forums.malwarebytes.com Open in urlscan Pro
13.225.78.42  Public Scan

110 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2594100%26time%3D1699239595481%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.com%252Ftopic%252F208032-pupoptionalproductsetup%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true&liSync=true&e_ipv6=AQIN7U1AAFWDDgAAAYuikpAQFdQhxG0MI3WvwhTfBsPr6UYUEwrGPEdsFXXNqr1oCNDMUtY

Request Chain 69

• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1714964395&external_user_id=bb68f8f3-fbe7-4dbd-9684-1991655b76e5 HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1714964395&external_user_id=bb68f8f3-fbe7-4dbd-9684-1991655b76e5&C=1

77 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/	226 KB 34 KB	576ms 527ms	Document text/html	13.225.78.42 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.42 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-42.fra2.r.cloudfront.net Software Apache / Resource Hash b6083525d5fd4c00387819d97f3dec14b472751d3bcad005486c6f23096b411c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache="Set-Cookie", max-age=900, public, s-maxage=900, stale-while-revalidate, stale-if-error content-encoding gzip content-length 33759 content-security-policy frame-ancestors 'self' content-type text/html;charset=UTF-8 date Mon, 06 Nov 2023 02:59:54 GMT expires Mon, 06 Nov 2023 03:14:54 GMT last-modified Mon, 06 Nov 2023 02:59:54 GMT referrer-policy strict-origin-when-cross-origin server Apache strict-transport-security max-age=31536000 vary Cookie,Accept-Encoding via 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront) x-amz-cf-id ny7lbhYQaBBAUfOmLsQZM8r2hoYjphbgHNSR8FmMTIG4cIiV3OhD_g== x-amz-cf-pop FRA2-C2 x-cache Miss from cloudfront x-content-security-policy frame-ancestors 'self' x-content-type-options nosniff x-frame-options sameorigin x-ips-loggedin 0 x-xss-protection 0
GET H2	200	fontawesome-webfont.woff2 forums.malwarebytes.com/applications/core/interface/font/	75 KB 76 KB	13ms 9ms	Font text/plain	13.225.78.42 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/applications/core/interface/font/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.42 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-42.fra2.r.cloudfront.net Software Apache / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Origin https://forums.malwarebytes.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:33:08 GMT via 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront) x-content-type-options nosniff last-modified Thu, 12 Oct 2023 14:30:59 GMT server Apache x-amz-cf-pop FRA2-C2 age 1606 etag "12d68-60785c9dccec0" x-cache Hit from cloudfront accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 77160 x-amz-cf-id HynKh-O2nGMGpR9aVt7_KMfT6nMQi5lm0TSIJZaI3cqiqqGn9ASTAw==
GET H2	200	css2 fonts.googleapis.com/	11 KB 1 KB	39ms 15ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a5a263756e794d5ad9a686025bb4174bd55dbbca9635748b247a8a527e89354c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 06 Nov 2023 02:59:54 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 06 Nov 2023 02:25:23 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 06 Nov 2023 02:59:54 GMT
GET H2	200	341e4a57816af3ba440d891ca87450ff_framework.css.gz content.invisioncic.com/Mmalware/css_built_28/	323 KB 60 KB	51ms 14ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/341e4a57816af3ba440d891ca87450ff_framework.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2bfdaeb15e93857db647a5a3af0a72148b4b9a22fb290700b9b83a222e15e8c2 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sun, 08 Oct 2023 02:03:51 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id 6xEEvGgVXxaEc7E6eM3PSfRL.wuxCAKk x-amz-cf-pop FRA60-P4 age 2508964 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 61281 last-modified Wed, 13 Sep 2023 09:05:26 GMT server AmazonS3 etag "1f275f8adb7c3d217c607fdea0f2c120" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id RmqHAJjn-Xsui8lzTNGikzeiGcq0CfboqyHvxR6usu8l7tw4D5hHIQ==
GET H2	200	05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	35 KB 7 KB	47ms 10ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/05e81b71abe4f22d6eb8d1a929494829_responsive.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5008d5e9bd10eea3c48217fc3a797895a56aadb808b04dda8381dd35e6544f22 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Tue, 10 Oct 2023 10:05:30 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id _Y1hSnxR33.ytR6NTYZipaBf2N9u1iDC x-amz-cf-pop FRA60-P4 age 2307265 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 6713 last-modified Wed, 13 Sep 2023 09:05:26 GMT server AmazonS3 etag "662c81ff9a5b04e3eec6773ca9dbad1d" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id QmccDXguMOCb_-phyChBo5rC7agss8_2XM3N8FLyZjvsmwY67ZkDpQ==
GET H2	200	90eb5adf50a8c640f633d47fd7eb1778_core.css.gz content.invisioncic.com/Mmalware/css_built_28/	23 KB 7 KB	48ms 11ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/90eb5adf50a8c640f633d47fd7eb1778_core.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1ec60e0e1c047bf7712bc17a39828c99fa24d11dac98aab80d00495c4c9763a9 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Tue, 17 Oct 2023 21:23:32 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id Cxj5bCb5kzNM0K1lNK5O2q6gAg2PCTF_ x-amz-cf-pop FRA60-P4 age 1661783 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 6430 last-modified Wed, 13 Sep 2023 09:05:26 GMT server AmazonS3 etag "828f28d23ade7c9e6e02a8f729bf2e04" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 6a4jiX9kKUxBEVAJtz-u4U4vB_1_cAFkZsQ73MEErV0gqckmQq318g==
GET H2	200	5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	5 KB 2 KB	48ms 12ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/5a0da001ccc2200dc5625c3f3934497d_core_responsive.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ae9d33c675a45f0263ac186920780ef9593f2f0fc05ce203a1ed786be7afe5e2 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 18 Oct 2023 03:19:00 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id ktX64xwUdwCCMKMZ9Q4XoNORfOPTONHU x-amz-cf-pop FRA60-P4 age 1640455 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1212 last-modified Wed, 13 Sep 2023 09:05:27 GMT server AmazonS3 etag "3d62088babca9778cf21f3c4cc40957a" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id LfplmSMYzzV7PORUsrzrDm6PKnhjabxUucsYpIXg_GSY4JNUMlIhQQ==
