Feb 2022 12:06:45 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	1480959392203028 Show response connect.facebook.net/signals/config/	308 KB 88 KB	9ms 9ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1480959392203028?v=2.9.52&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 1ed33f06c26ef010d417bddef8c50361d287cb5a632bb76afa8c31e3f89ca6fd Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 89862 x-xss-protection 0 pragma private x-fb-debug E+B5Exjd4n+BNEUWeHWPhnNqnRLVNCJgaveR7itxV2SCtflx9D0G9qItam+hs6Ha+oGVdMLlK76TLn3J4HysEw== x-fb-trip-id 686109401 x-frame-options DENY date Tue, 15 Feb 2022 12:06:45 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 cache-control private x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1644926805985%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.co... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&liSync=... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&liSync...	0 156 B	316ms 120ms	Image application/javascript	108.174.10.14 LINKEDIN
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&liSync=true&e_ipv6=AQI5wT0Cd7hHgAAAAX79RykczLgsaoVOQvlODNjUVd-pUbTrQVe_ysf8w92A5_HU8fWGwQTp Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Server 108.174.10.14 , United States, ASN14413 (LINKEDIN, US), Reverse DNS 108-174-10-14.fwd.linkedin.com Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT server Play linkedin-action 1 x-li-fabric prod-lva1 x-li-proto http/2 x-li-pop prod-lva1 content-type application/javascript content-length 0 x-li-uuid 1EmqJDf00xZwFRMU8CoAAA== Redirect headers date Tue, 15 Feb 2022 12:06:45 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 1B481AC40B1D407DA514837A6467F528 Ref B: FRAEDGE1215 Ref C: 2022-02-15T12:06:46Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1644926805985&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&liSync=true&e_ipv6=AQI5wT0Cd7hHgAAAAX79RykczLgsaoVOQvlODNjUVd-pUbTrQVe_ysf8w92A5_HU8fWGwQTp x-li-proto http/2 content-length 0 x-li-uuid AAXYDV34TMDbxpPnS/43+w==
GET H2	200	/ www.facebook.com/tr/	44 B 295 B	22ms 7ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1480959392203028&ev=PageView&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&rl=&if=false&ts=1644926806021&sw=1600&sh=1200&v=2.9.52&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=30&fbp=fb.1.1644926806020.915927887&it=1644926805982&coo=false&tm=1&rqm=GET Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 44 expires Tue, 15 Feb 2022 12:06:46 GMT
GET H2	200	main.32155010.js Show response s.pinimg.com/ct/lib/	52 KB 18 KB	24ms 24ms	Script application/javascript	2a04:4e42:54::84 FASTLY
General Check archive.org Show headers Download Go to Full URL https://s.pinimg.com/ct/lib/main.32155010.js Requested by Host: s.pinimg.com URL: https://s.pinimg.com/ct/core.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:54::84 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT content-encoding gzip fastly-restarts 1 x-cdn fastly etag "fd86de14455274a7c147dc95b77e18e3" vary Accept-Encoding, Origin access-control-allow-methods GET content-type application/javascript access-control-allow-origin * access-control-max-age 86400 cache-control max-age=1209600 content-length 18298 access-control-expose-headers X-CDN
GET H/1.1	200 OK	validateCookie segments.company-target.com/ Redirect Chain https://match.prod.bidr.io/cookie-sync/demandbase https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 https://segments.company-target.com/log?vendor=choca&user_id=AAEBQU7EFy8AAHMNPVueOA https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEBQU7EFy8AAHMNPVueOA&verifyHash=6baf361725c1c24c13e212e6413ac6c20940e527	26 B 409 B	99ms 99ms	Image image/gif	143.204.98.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEBQU7EFy8AAHMNPVueOA&verifyHash=6baf361725c1c24c13e212e6413ac6c20940e527 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol HTTP/1.1 Server 143.204.98.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-76.fra50.r.cloudfront.net Software / Resource Hash 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Tue, 15 Feb 2022 12:06:46 GMT Via 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront) X-Amz-Cf-Pop FRA50-C1 Vary Origin X-Cache Miss from cloudfront Content-Type image/gif Transfer-Encoding chunked Connection keep-alive trace-id 7548e0ca7b7d2632 X-Amz-Cf-Id HfB1f986SaMgtY_VwLgNSv8ykDdPwGEmPOZ5sOKc2KaZnTZDT2t05g== Redirect headers Date Tue, 15 Feb 2022 12:06:46 GMT Via 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront) X-Amz-Cf-Pop FRA50-C1 Vary Origin X-Cache Miss from cloudfront Location /validateCookie?vendor=choca&user_id=AAEBQU7EFy8AAHMNPVueOA&verifyHash=6baf361725c1c24c13e212e6413ac6c20940e527 Connection keep-alive trace-id 077448df1d63fbc9 Content-Length 0 X-Amz-Cf-Id ofRP4Srqf95n29_zr0pBXOupNbwve0uwaIYn1ymSopRpdUlQRutHng==