GET H2	200	62e269ced0fdab7e30e026f1d30ae516_forums.css.gz content.invisioncic.com/Mmalware/css_built_28/	15 KB 4 KB	44ms 8ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/62e269ced0fdab7e30e026f1d30ae516_forums.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f0c356b5f4faa7b2414c815d215d5b5b2078b4801a79bbd9f1d189b34cbb9c71 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 18 Oct 2023 03:19:00 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id JOEEUW6MO5x4qhNFtzGAkMgwJ9zwo6VX x-amz-cf-pop FRA60-P4 age 1640455 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 3753 last-modified Wed, 13 Sep 2023 09:05:28 GMT server AmazonS3 etag "706fe1e41b54986ee75c962074e5f28a" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id qD__BV2CpzioTVJk0p0jAqv7uIyWhO191HzfEKH9Ia2tOFMoaXxXlg==
GET H2	200	76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz content.invisioncic.com/Mmalware/css_built_28/	6 KB 2 KB	45ms 9ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/76e62c573090645fb99a15a363d8620e_forums_responsive.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1099b3d49cec3d8e97ac307dd1db309dc9af5aa69c134db3cfd7d90eafb8df9c Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 18 Oct 2023 03:19:00 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id 9_aEfDSXpTus4qGySUPGLeZNNebXJntC x-amz-cf-pop FRA60-P4 age 1640455 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1408 last-modified Wed, 13 Sep 2023 09:05:28 GMT server AmazonS3 etag "f6b69720d18ae8c6c450207ae7812092" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id B2bRac_ENP4jqtdhDLwxuSqjuorjGNhw_ZWDwCL_IDSboBnGXvFByw==
GET H2	200	ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz content.invisioncic.com/Mmalware/css_built_28/	3 KB 1 KB	54ms 18ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/ebdea0c6a7dab6d37900b9190d3ac77b_topics.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9bde20f23db841b077e3392fb8fbaac4c6fe1392bfd7b8f0947e3ee32f41f6d0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 18 Oct 2023 03:19:00 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id Lr2WksBaFmUU16wmb6KvNzWxdiJ12tBT x-amz-cf-pop FRA60-P4 age 1640455 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 927 last-modified Wed, 13 Sep 2023 09:05:38 GMT server AmazonS3 etag "179f44143d9f001cfe0953cddb82c253" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id tSy19UYqARX-VaqB7InI8LIFoly0A9NIm8yofDGDcFIXt97uHGsbHg==
GET H2	200	258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz content.invisioncic.com/Mmalware/css_built_28/	887 B 933 B	45ms 9ms	Stylesheet text/css	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/css_built_28/258adbb6e4f3e83cd3b355f84e3fa002_custom.css.gz?v=d815db93211694595924 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3001a3960df32de0715d410de98ec7a468c546e5c6ddf98b2bcaef28666e32af Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Thu, 14 Sep 2023 02:57:44 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id zbeHFNIsqyCypGB9livqRS5tWYHneSef x-amz-cf-pop FRA60-P4 age 4579331 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 447 last-modified Wed, 13 Sep 2023 09:05:30 GMT server AmazonS3 etag "d4600f2fa1dbbd939fdb12b5e8a7b238" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id YuH4EJwjvAOUUIGr4lhGnGMJce53EpVhjbj6lbM8c2TKtw-l2f_ICA==
GET H2	200	CONS_PCmag_728x90(2).png.a0d9100fc3a050421e4995c35809d97e.png content.invisioncic.com/Mmalware/monthly_2023_06/	72 KB 73 KB	17ms 15ms	Image image/png	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2023_06/CONS_PCmag_728x90(2).png.a0d9100fc3a050421e4995c35809d97e.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9a93b047487342d9f08f0d604599e2d54aeb278755127ceff698ce0a5d1043ed Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sat, 07 Oct 2023 11:50:33 GMT x-amz-version-id 0AR2e8tuOB4V_gTISoYljYriDEgWqI_M via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 2560161 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 73834 last-modified Wed, 07 Jun 2023 21:27:44 GMT server AmazonS3 etag "a2c3598c4cd0ea3f73904ea12c8b0129" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id GDmezboZqxKouXCQAvgaeJIkywsnyUj0a7fLjJOXLaTPTGZkMqikWQ==
GET H2	200	default_post-32477-1261866970.gif content.invisioncic.com/Mmalware/emoticons/	2 KB 3 KB	33ms 30ms	Image image/gif	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/emoticons/default_post-32477-1261866970.gif Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f0b5d8585d7c779e29e315e27c35149d5fceac6cda6bd5c77c623773cab762db Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Wed, 04 Oct 2023 14:49:17 GMT x-amz-version-id null via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 2808638 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 2161 last-modified Tue, 29 May 2018 13:03:26 GMT server AmazonS3 etag "c8e759ad9108b9c95488909cb1cd6e73" content-type image/gif cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id nUkXZpQeMudiCNcRpHp5f7HR-fzMTmggH4qrUVh837JjI-TeksyoTQ==
GET H2	200	kRSoWLL.png.c6a9ecf26550d0845ac122db6bcd79dc.png content.invisioncic.com/Mmalware/imageproxy/	34 KB 35 KB	33ms 31ms	Image image/png	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/imageproxy/kRSoWLL.png.c6a9ecf26550d0845ac122db6bcd79dc.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7536fbac13883d19a6976474e0d8adee794a97a891509f13d6fc09f003ec825f Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sat, 04 Nov 2023 06:45:12 GMT x-amz-version-id null via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 159283 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 35226 last-modified Mon, 21 Oct 2019 02:49:48 GMT server AmazonS3 etag "edaa74e3676906f968584ae1f4067d38" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id Eb3uZitGehNiXzPm3Km5kaIEn5OYbhqsdyTym0faFItJ5qoi00CekQ==
GET H2	403	default_smile.png content.invisioncic.com/Mmalware/emoticons/	0 0	395ms 394ms	Image application/xml	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/emoticons/default_smile.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers
GET H2	200	455389808_MWBStaffLogoShort.png.471513c6a13f05393350352f7bc42e55.png content.invisioncic.com/Mmalware/monthly_2020_11/	3 KB 3 KB	38ms 37ms	Image image/png	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2020_11/455389808_MWBStaffLogoShort.png.471513c6a13f05393350352f7bc42e55.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 24c13cdea638620ec96bc3b7ba1bdef0cbe3ad0847b2ddc6f041df1fa24cffa4 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Sun, 01 Oct 2023 00:08:08 GMT x-amz-version-id g54XEf4skAMSD4MV29N7aPk8wAUfSLu7 via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 3120707 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 2919 last-modified Fri, 06 Nov 2020 22:28:19 GMT server AmazonS3 etag "840107c60632e151d3d4ed52457243db" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 5zVifU29-CRG8PkydiCI0cSxb6BT3itaf1rXXap9ZpJou_5NrGZTyQ==