GET H2	451	464526.gif id.rlcdn.com/	0 66 B	62ms 19ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT via 1.1 google alt-svc clear content-length 0
GET H2	200	ip.json Show response api.company-target.com/api/v2/	461 B 957 B	77ms 48ms	XHR application/json	143.204.98.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&page_title=BitDefender%20finding%20a%20MBAMService%20file%20suspicious%20-%20Malwarebytes%20for%20Windows%20Support%20Forum%20-%20Malwarebytes%20Forums&src=tag&auth=TcuHErVpEQlFNgsvW0BgkLmoffXoRf8c17jto6PU Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.86 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-86.fra50.r.cloudfront.net Software nginx / Resource Hash 06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT identification-source CENTRAL vary Accept-Encoding, Origin x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront request-id 11bcc2ab-72de-4080-95cb-2ec8e9e0d7db content-encoding gzip pragma no-cache access-control-allow-origin https://forums.malwarebytes.com server nginx access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS content-type application/json;charset=utf-8 via 1.1 32c8da10203574baccb74b8f771a7ffa.cloudfront.net (CloudFront) access-control-expose-headers cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true api-version v2 access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id sc7lRCfpNW3Evm8E83V8uxglIW6dlNbqZkFeICn-5WvVvYtX_2UUnA== expires Mon, 14 Feb 2022 12:06:46 GMT
GET H2	200	/ Show response ct.pinterest.com/user/	487 B 838 B	56ms 35ms	XHR application/json	104.75.88.209 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/user/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%2C%22gtm_aem_configs%22%3A%5B%22em%22%5D%2C%22md_frequency%22%3A1%7D&cb=1644926806072 Requested by Host: s.pinimg.com URL: https://s.pinimg.com/ct/lib/main.32155010.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-209.deploy.static.akamaitechnologies.com Software / Resource Hash 5c3dbfb84c509437cbbb9209c8717e0df34927af36cdfd8456e3debd02f3ac4e Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT content-encoding gzip vary Accept-Encoding x-cdn akamai akamai-grn 0.896656b8.1644926806.c0850b7c x-envoy-upstream-service-time 1 x-pinterest-rid 7812467393264926 pin-unauth dWlkPU5XVXhaR1ZoTjJVdFpUZGtNQzAwT1RKaExXRmpOamd0TWpRME5UTTRZekkxWVdFeQ access-control-allow-origin https://forums.malwarebytes.com referrer-policy origin strict-transport-security max-age=31536000 ; includeSubDomains ; preload content-type application/json; charset=utf-8 pragma no-cache access-control-expose-headers Epik,Pin-Unauth cache-control no-cache,no-store,must-revalidate,max-age=0 access-control-allow-credentials true content-length 350 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ ct.pinterest.com/v3/	35 B 333 B	67ms 47ms	Image image/gif	104.75.88.209 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ct.pinterest.com/v3/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%2C%22gtm_aem_configs%22%3A%5B%22em%22%5D%2C%22md_frequency%22%3A1%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2232155010%22%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1644926806074 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-209.deploy.static.akamaitechnologies.com Software / Resource Hash 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Tue, 15 Feb 2022 12:06:46 GMT referrer-policy origin x-cdn akamai akamai-grn 0.896656b8.1644926806.c0850b85 strict-transport-security max-age=31536000 ; includeSubDomains ; preload content-type image/gif access-control-allow-origin * cache-control no-cache,no-store,must-revalidate,max-age=0 x-envoy-upstream-service-time 2 content-length 35 x-pinterest-rid 1278920014042796 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	linkid.js Show response www.google-analytics.com/plugins/ua/	2 KB 884 B	86ms 39ms	Script text/javascript	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/linkid.