GET H2	200	CONS_PCmag_728x90.png.14a2528af4359a57b15c72130caf4590.png content.invisioncic.com/Mmalware/monthly_2023_06/	60 KB 60 KB	35ms 33ms	Image image/png	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/monthly_2023_06/CONS_PCmag_728x90.png.14a2528af4359a57b15c72130caf4590.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f5d4c00cea7d26cd2f10e1885395216df960748bcae7026a030ffcd3c0fdb029 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Tue, 10 Oct 2023 08:35:11 GMT x-amz-version-id 42Kp1rFTXg4J5aCSkHlQ_aWDCVNMPDk8 via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 2312684 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 61119 last-modified Wed, 07 Jun 2023 21:30:50 GMT server AmazonS3 etag "f462d14a7ea6d2ced8164f13df4c67db" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id km8hEaXFCzu0BQeeVJhAV1OgQI6bX1QejjGDYisFqZDis3t_l6qgrg==
GET H2	200	root_library.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	368 KB 121 KB	21ms 19ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1a8e04ea5908efdb644bba217bcb4bca38bbf78c8a3ce038a6afed25342c60b3 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id zrin.rBRMnoza8TTXHqLqkntTPUc80Vd x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 123751 last-modified Wed, 01 Nov 2023 17:18:15 GMT server AmazonS3 etag "9cf0bd0ae73fa69c7547786739b2b87e" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 5XKXKAejhGHb8VraN68uLH_V8DU_u0_FuA5NlnxKeQ6wA363ifAykQ==
GET H2	200	root_js_lang_1.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	103 KB 33 KB	25ms 23ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_js_lang_1.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a981620df94b0f0a90e541ec1f12d6c9a6a0a5cc3d5f39517e99f1365133e820 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id CHwW_Op02rJtWL4kTy5X3ZA_8tmZL.wY x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 32999 last-modified Wed, 01 Nov 2023 17:18:15 GMT server AmazonS3 etag "0d810321b27da37bd31d4f29a3a0ed33" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id gajnOSpEMr9-kEPXkXRh7xkMj5ZqeybD2D8Gbb7wmAqDqifj7UX54Q==
GET H2	200	root_framework.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	436 KB 100 KB	26ms 24ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_framework.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b612f745e718ad4eb11f04049fdcc320fdc626965e4dc1db0211665d95889999 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id MAW8dAa1g9k3hAhZNRumssSXxSCRVjFM x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 101679 last-modified Wed, 01 Nov 2023 17:18:16 GMT server AmazonS3 etag "5ffd55b81e5a6231e866c6891338bf9e" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id CwStw07Bkw7uL93B_riHQW31akLPCa_wB4xzPhxuev68403px6CQww==
GET H2	200	global_global_core.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	37 KB 9 KB	28ms 26ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/global_global_core.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6e150c24cfaf27170cd5943e9ce0d3c4f6cab99cb3af1e29697756b927beb1bc Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id IWzWnx5Fftd.bj.OZ87LdEYINhE9Ii3Y x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 8982 last-modified Wed, 01 Nov 2023 17:18:16 GMT server AmazonS3 etag "f16b7d8b4152a7128086da870de5b264" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id RJbXVUW7Ne8iIZypGXVtpIQsb5hTzBn0ZJ5Lyd_Bew9QX16DW7dBnQ==
GET H2	200	root_front.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	103 KB 23 KB	29ms 27ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_front.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c306af4e97074a571c2e7a301c397e315eda1657bbd28bcc4715ae55881e4065 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id mN4dOUM6rMqje1mIEpzc0YWjMx3AqdGf x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 23176 last-modified Wed, 01 Nov 2023 17:18:17 GMT server AmazonS3 etag "fd34a68369ae14b8033c2a6040aae58c" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id OyF6mPuZmvb1Q3bsi2OuqrOpT9K8PTymufr67_hNSYAfJzMQa6q_cg==
GET H2	200	front_front_core.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	37 KB 9 KB	30ms 29ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/front_front_core.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7ae85fb920726bd3f639d6409b5f5555dce80a9ccfa840e24cc018a80b001041 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id cSGtcFgvTDKylzkQVWeEhn0RLjqEsSqr x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 8922 last-modified Wed, 01 Nov 2023 17:18:17 GMT server AmazonS3 etag "3f500e7acabeea498e2c2adb30036859" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id hUULfY0gS8FR_DoMnuj_dVZG1lvzm88JsjfPjywuLupTYIBk7t61Og==
GET H2	200	front_front_topic.js.gz Show response content.invisioncic.com/Mmalware/javascript_forums/	5 KB 2 KB	37ms 35ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_forums/front_front_topic.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 73f300c3e43fab5e7d74c3973d9134ac76b01e27a2288f711a851a9d8a8d3a0e Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:41:00 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id 0gLiD9Tr907qG5f_0r5Lmds.kXqjk6tF x-amz-cf-pop FRA60-P4 age 188335 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1277 last-modified Wed, 01 Nov 2023 17:18:17 GMT server AmazonS3 etag "702180aafa4f6cf57df069737a132abd" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id 5qGcY9UZQ9Mywz_r0B9BDZZ3CrBdfBPdVo9NnEdVvA87rShGs_edIQ==
GET H2	200	front_front_realtime.js.gz Show response content.invisioncic.com/Mmalware/javascript_cloud/	13 KB 4 KB	30ms 28ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_cloud/front_front_realtime.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2b99b45bf156d9402a42d4ceaa87ad266bce8cc2cbdb3a3bba8fa8b53da11460 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id 6rrxomHhojF8egGkfqUf0MvOkYjVNxKE x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 3405 last-modified Wed, 01 Nov 2023 17:18:18 GMT server AmazonS3 etag "d8f803354d80bc3489be9bf5c348b26f" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id YsTkd8VIG0_bKtCkiNBM6tlXXNOtndqLnrplErBWeMjK1WRcLCGoXw==
GET H2	200	front_app.js.gz Show response content.invisioncic.com/Mmalware/javascript_cloud/	5 KB 2 KB	31ms 29ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_cloud/front_app.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f124fa95609f20c04ba5f434a7360e4813b14641fb33b099f67b149d0f7bb3c3 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id yJpwfxAEIEmwps0gVMvKoUl9G4.tLaE4 x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 1753 last-modified Wed, 01 Nov 2023 17:18:19 GMT server AmazonS3 etag "65d74ba8a67c0fb400cd17966373d7bb" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id FoKrUMBw-kqdSImm7btDDo9ARz26PbQO0aRWhIG6K997iOJae61zIA==
GET H2	200	root_map.js.gz Show response content.invisioncic.com/Mmalware/javascript_global/	2 KB 847 B	31ms 30ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_global/root_map.js.gz?v=d815db93211699051251 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6f5a6f1d5823bde5037f775409f7bfbb3d1af4ade25c0ae6a06db645c6f099dd Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:57 GMT content-encoding gzip via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-version-id EPVtGzobqkqoL4_OcHCFty7c0E0IET0w x-amz-cf-pop FRA60-P4 age 188338 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status PENDING alt-svc h3=":443"; ma=86400 content-length 356 last-modified Fri, 03 Nov 2023 22:40:52 GMT server AmazonS3 etag "3260b83926467bd22adb908e10dcd58f" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id zwHzP-wJ9JNGBI8zk_gnbTvellZYoQFEPZ9LmbGyvkAOkeUuMLNHLQ==
GET H2	200	gtm.js Show response www.googletagmanager.com/	392 KB 118 KB	43ms 17ms	Script application/javascript	2a00:1450:4001:82a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2a9b82357402e2fed5de039759f1e52ac0d225e2f74f0f6e56160d64e3ef281b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:54 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 120616 x-xss-protection 0 last-modified Mon, 06 Nov 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 06 Nov 2023 02:59:54 GMT
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v13/	46 KB 46 KB	29ms 7ms	Font font/woff2	2a00:1450:4001:831::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://forums.malwarebytes.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Thu, 02 Nov 2023 18:27:54 GMT x-content-type-options nosniff age 289920 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 46704 x-xss-protection 0 last-modified Wed, 13 Sep 2023 23:49:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 01 Nov 2024 18:27:54 GMT
GET DATA	200 OK	truncated /	283 B 283 B		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ce369aa7dfcd22e45553ac28e58653b2ede83d0e478824c1266c89b2c0212fec Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	photo-thumb-132107.png content.invisioncic.com/Mmalware/profile/	88 KB 89 KB	11ms 10ms	Image image/png	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://content.invisioncic.com/Mmalware/profile/photo-thumb-132107.png Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4e6bcebc9ea7fd90ea4e16e944c1a889fd3726c3fc336935de5ea45909934ff0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Tue, 24 Oct 2023 09:17:53 GMT x-amz-version-id null via 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P4 age 1100522 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 90584 last-modified Tue, 29 May 2018 19:37:40 GMT server AmazonS3 etag "e9abb365c0e92c50ebb2ad8a8163dab1" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id ABJUvOQrPGZKwMZ8xX4r3OoXXqBI8EbN-zW5tld6NZe3nd7kIJBezQ==
GET H2	200	js Show response www.googletagmanager.com/gtag/	298 KB 92 KB	28ms 28ms	Script application/javascript	2a00:1450:4001:82a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash caad897cfee14b53ca2ed7af5af61bd2661e82276665104584a00f378f6a9554 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:54 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 94068 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 06 Nov 2023 02:59:54 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	202 KB 54 KB	26ms 10ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 06 Nov 2023 02:59:54 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 54273 x-xss-protection 0 reporting-endpoints pragma public x-fb-debug Z/AAdgnf4VR9T5nC3E9rmSGrMWrjkbXRPsP7wfQZ8aqvXIELBg29cvqppDMZ4n0X31gQE7VkJsV3fSFnwuMQsA== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	31ms 6ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 06 Nov 2023 01:51:32 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 4102 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Mon, 06 Nov 2023 03:51:32 GMT
GET H2	200	malwarebytes.jsp Show response www.upsellit.com/active/	48 KB 14 KB	38ms 7ms	Script application/x-javascript	34.117.39.58 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://www.upsellit.com/active/malwarebytes.jsp Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.39.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 58.39.117.34.bc.googleusercontent.com Software nginx / Resource Hash 9a4302c69aa1d989f65d6f4d1c0011122efefa6cb555675735e5932f5e852168 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip via 1.1 google date Sun, 05 Nov 2023 17:59:53 GMT server nginx age 32401 vary Accept-Encoding content-type application/x-javascript;charset=ISO-8859-1 cache-control max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14145 expires Mon, 06 Nov 2023 17:59:53 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	809ms 157ms	Script application/x-javascript	184.31.85.59 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-31-85-59.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Date Mon, 06 Nov 2023 02:59:55 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	38ms 6ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:54 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 16:56:53 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kjyo7100081-IAD, cache-fra-eddf8230042-FRA
GET H2	200	web-vitals.umd.js Show response unpkg.com/web-vitals@3.0.0/dist/	7 KB 3 KB	40ms 19ms	Script application/javascript	2606:4700::6810:7baf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.umd.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b7be58558ac5f613c44cc4ca498d6bd64de88aaa3f78e6d618771758205e8b9b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:54 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT content-encoding br strict-transport-security max-age=31536000; includeSubDomains; preload age 6339633 last-modified Sat, 26 Oct 1985 08:15:00 GMT fly-request-id 01GB8G4EDHD852033XMDSBV0E2-fra server cloudflare etag W/"1ae1-tMDPEHOSIsyc9nlymp5rO1O4NKA" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 821a154bce471e4d-FRA