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 11:16:13 GMT content-encoding gzip x-content-type-options nosniff age 3033 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 859 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Tue, 15 Feb 2022 12:16:13 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 447 B	56ms 19ms	XHR text/plain	2a00:1450:400c:c1b::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3347303-10&cid=533844846.1644926806&jid=485277302&uid=23AF93FC-0C99-4AA2-B1AC-DE500731B5F7&gjid=888083448&_gid=2113140628.1644926806&_u=aGBAgEAjAAAAAE~&z=1796987269 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://forums.malwarebytes.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Tue, 15 Feb 2022 12:06:46 GMT content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	39ms 39ms	Image image/gif	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1413665388&t=pageview&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&ul=en-us&de=UTF-8&dt=BitDefender%20finding%20a%20MBAMService%20file%20suspicious%20-%20Malwarebytes%20for%20Windows%20Support%20Forum%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAj~&jid=485277302&gjid=888083448&cid=533844846.1644926806&uid=23AF93FC-0C99-4AA2-B1AC-DE500731B5F7&tid=UA-3347303-10&_gid=2113140628.1644926806&gtm=2wg290MKSKW3&z=1774087605 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Mon, 14 Feb 2022 12:14:42 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 85924 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	40ms 39ms	Image image/gif	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1413665388&t=event&ni=1&_s=2&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&ul=en-us&de=UTF-8&dt=BitDefender%20finding%20a%20MBAMService%20file%20suspicious%20-%20Malwarebytes%20for%20Windows%20Support%20Forum%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAgEAjAAAAAE~&jid=&gjid=&cid=533844846.1644926806&uid=23AF93FC-0C99-4AA2-B1AC-DE500731B5F7&tid=UA-3347303-10&_gid=2113140628.1644926806&gtm=2wg290MKSKW3&cd2=(Non-Company%20Visitor)&cd3=Bot&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=Frankfurt%20am%20Main&cd12=HE&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=DE&cd18=(Non-Company%20Visitor)&z=185995638 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Mon, 14 Feb 2022 12:14:42 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 85924 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	147ms 61ms	Image image/gif	2a00:1450:4001:809::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3347303-10&cid=533844846.1644926806&jid=485277302&_u=aGBAgEAjAAAAAE~&z=324641433 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Tue, 15 Feb 2022 12:06:46 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	146ms 63ms	Image image/gif	2a00:1450:4001:809::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3347303-10&cid=533844846.1644926806&jid=485277302&_u=aGBAgEAjAAAAAE~&z=324641433 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Tue, 15 Feb 2022 12:06:46 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	front_front_widgets.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	16 KB 5 KB	14ms 14ms	Script text/javascript	2600:9000:2156:b000:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/front_front_widgets.js.gz?v=d815db93211644891823&csrfKey=&antiCache=d815db93211644891823 Requested by Host: content.invisioncic.com URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211644891823 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:b000:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b91863296289e198d2e7b62768710a6d61d640adc544e353f599b35f38be07dd Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 02:24:03 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 18:43:49 GMT server AmazonS3 age 34964 etag "18180c92bf7ba1b76f18ea2028c5e1be" x-cache Hit from cloudfront x-amz-version-id null via 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront) cache-control public, max-age=31536000 x-amz-cf-pop FRA50-C1 accept-ranges bytes content-type text/javascript content-length 4231 x-amz-cf-id Cnjtzt8rCRrQzxqFpuVT75kY04Cj-DrO2xr79r5DeQNZspwh8jnTog==
POST H3	200	/ Show response www.facebook.com/tr/ Frame A5D1	0 18 B	16ms 7ms	Document text/plain	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 Origin https://forums.malwarebytes.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ Response headers content-type text/plain access-control-allow-origin https://forums.malwarebytes.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=0 date Tue, 15 Feb 2022 12:06:46 GMT
GET H2	200	ct.html Show response www.pinterest.de/ Frame 5BFC Redirect Chain https://www.pinterest.com/ct.html https://www.pinterest.de/ct.html	413 B 4 KB	186ms 185ms	Document text/html	104.75.88.209 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.pinterest.de/ct.html Requested by Host: s.pinimg.com URL: https://s.pinimg.com/ct/lib/main.32155010.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-209.deploy.static.akamaitechnologies.com Software / Resource Hash 905b806674a8855d353610ba2a92a53934720317d4b7ce070147ea4e35b51d6a Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-bee6ca2a45da257bd61cb8a1742a905c' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=2486345101069180; frame-ancestors * Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ Response headers x-xss-protection 1; mode=block x-content-type-options nosniff vary User-Agent, Accept-Encoding x-ua-compatible IE=edge expect-ct max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/" p3p CP="This is not a P3P policy. See https://www.pinterest.com/_/_/help/articles/pinterest-and-p3p for more info." content-security-policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-bee6ca2a45da257bd61cb8a1742a905c' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=2486345101069180; frame-ancestors * content-security-policy-report-only script-src 'nonce-bee6ca2a45da257bd61cb8a1742a905c' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly x-frame-options SAMEORIGIN content-type text/html; charset=utf-8 link <https://i.pinimg.com>; rel=preconnect; crossorigin=anonymous, <https://s.pinimg.com>; rel=preconnect; crossorigin=anonymous, <https://v.pinimg.com>; rel=preconnect; crossorigin=anonymous trailer x-pinterest-sli-streamed-response-type x-envoy-upstream-service-time 91 pinterest-generated-by coreapp-webapp-prod-0a03acf7 content-encoding gzip pinterest-version bb3a24f referrer-policy origin x-pinterest-rid 2486345101069180 date Tue, 15 Feb 2022 12:06:47 GMT akamai-grn 0.896656b8.1644926806.c08517e9 x-cdn akamai strict-transport-security max-age=31536000 ; includeSubDomains ; preload Redirect headers x-xss-protection 1; mode=block x-content-type-options nosniff vary User-Agent, Accept-Encoding x-ua-compatible IE=edge expect-ct max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/" location https://www.pinterest.de/ct.html trailer x-pinterest-sli-streamed-response-type x-envoy-upstream-service-time 88 pinterest-generated-by coreapp-webapp-prod-0a038235 content-encoding gzip pinterest-version bb3a24f referrer-policy origin x-pinterest-rid 1750074859157233 date Tue, 15 Feb 2022 12:06:46 GMT akamai-grn 0.896656b8.1644926806.c08514b4 x-cdn akamai strict-transport-security max-age=31536000 ; includeSubDomains ; preload
GET H2	200	2893.js Show response script.crazyegg.com/pages/scripts/0081/	5 KB 2 KB	83ms 38ms	Script text/javascript	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0081/2893.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf16a6be9c1f8d220216cd8bc2d5a7d68731c383f8a1d394c2727e7564a9ca7a Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT content-encoding gzip cf-cache-status HIT age 601740 cf-polished origSize=4899 cf-ray 6dde697dfcaf8fc8-FRA ce-version 11.1.381 last-modified Tue, 08 Feb 2022 12:57:46 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 timing-allow-origin * cf-bgj minify
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	5 KB 2 KB	8ms 7ms	Script application/x-javascript	2a02:26f0:6c00::210:ba0a AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Tue, 15 Feb 2022 12:06:46 GMT Content-Encoding gzip Last-Modified Wed, 29 Sep 2021 19:17:49 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=81490 Connection keep-alive Accept-Ranges bytes Content-Length 2036
GET H2	200	uwt.js Show response static.ads-twitter.com/	14 KB 6 KB	31ms 7ms	Script application/javascript	199.232.136.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT content-encoding gzip last-modified Sat, 05 Feb 2022 00:44:37 GMT etag "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 5410 x-served-by cache-iad-kcgs7200024-IAD, cache-hhn11567-HHN