GET H3	200	js Show response www.googletagmanager.com/gtag/	236 KB 81 KB	24ms 24ms	Script application/javascript	2a00:1450:4001:82a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-930356311 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash bdd6e3fcbc7ab389ddbcc3a4b8838f4cce2afeabfba720b3647072a53e45893a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:54 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 83027 x-xss-protection 0 last-modified Mon, 06 Nov 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 06 Nov 2023 02:59:54 GMT
GET		tag.js www.estore.malwarebytes.com/proxydirectory/tags/445691266569/	0 0
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	12 KB 4 KB	51ms 13ms	Script application/javascript	2a02:26f0:3500:16::215:148d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 672e173a1961506da81fd51463bb8b4aeacf8be4d484d02dca74b3e3a848ab7c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:54 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 31 Oct 2023 08:37:21 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=54822 accept-ranges bytes content-length 3840
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	64ms 31ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Mon, 06 Nov 2023 02:59:54 GMT last-modified Fri, 20 Oct 2023 01:13:24 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: B932425C601C4BCC9C4F92CC77097510 Ref B: FRAEDGE1308 Ref C: 2023-11-06T02:59:54Z etag "0125f9ff22da1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13079
GET H2	200	HWyTnY16.min.js Show response scripts.demandbase.com/	79 KB 22 KB	43ms 8ms	Script application/javascript	18.245.60.19 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://scripts.demandbase.com/HWyTnY16.min.js Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.19 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-19.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 8697177f46fd71a555afa63edfe8203b35f9869dcfbd7a6ccb85ca5bf538c2a3 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-amz-version-id yQx0oVFrY6PibAEaTu_pxbjr4cDMeItN content-encoding gzip via 1.1 f192553c835240a9b5df520fb7ffd876.cloudfront.net (CloudFront) date Mon, 06 Nov 2023 02:36:29 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop FRA60-P5 age 2087 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront last-modified Thu, 02 Nov 2023 12:35:15 GMT server AmazonS3 etag W/"fabe3fc20fdce4b5136f17fb8ebd9706" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control public, max-age=3600 permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-id eEu16ZVn0llykDgnWVXYS09wt0F0K2xweH4BXbTTvbaF0Tcw1r_A7w==
GET H2	404	demandbase-forms.js www.malwarebytes.com/js/	0 0	144ms 108ms	Script text/html	192.0.66.233 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers
GET H3	200	index.php Show response forums.malwarebytes.com/	2 B 749 B	154ms 153ms	XHR application/json	13.225.78.42 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://forums.malwarebytes.com/index.php?app=core&module=system&controller=ajax&do=attachmentInfo&csrfKey=9ed6d1e37f2366cb7fe6c7935deb2ca3&attachIDs%5B228166%5D=true Requested by Host: content.invisioncic.com URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211699051251 Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.78.42 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-42.fra2.r.cloudfront.net Software Apache / Resource Hash 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=31536000 X-Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 0 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers expires 0 date Mon, 06 Nov 2023 02:59:55 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' via 1.1 83caebe1f817a31bd75ba17dff7ae1a6.cloudfront.net (CloudFront) strict-transport-security max-age=31536000 x-amz-cf-pop FRA2-C2 x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 content-length 22 x-xss-protection 0 x-ips-loggedin 0 referrer-policy strict-origin-when-cross-origin server Apache x-frame-options sameorigin vary Cookie,Accept-Encoding content-type application/json;charset=UTF-8 cache-control no-cache, no-store, must-revalidate, max-age=0, s-maxage=0 x-amz-cf-id zq3PyV62PyDYPf_z9TOK--jgVpF0QhjxaefuuW0tZxFvqT4J_RcxCA== x-content-security-policy frame-ancestors 'self'
POST H2	204	collect region1.analytics.google.com/g/	0 259 B	443ms 14ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=45je3b11v872204243z86688972&_p=1699239594513&_gaz=1&gcd=11l1l1l1l1&cid=667556784.1699239595&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&sid=1699239595&sct=1&seg=0&dt=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Consumer&tfd=1138 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 259 B	455ms 21ms	Ping text/plain	2a00:1450:400c:c0c::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K8KCHE3KSC&cid=667556784.1699239595&gtm=45je3b11v872204243z86688972&aip=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 408 B	447ms 17ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K8KCHE3KSC&cid=667556784.1699239595&gtm=45je3b11v872204243z86688972&aip=1&z=781485394 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	adsct t.co/i/	43 B 378 B	500ms 121ms	Image image/gif	104.244.42.69 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=cca5b9c1-be27-4700-a07a-1047abb80a44&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=841dc830-0135-413c-9d6d-4da426521b53&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.69 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-response-time 104 date Mon, 06 Nov 2023 02:59:55 GMT strict-transport-security max-age=0 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 9653a6a642f79b92 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 735cf0bb754a05c15b70aa4ca6b4e7d41d68006f0439734a33b4433e63ce9017 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 396 B	576ms 192ms	Image image/gif	104.244.42.131 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=cca5b9c1-be27-4700-a07a-1047abb80a44&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=841dc830-0135-413c-9d6d-4da426521b53&tw_document_href=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.29 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.131 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-response-time 175 date Mon, 06 Nov 2023 02:59:54 GMT strict-transport-security max-age=631138519 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 1d519a46603dfdba cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash fec2977776c201d83d486c1792d3cdd718da9ba447243e2c61871db7798059f0 content-length 43