GET H2	200	/ insight.adsrvr.org/track/pxl/	70 B 261 B	101ms 31ms	Image image/gif	35.71.131.137 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://insight.adsrvr.org/track/pxl/?adv=jtuxrxn&ct=0:fyckj1z&fmt=3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.131.137 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Tue, 15 Feb 2022 12:06:46 GMT cache-control private,no-cache, must-revalidate x-aspnet-version 4.0.30319 content-type image/gif p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET H3	200	collect www.google-analytics.com/	35 B 55 B	39ms 39ms	Image image/gif	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1413665388&t=event&ni=1&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&ul=en-us&de=UTF-8&dt=BitDefender%20finding%20a%20MBAMService%20file%20suspicious%20-%20Malwarebytes%20for%20Windows%20Support%20Forum%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=vertical&ev=25&_u=aHDAgEAjAAAAAE~&jid=&gjid=&cid=533844846.1644926806&uid=23AF93FC-0C99-4AA2-B1AC-DE500731B5F7&tid=UA-3347303-10&_gid=2113140628.1644926806&gtm=2wg290MKSKW3&z=902644622 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Mon, 14 Feb 2022 12:14:42 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 85924 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	adsct Show response analytics.twitter.com/i/	31 B 459 B	133ms 117ms	Script application/javascript	104.244.42.3 TWITTER
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=d5596776-c157-4ab1-831f-62dcd5cd6642&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F&tpx_cb=twttr.conversion.loadPixels Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.3 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-response-time 111 date Tue, 15 Feb 2022 12:06:46 GMT content-encoding gzip server tsa_o strict-transport-security max-age=631138519 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache, no-store, max-age=0 x-connection-hash 4502b597c2f3faebe6904c8e8fec1800cead5685d411d7fddc5a63e963c09a42 content-type application/javascript;charset=utf-8 content-length 57
GET H2	200	adsct t.co/i/	43 B 337 B	129ms 113ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=d5596776-c157-4ab1-831f-62dcd5cd6642&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F262630-bitdefender-finding-a-mbamservice-file-suspicious%2F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-response-time 106 date Tue, 15 Feb 2022 12:06:46 GMT server tsa_o strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash 47ea392f4baaa7065c1fd79b30aba13d9d002a7ae2bdf5f6717aa5f81cd4175e content-length 43
GET H2	200	2893.json Show response script.crazyegg.com/pages/data-scripts/0081/	752 B 604 B	53ms 34ms	XHR application/json	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0081/2893.json?t=1 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0081/2893.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 62ae88b6e8cc3e06f07d8b155c691c3f91b04b3e8ffcb4919c7fd03f9e154b67 Request headers Accept-Language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 12:06:46 GMT content-encoding gzip cf-cache-status HIT age 601682 ce-version 11.1.381 content-length 258 timing-allow-origin * last-modified Tue, 08 Feb 2022 12:58:44 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes cf-ray 6dde697e5b41915f-FRA
POST H2	204	/ www.pinterest.de/_/_/csp_report/ Frame 5BFC	0 4 KB	134ms 134ms	Other text/plain	104.75.88.209 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.pinterest.de/_/_/csp_report/?rid=2486345101069180 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-209.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-1149a72d83e05291fc484a23a3457d1a' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5051515911910674; frame-ancestors 'self' , script-src 'nonce-1149a72d83e05291fc484a23a3457d1a' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=5051515911910674 Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.pinterest.de/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-1149a72d83e05291fc484a23a3457d1a' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5051515911910674; frame-ancestors 'self' , script-src 'nonce-1149a72d83e05291fc484a23a3457d1a' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=5051515911910674 x-content-type-options nosniff x-cdn akamai akamai-grn 0.896656b8.1644926807.c0851b3d content-security-policy-report-only script-src 'nonce-1149a72d83e05291fc484a23a3457d1a' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly x-envoy-upstream-service-time 33 vary User-Agent, Accept-Encoding x-pinterest-rid 5051515911910674 x-xss-protection 1; mode=block x-ua-compatible IE=edge pinterest-version bb3a24f referrer-policy origin x-frame-options SAMEORIGIN date Tue, 15 Feb 2022 12:06:47 GMT expect-ct max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/" strict-transport-security max-age=31536000 ; includeSubDomains ; preload pinterest-generated-by coreapp-webapp-prod-0a039f69
POST H2	204	/ www.pinterest.de/_/_/csp_report/ Frame 5BFC	0 4 KB	175ms 175ms	Other text/plain	104.75.88.209 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.pinterest.de/_/_/csp_report/?reportonly Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-209.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-0d680a8d625e96fc0cba9bf4bff7e34e' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=7315265635863469; frame-ancestors 'self' , script-src 'nonce-0d680a8d625e96fc0cba9bf4bff7e34e' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=7315265635863469 Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.pinterest.de/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-0d680a8d625e96fc0cba9bf4bff7e34e' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=7315265635863469; frame-ancestors 'self' , script-src 'nonce-0d680a8d625e96fc0cba9bf4bff7e34e' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=7315265635863469 x-content-type-options nosniff x-cdn akamai akamai-grn 0.896656b8.1644926807.c0851b45 content-security-policy-report-only script-src 'nonce-0d680a8d625e96fc0cba9bf4bff7e34e' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly x-envoy-upstream-service-time 72 vary User-Agent, Accept-Encoding x-pinterest-rid 7315265635863469 x-xss-protection 1; mode=block x-ua-compatible IE=edge pinterest-version bb3a24f referrer-policy origin x-frame-options SAMEORIGIN date Tue, 15 Feb 2022 12:06:47 GMT expect-ct max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/" strict-transport-security max-age=31536000 ; includeSubDomains ; preload pinterest-generated-by coreapp-webapp-prod-0a038969
POST H2	204	/ www.pinterest.de/_/_/csp_report/ Frame 5BFC	0 4 KB	128ms 128ms	Other text/plain	104.75.88.209 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.pinterest.de/_/_/csp_report/?reportonly Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/262630-bitdefender-finding-a-mbamservice-file-suspicious/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-75-88-209.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-505eaed20b61b16c9a7e73feef6645cc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1713561569369186; frame-ancestors 'self' , script-src 'nonce-505eaed20b61b16c9a7e73feef6645cc' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=1713561569369186 Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.pinterest.de/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-505eaed20b61b16c9a7e73feef6645cc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net px.ads.linkedin.com www-pinterest-de.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1713561569369186; frame-ancestors 'self' , script-src 'nonce-505eaed20b61b16c9a7e73feef6645cc' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; report-uri /_/_/csp_report/?rid=1713561569369186 x-content-type-options nosniff x-cdn akamai akamai-grn 0.896656b8.1644926807.c0851b54 content-security-policy-report-only script-src 'nonce-505eaed20b61b16c9a7e73feef6645cc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.online.tableau.com *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly x-envoy-upstream-service-time 28 vary User-Agent, Accept-Encoding x-pinterest-rid 1713561569369186 x-xss-protection 1; mode=block x-ua-compatible IE=edge pinterest-version bb3a24f referrer-policy origin x-frame-options SAMEORIGIN date Tue, 15 Feb 2022 12:06:47 GMT expect-ct max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/" strict-transport-security max-age=31536000 ; includeSubDomains ; preload pinterest-generated-by coreapp-webapp-prod-0a039db1