GET H2	200	linkid.js Show response www.google-analytics.com/plugins/ua/	2 KB 1 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/linkid.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:45:57 GMT content-encoding br x-content-type-options nosniff age 838 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 697 x-xss-protection 0 last-modified Fri, 30 Jun 2023 18:58:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Mon, 06 Nov 2023 03:45:57 GMT
GET H2	200	1480959392203028 Show response connect.facebook.net/signals/config/	134 KB 35 KB	9ms 8ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1480959392203028?v=2.9.138&r=stable&domain=forums.malwarebytes.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4a8f5bd134d3ba286ea3d77cd36326891380a05b3ee72181ed525ba14178dcb6 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 06 Nov 2023 02:59:55 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 36041 x-xss-protection 0 reporting-endpoints pragma public x-fb-debug TsU2Y9wKRTTFSZ6ZbdrozR5Sqnl/H3rJo/SuSzynmmXiJY6IWlJBgAigNXGnMXBbSJt6cRXWvehUF05K/WtiRw== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/	3 KB 2 KB	347ms 19ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1699239595140&cv=11&fst=1699239595140&bg=ffffff&guid=ON&async=1&gtm=45be3b11v9137103858&gcd=11l1l1l1l1&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&hn=www.googleadservices.com&frm=0&tiba=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1661120457.1699239595&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 43789d4ec4677ba636203cf71aa31b082f8dc436da176928b8181faf23ebfb20 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1323 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/407675570/	3 KB 1 KB	336ms 20ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/407675570/?random=1699239595152&cv=11&fst=1699239595152&bg=ffffff&guid=ON&async=1&gtm=45be3b11v9137103858&gcd=11l1l1l1l1&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&hn=www.googleadservices.com&frm=0&tiba=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&auid=1661120457.1699239595&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e2d45cce4bea626c35bc2871003120c6c4c84d90b33068f70917e2d11f010dd7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1325 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	insight.beta.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 15 KB	13ms 13ms	Script application/javascript	2a02:26f0:3500:16::215:148d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.beta.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b905c39856d022e15d7e95ecbc9f51c3fdda60575d7bb3f91a2744200593fc77 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:55 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 31 Oct 2023 08:37:22 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=54991 accept-ranges bytes content-length 14930
GET H2	200	sync Show response s.company-target.com/s/ Frame E577	634 B 978 B	142ms 94ms	Document text/html	34.96.71.22 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://s.company-target.com/s/sync?exc=lr Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 22.71.96.34.bc.googleusercontent.com Software / Resource Hash 97167f5c5ef657f2df79df4f965d0b6acca16d95d02acf3521356911899c0b67 Request headers Referer https://forums.malwarebytes.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-methods GET,OPTIONS alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 634 content-type text/html; charset=UTF-8 date Mon, 06 Nov 2023 02:59:55 GMT via 1.1 google
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	315ms 16ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:55 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H2	204	4072696.js Show response bat.bing.com/p/action/	0 115 B	30ms 30ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/4072696.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Mon, 06 Nov 2023 02:59:54 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: CC570204B015407983907407E0BBBA04 Ref B: FRAEDGE1308 Ref C: 2023-11-06T02:59:55Z x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 286 B	76ms 76ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=4072696&tm=gtm002&Ver=2&mid=70e71292-d058-443b-8257-503aeb2f1c10&sid=901a04007c5011eeabaed19259fabf6d&vid=901a26907c5011eeb0784754ff3ca695&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&kw=help%20wanted&p=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&r=&lt=926&evt=pageLoad&sv=1&rn=861268 Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Mon, 06 Nov 2023 02:59:54 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 717F2288CEE34C178C02C4D4DBA14344 Ref B: FRAEDGE1308 Ref C: 2023-11-06T02:59:55Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	ip.json Show response api.company-target.com/api/v2/	4 KB 1 KB	338ms 52ms	XHR application/json	18.66.97.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&page_title=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-20.fra56.r.cloudfront.net Software nginx / Resource Hash 8562d52144806dd0ebc42df0dc486ff6556a4910cec8436a0acd1c508315a21a Request headers Referer https://forums.malwarebytes.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 06 Nov 2023 02:59:55 GMT identification-source CENTRAL content-encoding gzip via 1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-cache Miss from cloudfront request-id e2052f4d-e08f-47f5-999a-c0d6b89d3638 pragma no-cache server nginx access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS content-type application/json;charset=utf-8 access-control-allow-origin https://forums.malwarebytes.com access-control-expose-headers x-amz-cf-id cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true vary Accept-Encoding, Origin api-version v2 access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id yWLip1jATDKhfX7GAUgKCvO32GAPHZmhj42wtAJyn7_3iclr0aQsoQ== expires Sun, 05 Nov 2023 02:59:55 GMT
GET H3	200	front_front_widgets.js.gz Show response content.invisioncic.com/Mmalware/javascript_core/	16 KB 5 KB	8ms 7ms	Script text/javascript	2600:9000:225e:2200:1e:ebe7:1480:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.invisioncic.com/Mmalware/javascript_core/front_front_widgets.js.gz?v=d815db93211699051251&csrfKey=&antiCache=d815db93211699051251 Requested by Host: content.invisioncic.com URL: https://content.invisioncic.com/Mmalware/javascript_global/root_library.js.gz?v=d815db93211699051251 Protocol H3 Security QUIC, , AES_128_GCM Server 2600:9000:225e:2200:1e:ebe7:1480:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3e2a06ebf1e42871cb98243dc0120e51087ee2b0200414047751f07dc712e458 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Fri, 03 Nov 2023 22:40:59 GMT content-encoding gzip via 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront) x-amz-version-id itmTmjAQxkpUfIVcMpnUrUmmBpZ66.K9 age 188337 x-amz-cf-pop FRA60-P4 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 content-length 4246 last-modified Wed, 01 Nov 2023 09:44:53 GMT server AmazonS3 etag "7d07817c9aad54d0dc6a741a6aa8ff8f" content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes x-amz-cf-id xerFhF8eKr0Io3YBpGujo32EbxaYZZ-tDYbdeS9N2yusApHxnYHXtw==
POST H3	200	collect Show response www.google-analytics.com/j/	3 B 23 B	15ms 15ms	XHR text/plain	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=615892734&t=pageview&_s=1&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&ul=en-us&de=UTF-8&dt=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aDDAgEAjAAAAACAAIg~&cid=667556784.1699239595&uid=2E851701-5B96-482E-B134-B655FEDFDD3A&tid=UA-3347303-10&_gid=1938806663.1699239595&_slc=1&gtm=45He3b11n71MKSKW3v6688972&gcd=11l1l1l1l1&z=244606991 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://forums.malwarebytes.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2594100%26time%3D1699239595481%26url%3Dhttps%253A%252F%252Fforums.malwarebytes.co... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true&liSync=true&e_i...	0 265 B	177ms 149ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true&liSync=true&e_ipv6=AQIN7U1AAFWDDgAAAYuikpAQFdQhxG0MI3WvwhTfBsPr6UYUEwrGPEdsFXXNqr1oCNDMUtY Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:55 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 34299CF060644D9EACABC3A12C8547E0 Ref B: FRAEDGE1516 Ref C: 2023-11-06T02:59:56Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAYJcwyFXrl+DmotjrXGPg== Redirect headers date Mon, 06 Nov 2023 02:59:55 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: A785F57B715F4F948105FF7536C36357 Ref B: FRAEDGE1213 Ref C: 2023-11-06T02:59:55Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1699239595481&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&cookiesTest=true&liSync=true&e_ipv6=AQIN7U1AAFWDDgAAAYuikpAQFdQhxG0MI3WvwhTfBsPr6UYUEwrGPEdsFXXNqr1oCNDMUtY x-li-proto http/2 content-length 0 x-li-uuid AAYJcwyChW7IJyT4deQbkg==
GET H2	200	/ www.facebook.com/tr/	0 185 B	23ms 7ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1480959392203028&ev=PageView&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&rl=&if=false&ts=1699239595490&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1699239595489.1538342180&ler=empty&it=1699239595119&coo=false&tm=1&rqm=GET Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Mon, 06 Nov 2023 02:59:55 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.google.com/pagead/1p-user-list/930356311/	42 B 455 B	42ms 19ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/930356311/?random=1699239595140&cv=11&fst=1699236000000&bg=ffffff&guid=ON&async=1&gtm=45be3b11v9137103858&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&frm=0&tiba=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaN4DdpKJ1hYT5gxVxb2HewoGcTBWCm-A&random=697010976&rmt_tld=0&ipr=y Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/930356311/	42 B 108 B	20ms 20ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/930356311/?random=1699239595140&cv=11&fst=1699236000000&bg=ffffff&guid=ON&async=1&gtm=45be3b11v9137103858&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&frm=0&tiba=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaN4DdpKJ1hYT5gxVxb2HewoGcTBWCm-A&random=697010976&rmt_tld=1&ipr=y Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/407675570/	42 B 108 B	41ms 19ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/407675570/?random=1699239595152&cv=11&fst=1699236000000&bg=ffffff&guid=ON&async=1&gtm=45be3b11v9137103858&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&frm=0&tiba=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNKVQIDDKJEvoykMAOTkv4RiYkE23gKg&random=971048836&rmt_tld=0&ipr=y Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/407675570/	42 B 154 B	18ms 18ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/407675570/?random=1699239595152&cv=11&fst=1699236000000&bg=ffffff&guid=ON&async=1&gtm=45be3b11v9137103858&u_w=1600&u_h=1200&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&frm=0&tiba=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNKVQIDDKJEvoykMAOTkv4RiYkE23gKg&random=971048836&rmt_tld=1&ipr=y Requested by Host: forums.malwarebytes.com URL: https://forums.malwarebytes.com/topic/208032-pupoptionalproductsetup/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 54 B	15ms 14ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=45je3b11v872204243&_p=1699239594513&gcd=11l1l1l1l1&cid=667556784.1699239595&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&sid=1699239595&sct=1&seg=0&dt=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&en=Demandbase_Event&_ee=1&epn.2=3628057&ep.3=Enterprise%20Business&ep.4=Energy%20%26%20Utilities&ep.5=Engie%20SA&ep.6=Engie%20SA&ep.7=Energy%20%26%20Utilities&ep.8=Electric%20Services&ep.9=Over%20%245B&ep.10=Enterprise&ep.11=Paris&ep.12=HE&ep.13=(Non-Company%20Visitor)&ep.14=(Non-Company%20Visitor)&ep.15=(Non-Company%20Visitor)&ep.16=(Non-Company%20Visitor)&ep.17=FR&ep.18=engie.com&epn.24=171474&ep.content_group=Consumer&_et=497&tfd=1686 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bg9s Show response tag-logger.demandbase.com/	0 419 B	149ms 115ms	XHR text/html	2600:9000:2490:fe00:1d:8d6d:3b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=yWLip1jATDKhfX7GAUgKCvO32GAPHZmhj42wtAJyn7_3iclr0aQsoQ==&api-version=v2 Requested by Host: scripts.demandbase.com URL: https://scripts.demandbase.com/HWyTnY16.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:fe00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers x-amz-version-id 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH date Sun, 05 Nov 2023 05:12:38 GMT via 1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 78438 x-amz-server-side-encryption AES256 x-cache Error from cloudfront content-length 0 last-modified Tue, 07 Mar 2023 20:47:02 GMT server AmazonS3 etag "d41d8cd98f00b204e9800998ecf8427e" vary Accept-Encoding content-type text/html access-control-allow-origin * accept-ranges bytes x-amz-cf-id uZkulv_kp_CixF3p71_LGFxm9CQn4uBnZZaTjY3qAOBA3s6ZxL2RSw==
GET H2	200	rum dsum-sec.casalemedia.com/ Frame E577 Redirect Chain https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1714964395&external_user_id=bb68f8f3-fbe7-4dbd-9684-1991655b76e5 https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1714964395&external_user_id=bb68f8f3-fbe7-4dbd-9684-1991655b76e5&C=1	43 B 335 B	18ms 17ms	Image image/gif	104.18.36.155 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1714964395&external_user_id=bb68f8f3-fbe7-4dbd-9684-1991655b76e5&C=1 Requested by Host: s.company-target.com URL: https://s.company-target.com/s/sync?exc=lr Protocol H2 Server 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNjK9qUiC8WV3X3ubXH5tIv1P0K29p1ZOubWv1EXWOtkiJgPv7RmFHax6zt925ji8kKUkKFDJZuXLpgGYpAIEGT3rJFRYWfB%2BX6TtSql496XvAmoo7PsepJFS5LzdYxww2TShw7SG30T3Q%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 821a1550eccb4dbd-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Mon, 06 Nov 2023 02:59:55 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0gWSejV1Ok3cNJFsGn9leVj4VvEAox3gOi%2BBgEgMDcF3dAzevNYVx6OgUrSG%2FwPE5IpZelWAwzec1LPyEwrHyr1YKGIkcAdx3IRyICb7WhhYnrI5Pl%2F%2FqhmlYh8RMJxqgVOc5cvr8VO7GQ%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" location /rum?cm_dsp_id=18&expiry=1714964395&external_user_id=bb68f8f3-fbe7-4dbd-9684-1991655b76e5&C=1 cache-control no-cache cf-ray 821a1550ccb64dbd-FRA alt-svc h3=":443"; ma=86400 content-length 0 expires 0
GET H2	200	sync partners.tremorhub.com/ Frame E577	43 B 394 B	372ms 96ms	Image image/gif	2600:1f18:612b:4232:49d0:4ff3:4475:6a5 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://partners.tremorhub.com/sync?UIDM=bb68f8f3-fbe7-4dbd-9684-1991655b76e5 Requested by Host: s.company-target.com URL: https://s.company-target.com/s/sync?exc=lr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:1f18:612b:4232:49d0:4ff3:4475:6a5 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software nginx / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers p3p CP='This is not a P3P policy. See https://telaria.com/privacy-policy/' date Mon, 06 Nov 2023 02:59:55 GMT server nginx content-type image/gif
GET H/1.1	204 No Content	tap.php pixel.rubiconproject.com/ Frame E577	0 239 B	67ms 8ms	Image image/gif	69.173.144.138 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?nid=5578&put=bb68f8f3-fbe7-4dbd-9684-1991655b76e5&v=1181926 Requested by Host: s.company-target.com URL: https://s.company-target.com/s/sync?exc=lr Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Content-Type image/gif Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate X-RPHost 4b510f0cc5fcbc9800016ef543086418 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	156ms 155ms	Script application/x-javascript	184.31.85.59 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-31-85-59.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Date Mon, 06 Nov 2023 02:59:55 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Content-Type application/x-javascript Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Wed, 14 Feb 2024 02:59:55 GMT
POST H/1.1	200 OK	visitWebPage 805-usg-300.mktoresp.com/webevents/	2 B 318 B	437ms 97ms	Ping text/plain	192.28.144.124 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://805-usg-300.mktoresp.com/webevents/visitWebPage?_mchNc=1699239595799&_mchCn=&_mchId=805-USG-300&_mchTk=_mch-malwarebytes.com-1699239595798-37947&_mchHo=forums.malwarebytes.com&_mchPo=&_mchRu=%2Ftopic%2F208032-pupoptionalproductsetup%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.144.124 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers Date Mon, 06 Nov 2023 02:59:56 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id 34a9da41-adfc-4ad3-9e41-8831c0dc0666
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 199 B	151ms 151ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept * Referer https://forums.malwarebytes.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 06 Nov 2023 02:59:56 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 87423A010A994251860E0F17BECF6680 Ref B: FRAEDGE1213 Ref C: 2023-11-06T02:59:56Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 access-control-allow-origin https://forums.malwarebytes.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYJcwyHsoOPwfOuFS3EyQ==
GET H2	200	customer_ip.jsp Show response www.upsellit.com/utility/	118 B 195 B	465ms 464ms	Script application/x-javascript	34.117.39.58 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://www.upsellit.com/utility/customer_ip.jsp?companyID=11657&si=5xseny_1699239596 Requested by Host: www.upsellit.com URL: https://www.upsellit.com/active/malwarebytes.jsp Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.39.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 58.39.117.34.bc.googleusercontent.com Software nginx / Resource Hash 91a21f6676ffbdcc18292a03ef7d95d195af3cdcf35d52831059a8906dbe315c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers date Mon, 06 Nov 2023 02:59:56 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 google server nginx content-type application/x-javascript;charset=ISO-8859-1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 118 expires Tue, 07 Nov 2023 02:59:56 GMT
POST H3	204	collect region1.analytics.google.com/g/	0 17 B	14ms 14ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=45je3b11v872204243z86688972&_p=1699239594513&gcd=11l1l1l1l1&cid=667556784.1699239595&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=3&dl=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F208032-pupoptionalproductsetup%2F&sid=1699239595&sct=1&seg=0&dt=PUP.Optional.ProductSetup%20-%20Resolved%20Malware%20Removal%20Logs%20-%20Malwarebytes%20Forums&en=demandbase_event&ep.content_group=Consumer&epn.demandbase_sid=3628057&ep.demandbase_company_name=Engie%20SA&ep.demandbase_industry=Energy%20%26%20Utilities&ep.demandbase_sub_industry=Electric%20Services&ep.demandbase_employee_range=Enterprise&ep.demandbase_revenue_range=Over%20%245B&ep.demandbase_audience=Enterprise%20Business&ep.demandbase_audience_segment=Energy%20%26%20Utilities&ep.demandbase_website=engie.com&ep.demandbase_city=Paris&ep.demandbase_state=&ep.demandbase_country_name=France&ep.demandbase_marketing_alias=Engie%20SA&epn.demandbase_employee_count=171474&ep.demandbase_account_type=&ep.demandbase_account_owner=&_et=5&tfd=6687 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://forums.malwarebytes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Response headers pragma no-cache date Mon, 06 Nov 2023 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://forums.malwarebytes.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.estore.malwarebytes.com

URL

https://www.estore.malwarebytes.com/proxydirectory/tags/445691266569/tag.js